Hacker News new | comments | show | ask | jobs | submit login
The Criminal N.S.A. (nytimes.com)
552 points by guelo 1429 days ago | hide | past | web | 106 comments | favorite



Here's the thing. If file-sharers have the right to anonymous speech, what does that say about everyone being spied upon by the NSA?

http://torrentfreak.com/file-sharers-have-right-to-anonymous...

I'm starting to think more and more that beyond this being a US Constitution issue, it's a human rights issue, and we should fight to ban all such spying internationally. Yes, I realize how hard that that may be to achieve, and how long it would probably take, but we need to do it because it's the right thing for humanity, not because it's easy or hard, just like everyone is fighting for gay marriage all over the world, and have fought for free speech, and so on.


We should be doing this. The United States' organic law is based on natural rights. Defined as the innate right to life, liberty and the pursuit of happiness. Our rights do not come from the Bill of Rights. If the US repealed or diminished the Fourth Amendment then we'd have the Right of Revolution to alter or abolish said government based on the organic law. (Many people will disagree with this saying the US organic law has no constitutional force.)

Every human being has the natural right to privacy regardless if they are a US citizen. It's sad and ironic that the US Government claims that foreigners have no natural rights. There should be a global agreement where countries respect the innate rights of all human beings and if not, are punished.

This is the worst aspect of globalization -- the refutation of "sacred and undeniable" rights.


Who would punish governments for violating innate natural law, if not the people from whom they derive the power to govern?

This is just a corollary of what Niemöller said, http://en.wikipedia.org/wiki/First_they_came...


UNIVERSAL DECLARATION OF HUMAN RIGHTS - Article 12.

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

http://www.un.org/en/documents/udhr/index.shtml#a12


Unfortunately the Universal Declaration of Human Rights is only univeral in so far as it's universally ignored whenever that happens to be convenient.

I would be truly surprised if there is any country that does follow through on all human rights. The US especially probably breaks more human rights than any other first world country by a significant margin.


How about we popularize encryption, and take the choice out of the hands of corporations and governments?


That would be helpful but ultimately will not address this as it needs to be made clear to governments that they are not welcome in our private lives except under cover of a specific investigation and public warrant. Encryption would be helpful but if the government compels your email provider to hand over your stored emails or just email headers they can still get a lot of information about you even if you always use encryption to send/receive and try to encrypt content that you send. Even just your IP logs tell a tale of your location potentially over your entire life.

In addition to things you control there are many sources of metadata (phone records, bank records, online services, shopping records, web searches/visits, forum comments, unencrypted emails from companies and others) which are really intrusive if made public in aggregate, and with the recent assertion by the US administration that all these records have no expectation of privacy (because you shared them with someone or a company), encrypting just your emails will seem like a hollow victory when the government can collate and analyse all of your activity, online and anything offline which leaves a digital trail, for your entire life.

I do wonder whether the coming of age of a new generation, and the discovery of this widespread invasion of privacy in the name of fighting terror, will erode still further the allegiance to national governments we still feel and lead to supra-national collectives on the internet having more and more sway in our lives. After the hubristic actions of our governments and their pretentions to omniscience about our lives ('mastering the internet', 'total information awareness' etc), our interests as citizens seem to me much closer aligned with other users on the internet and far less aligned with either corporate or national interests.


Encryption would be helpful but if the government compels your email provider to hand over your stored emails or just email headers they can still get a lot of information about you

Exactly, this the line that the government has currently been using, that they only store "metadata" about communications and not the messages themselves, so encryption would no real difference.


That isn't a sufficient solution. These spying programs are the beginnings of totalitarism. They have to be repealed.


Beginning? You guys do really think you are free lol? Just because you can choose one of gazillion same bubble gums is not freedom! Try to change important things (like your government) and you will see that you already live in tyranny.

P.S. Intended to be brutal, think about it.


I don't entirely disagree with you. (I am not from the US, by the way). The developments in the US when it comes to justice, liberty and surveilance frighten me. From my point of view, the United States is fullfilling more and more of the requirements of a totalitarian regime.

I should probably be keeping my mouth shut regarding my opinions on US politics, since I'm visiting in a few months. Would be embarrassing to be confronted with this stuff at the border.


That's why I did this;

https://github.com/etherael/phoneme

It's not perfect, but I think the first step to widespread crypto adoption is getting people accustomed to the workflow of fully encrypted email. Phoneme + mailvelope is not a huge jump from the current gmail experience and just that initial taste might be enough to get more people on the right track.


Cool project, you seem talented... I'm just a bit confused here.

If we basically know several governments already have copies of your historical gmails, and you're not securing the incoming channel (which we basically know has a beam splitter on it), what good does encrypting the historical files do?


We don't know for certain that several governments have archived stored copies of all cloud based email in existence, it's hazy as to what they do and do not have access to, what isn't hazy is that they have the right to demand the content of any given gmail account with effectively zero recourse available.

The very fact that they actually do make these demands indicates on balance of probability, they don't actually just have an archived permanent copy of the content of every gmail account in existence. Why ask for what you already have?

Of course, that's an assumption and it may be incorrect. However on the downside if it is incorrect, you're back in the exact same position you started in and you've lost nothing anyway. And as previously stated, it might get people in the habit of understanding how PGP works if mailvelope and products like it see wider adoption.

In a network of correspondents where everyone is running something similar to mailvelope + phoneme, it becomes an obvious thing to do to simply implement proper end to end PGP, so I also hope it might be a solution to the chicken and egg problem which has plagued PGP deployment for so long.

It can never hurt to fight, even if you might lose, especially when if you don't fight, you'll definitely lose.


While I agree with the sentiments, Google most likely does not delete the unencrypted mail, so even if the government hasn't stored the content of the mail they will just request copies of all your deleted mail too.

Certainly going forward it would be a good thing to do, but really (as you say) end to end encryption is required. It's a shame Hushmail was compromised [1], this is the type of thing if it was built into GMail would push encryption to the masses - I realise it's not in Google's interest or business model though.

With the smart phones being SUCH an integrated part of our lives now, this also makes it VERY difficult to keep your email with you on the go since the mailvelope plugin is only desktop based.

Shame. We have the tools, I hope we get better integration soon.

[1] http://en.wikipedia.org/wiki/Hushmail#Compromises_to_email_p...


once again on the "most likely" front, it's possible, sure, but according to their own statements, they do actually delete it when you delete it;

http://www.smartplanet.com/blog/thinking-tech/does-8220delet...

http://productforums.google.com/forum/#!topic/gmail/QZh2Ce75...

Note response; Unfortunately, once you have permanently deleted a message from Trash or Spam using "Delete forever," it cannot be recovered. Google complies with data privacy legislation. As a result, our systems are configured in a way that it is infeasible to restore user-deleted data.

Sure, they could be lying, but they could also be telling the truth, and if we assume they are then there is an advantage in keeping a fully encrypted store rather than plaintext. Google has given us no reason to believe that they are directly untrustworthy unless they are actively compelled by law to act in user hostile fashion, and they do not seem to enjoy it.

Personally I'm far more concerned about the state as a hostile entity than Google.

> With the smart phones being SUCH an integrated part of our lives now, this also makes it VERY difficult to keep your email with you on the go since the mailvelope plugin is only desktop based.

I make reference to this on the project page, there's APG which is PGP for android, makes reading / writing / signing PGP possible on mobile http://www.thialfihar.org/projects/apg/.

> Shame. We have the tools, I hope we get better integration soon.

I hope the same, I kind of see this as pushing the issue, we'll see where it goes.


Ok, let's err on the side of Google for now (although, still not sure I can fully trust them, esp with all this news).

Still, great work and thanks for the additional info. Here's to hoping one day EVERYTHING will be encrypted by default!


I was hoping someone far more talented than me would write a browser plugin that would encrypt everything I type in a TEXTAREA with GPG, and then prompt me for a list of friends I'd like to have read that text.

Everything, from Facebook to Gmail, would be encrypted that way. And I would be in control of the list of people that could read that text.


This is a solved problem, including the problem that you're haven't anticipated, which is the helpful "autosave" of drafts.

http://www.emacswiki.org/emacs/Edit_with_Emacs

I'm sure something similar exists for vi, sublime, etc., but emacs (of course) has great gpg support (http://www.emacswiki.org/emacs/EasyPG).

This moves the burden to your local machine, which, while not guaranteeing privacy, helps reduce the amount of data that you're just handing to the bastards.


Hardly solved. I want it to be so simple the average Facebook user will want to use it.

Emacs hardly fits that bill. Nor does popping up any other editor I think.

I would just like to use the native browser interface and right before doing a POST, have the browser do a pop up and ask me which of my friends I would like to share the text with.


Also, there is the decription part. The browser would need to auto-decrypt on the fly all the encrypted messages that are meant for your eyes only. Without asking for a password every time. And without having to open a new application. Rendering pages might prove difficult, as the page can only be rendered properly after decription.


Just a small quibble, if you're typing in the textarea the website or any other extensions you have in your browser could spy on the plaintext as it is being typed. A secure browser extension would have to call an external program, let you type and encrypt your message in there, and then deposit the encrypted message back into the textarea.


Wouldn't you have to encrypt the text repeatedly, once for each recipient?


gpg handles this natively.

http://www.gnupg.org/gph/en/manual.html#AEN111

"multiparty encryption" is what you're looking for.


Is that supposed to be read as "phone me" or "phoneme"?



I agree with this but why not take it a step further? We're hackers, working on tools/applications that facilitate the transfer of information - why don't we implement encryption from the get-go? There wouldn't be a need to 'popularize' something exists by default.

GnuPG/PGP are fairly trivial to implement; here's some apps that are ripe for production:

- Messaging application that exchanges public keys on first contact, and henceforth every back and forth message is encrypted/decrypted without the user ever knowing

- An email client that works on the same basis as the messaging application; the user doesn't need to know - they just wanted their messages sent securely.

^^ Thats probably 90% of the uses cases for the average joe covered.


Governments can still gather the metadata of encrypted emails. Both PGP and S/MIME do not encrypt the subject line, sender or recipient addresses.

To use encrypted email and hide the subject line, you need to not use it (just say "Encrypted email") or something. This cannot be made automatic without impacting UX.

The To: header fundamentally cannot be removed. The sender can be inferred from the account within the email provider supplying the Government's feed.

I like the idea for MUAs to automatically encrypt after a mutual automatic key exchange though. I think PGP would be more suitable for this (no CAs required). Is there a standard email header that advertises "you can reply back to me with a PGP encrypted email encrypted to key ID X and I'll be able to read it automatically"? If not, somebody should propose one. Public keyservers exist so I see no reason a simple header like this wouldn't suffice. The rest is MUA implementation.


> Governments can still gather the metadata of encrypted emails.

True, but don't throw out the baby with the bathwater right away. I know metadata is at least as sensitive as the actual content, but you need to pick your battles. If we get people to widely use GPG to encrypt the content of their emails, that is already a huge win. Why? Because they're now using a public/private key infrastructure. And as you are probably well aware, as soon as everyone involved has secure private keys, implementing all sorts of nifty crypto strategies to hide pretty much whatever you want, is just a matter of adding protocols. And that can be done pretty transparently, if only the intended users would already be using keypairs for identity management. So, IMO, even if just encrypting the content is not quite complete privacy, it's a great step on the way to getting there.

The other way around, hiding the metadata first, or perhaps both at the same time, seem a lot harder to accomplish widely.

So even if you're technically right, getting the public in the habit of using GPG, is not a waste of time, it's just that for some crazy reason common usage of strong crypto is so far behind the times they are going to need several steps to catch up with technology.

> Is there a standard email header that advertises "you can reply back to me with a PGP encrypted email encrypted to key ID X and I'll be able to read it automatically"? If not, somebody should propose one. Public keyservers exist so I see no reason a simple header like this wouldn't suffice.

that's a great idea. anyone know if something like this does not already exist?

(and I'm not entirely sure if those key-ID's are sufficiently unique and/or secure, but you can put more then just the ID in such a header to fix that)


> I know metadata is at least as sensitive as the actual content, but you need to pick your battles. If we get people to widely use GPG to encrypt the content of their emails, that is already a huge win. Why? Because they're now using a public/private key infrastructure. And as you are probably well aware, as soon as everyone involved has secure private keys, implementing all sorts of nifty crypto strategies to hide pretty much whatever you want, is just a matter of adding protocols. And that can be done pretty transparently, if only the intended users would already be using keypairs for identity management. So, IMO, even if just encrypting the content is not quite complete privacy, it's a great step on the way to getting there.

True, but key-pairs pretty much cryptographically ties a real person to an online identity, and so that makes meta-data more valuable, and makes "give us your keys or go to jail laws" more scary.


A PGP key is generally tied to an email address. So autogenerating PGP keys per-email-address surely doesn't tie anything to a real identity any more than an email address already does?


but you can make as many keypairs as you want or need. just like the circles in G+, except with privacy :)


> I know metadata is at least as sensitive as the actual content, but you need to pick your battles.

So, picking the metadata battle:

Its straightforward from the command line to email crypto-content to your desired addressee while emailing(spamming?) to a few more auto-generated others. These newly(if functional) spammed others would value your contact, as it provides them with a participating valid email account, so `spamee' can now also `shotgun' emails to more addressees further obfuscating his intended addressee(s). If this became popular, universal, The graph of all our email metadata (nodes?) becomes chaotic.

The timestamp metadata? Send to subset random sampled addressees over set random offset ranges.

The SUBJECT: header could be automated to filter through all this new junkmail.

What else, hmmmmnnn...


> If we get people to widely use GPG to encrypt the content of their emails, that is already a huge win.

Sure. Completely agree.

> (and I'm not entirely sure if those key-ID's are sufficiently unique and/or secure, but you can put more then just the ID in such a header to fix that)

Note that a key ID is just the last characters of the fingerprint. If you want a more secure key ID, just use a longer piece of the fingerprint (which is a valid longer form of key ID that gpg will Just Work with).


> Note that a key ID is just the last characters of the fingerprint. If you want a more secure key ID, just use a longer piece of the fingerprint (which is a valid longer form of key ID that gpg will Just Work with).

cool, I was hoping it would work something like that :)


> and I'm not entirely sure if those key-ID's are sufficiently unique and/or secure

They aren't: http://www.asheesh.org/note/debian/short-key-ids-are-bad-new...


Short key IDs aren't. Just use longer ones. No format or protocol change is required.


Cypherpunks have already created a solution, http://mixmaster.sourceforge.net/ and similar remailers, but similar technology needs to be incorporated into easIEST to use tools.


You can't do almost all of the things (facebook, gmail, etc) that the public has become very accustomed to and relies on as everyday conveniences with end to end encryption. Perhaps with some massive backing of major corporations and decades long education efforts you could make a little headway into surveillance-proofing all communications


How do we do that when people don't care about privacy?


By making the solutions so simple that they pick them because they don't care either way, but make it slightly more annoying for people still on non-end-to-end crypto services to communicate with those who are.

If there's enough people who care, then hopefully network effects would slowly take care of the rest.


> How do we do that when people don't care about privacy?

the same way governments / politicians / mass media do it: you make them care.

it's a sad fact of humanity that most people will care about whatever they are told to care about, or rather, whatever their peers are perceived to care about.

right now there is a window of opportunity for privacy to stand in the public eye's spotlight, fighting a (very real) fight against the encroaching forces of totalitarianism.

you ask what to do. how about anything you see an opportunity to. educate your friends about privacy, about what is going on, about what the dangers of surveillance are[0], or perhaps educate yourself about using GPG, get the hang of it together with a few other techie friends, so that you can explain it to more people (because it's really not that complex, if someone walks you through it), if you have a brilliant idea write some code, etc. and also, delete Facebook?

[0] http://www.reddit.com/r/changemyview/comments/1fv4r6/i_belie...


If there's any time to do it, it would be now while it's such a big issue.


[deleted]


It does not need to be a 100% solution. If you want to disrupt the NSA effectively gathering information effortlessly then popularizing encryption can go a long way of doing that regardless of the existing methods of getting around it.


Do both :)


> No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

> Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.

https://www.un.org/en/documents/udhr/


> file-sharers have the right to anonymous speech

This is an inaccurate distraction in your comment.


The public is not acquiescing in surveillance. It is simply rare for the mainstream media to report on this critically (or at all -- note the lack of front-page coverage of this story in the New York Times), an appalling development given the extension of this surveillance apparatus to targeting journalists.

With that in mind, it is worth noting that the two authors of this piece are NOT professional journalists, although what they report could and should easily have been put together by actual staffers.


> note the lack of front-page coverage of this story in the New York Times

NYT front page on June 20, 22, 24, 25, 26 -- five out of the past 7 days. Plus a front page mention on June 23. I know you don't mean your comment literally, but I think there's been a lot of coverage. There's some criticism that the stories of late tend to focus more on Snowden, but his part of the story is the only thing that's had material developments in the past week.

http://www.nytimes.com/images/2013/06/26/nytfrontpage/scan.p... (et al)


Thanks for the check. I was actually looking at the online version, and checking the prominent stories. I agree that the where-is-Snowden story is getting some coverage, but even there the selection and tone of the materials support the administration.

Does the lack of new information from the US government mean that there are no new "material developments" in the story? Considering the damaging revelations in these leaks (misleading congressional testimony? private contractors with access to dragnet surveillance systems?), it is not plausible to claim there is no investigative journalism to do. That it has taken two outsiders to write a piece sensibly critical of the administration and unconstitutionality of data-vacuuming is utterly damning.


> - note the lack of front-page coverage of this story in the New York Times

1. As of right now, the story is linked to on the front page in the Opinion box since this is an opinion piece and not a news piece. If you want opinion as news, I refer you to Fox News or Buzzfeed or Upworthy.

2. The story of the NSA surveillance was front page on the NY Times when it broke and for about a week or two after.

3. The Mainstream media has been reporting on this consistently, both on the Snowden drama and the actual substance of his leaks.

It's sad to see both longer-time and newer users running around with this chicken little reddit-level bullshit. The mods seem to be complicit in it so oh well. The upside is that I waste less time here.


> If you want opinion as news, I refer you to Fox News or Buzzfeed or Upworthy.

All "news" is someone's, or a group of someones, opinion. There's no such thing as objective journalism.

> chicken little reddit-level bullshit

It's only been a couple of weeks since people became aware that the largest spy agency in the world is spying on pretty much anything they can get a bead on.

Perhaps cutting people some slack until 24/7 surveillance becomes the New Normal might be in order?


In my opinion, there is about a 30 minute wait on the I9, and now in sports news, in my opinion the raiders beat the muskrats last night.... etc.

There is definitely such a thing as reporting the facts, and just because there are levels of opinion doesn't mean that all outlets of journalism are somehow comparable. Fox News != Anyone with credibility.


> Fox News != Anyone with credibility.

There are very few mainstream sources that have a shred of credibility left. I see little qualitative difference between Fox and CNN, for instance. They only differ in style and delivery but their main entrees are still lies and rubberstamped government press releases.


Yes, but even the choice of facts expresses an opinion.

I could report how many murders were caused by black people, how many robberies by mexicans, and how much drugs by asians, Then how many illegal immigrants entered the country this month.

All fact, no opinion?


He anticipated this point and explicitly acknowledged there are levels of opinion.


Nobody is claiming all news is objective. I also think that the constant claims about 'msm' 'ignoring' important stories is annoying, incorrect and in fact distracting from the proper discussion to be had.

There is in fact a very distinct difference between opinion articles and 'proper' news articles. You see, journalism is not a claim to objective truth, but a procedure aimed at achieving a minimum level of validity where it comes to events. When you read a news article, you should (to some extent) be able to trust its contents on the merits of the journalistic method. Whereas with an opinion piece, it's not bound by this procedure. Note - nobody is arguing 'absolute objectivity' here. It's a matter of trust in a procedure. Of course, it's fine to distrust the journalistic method, to not see it as absolute truth, but to deny or entirely dismiss the distinction is annoyingly daft.

Also, afaik, this story is still everywhere. If you want it to remain that way, start working for change - newspapers report on events, not 'the truth'. Make events happen, and it stays in the cycle.


> I also think that the constant claims about 'msm' 'ignoring' important stories is annoying, incorrect and in fact distracting from the proper discussion to be had.

You're welcome to your opinion.


Just because they're all grey doesn't mean there aren't significant differences in the shade.


The Times puts plenty of opinion on the front page. It just does so obliquely. I can't forget their headline for the IRS scandal: "I.R.S. Scandal Gives G.O.P. Issue to Seize On", as if the politicization of the government's taxing power were only regretful to the extent that it might slow down the Democratic Party's policy agenda.


As if that was the only headline or angle the NY Times displayed on the front page about that story as that story evolved.

C'mon man.


Do you think that's an appropriate headline for the breaking front-page story about the scandal for an ostensibly objective news organization?


You'd be surprised how many people follow politics as if it were sports. The politic tactics surrounding the story are an angle that their readers are interested in, and they have real consequences as well. I think you'd have to consider all their coverage of the story as a whole to analyze their slant (which is Democratic, of course.)


No, I don't think that would be an appropriate headline in that case. But that is somewhat of a red herring/straw man since I am sincerely doubtful that was the first headline they put up. More likely that came a day or two after the story broke. And in that case, it would be appropriate.


That's a headline from Sunday May 12th, which I believe is the first story on it in the Times. The information first came to light at a press conference by Lois Lerner on May 10th and I don't see another NY Times article sandwiched between the dates. The headline did not go unremarked in conservative media[1].

There is no doubt in my mind which team the NY Times is batting for.

[1]http://twitchy.com/2013/05/13/thats-the-story-jaw-dropping-n...


Thank you for that interjection of sanity.


If you need a sanity check, visit the Internet Archive:

http://web.archive.org/web/*/nytimes.com

The last time this story was front page news for the NYT was June 23, when they reported on Hong Kong officials letting Snowden go. On June 22 they reported on Snowden being officially charged. And prior to that on June 20, when there was a story about the "complex reality" of Silicon Valley. All of these stories are sympathetic in tone and focus to the administration. Is anyone really going to characterize them as hard-hitting investigative reporting on the substance of the allegations?

There is no lack of investigative reporting that could be done on this story (most obvious question: did Congress intend to authorize warrantless dragnet surveillance), some of which is happening elsewhere, making it hardly a paranoid leap to point out that NYT coverage has been muted and uncritical at best.


Well, how dare they not put him on the front page as often as you would like. And I suppose because your analysis stops on June 20 I'm supposed to forget any reporting that they did on him in the weeks prior.


I would personally prefer they stopped feeding the Snowden soap opera and focused instead on meaningful policy and governance questions, such as:

* did Congress intend to authorize warrantless surveillance when it passed the legislation being used by the NSA to justify its current policies and wrap them in a cloak of legality?

* which of the leaked materials w/r/t NSA surveillance can and should be considered highly-classified? What is the national security justification for keeping these materials out of public view?

* if Snowden was in a position of administrative privilege that gave him access to highly-sensitive materials without reasonable oversight, why was he employed by a private-sector company? What are the implications of this for FOIA requests, administrative costs, government transparency and checks against potential abuse? (seriously... what on earth is B.A. doing in this story?)

* do the stories released by the NSA to justify warrantless surveillance really justify the actions taken in the light of the law? i.e. is stopping a cab driver from sending 8k to Somalia really the sort of urgent and time-sensitive national security concern that should preclude the government from spending a day or two to get a targeted warrant?

Regardless of whether we agree or disagree on what a reasonable person would conclude on these questions, it seems self-evident that these questions are much more important than most of what the NYT has treated as front-page news on the subject matter.


If you want 'critical' reporting, I highly recommend Rachel Maddow or Bill O'Reilly or Keith Olberman or Glenn Beck. Pick whichever flavor you want.


The blowback from this mess could very soon be more severe than everyone might think. I expect several foreign countries to ban American tech company operations in their jurisdictions.

The bans in the foreign nations could easily stem from foreign business owners pressuring their politicians to ban American-operated companies under the guise of national security, privacy, and anti-American-power-mongering, but their real motivation will be to gain market share. Their politicians can easily make it into a win-win for everyone involved - the politicians (campaign contributions), the local businesses (market share), and the population, who wouldn't mind seeing a global anti-America movement.


Thou doth jest. Most western countries are lap-dogs to the US, and almost certainly exchange spying data with the US so that they don't breach their own privacy laws. This will have little impact with US allies.


Even if the intelligence governmental agencies exchange that in the US (and many certainly do), that doesn't mean they can't impose rules on businesses (expanding the privacy laws you mention) and other state entities to avoid using US tech services.

Sure it'd be hypocritical, but when did that stop anyone?


Especially because there's been past concerns about US intelligence passing sensitive data to US companies to help them win contracts.

There's bound to be a lot of high level execs at European companies whispering in their governments ears at the moment about how this is putting them at a substantial disadvantage, whether or not they believe it to be true.


> I expect several foreign countries to ban American tech company operations

That will probably not happen.

But what will happen, and have a small but ultimately significant effect, is that American companies will lose some contracts, by the narrowest of margins in a decision... contracts they would otherwise have won by a narrowest of margins... due to the fallout from the NSA surveillance scandal.


Please talk to people who lived under oppresive regimes (former Eastern Block) and see for yourself what it meant to live in a society of paranoia, snitching, informants, secret service, fake patriotism etc.. embedded IN every aspect of social life (work, neighbours EVEN families).

Americans can't grasp this because they never experienced it, that's why you need to talk to people who did, otherwise your children will be sorry.


Is it possible for Americans to file a class action suit over a top secret government surveillance program? I feel like we all have standing at least.


It has already happened.


The courts would rightly reject it as a political matter.


When I object to the government breaking the law against me, it's not "a political matter" - indeed, usually the courts are the appropriate venue.


You're not in a position to make that determination, and the judicial branch has traditionally taken a different view of this from yours. The question was whether people could sue, not whether they should be able to.

http://en.wikipedia.org/wiki/Political_question


How are you construing an unconstitutional surveillance program as a political question?

I don't see how any of the Court Cases listed on the wikipedia article are relevant. These all seem to relate to truly political things, like which branch has what authority, or how districts are apportioned. The article only cites 5 areas the courts have clear precedent on - wars, treaties, gerrymandering, impeachment, as well as the Guarantee clause. The Guarantee clause relates to Article 4 though, not Amendment 4.

If we are construing this NSA wire-tapping as a war power, then we're in trouble, because we have now effectively agreed the written words of the Patriot Act have no meaning, and the constitution will never be applied uniformly to the executive.


I'm not all that sure it is unconstitutional, for one thing - aren't you begging the question here? And on a more general level, shouldn't you be considering precedent on justiciability, rather than basing your whole argument on your personal opinion of the waht the constitution means?

I might note in asssing that I favor a constitutional amendment that would create an explicit right to privacy; I'm not in favor of a surveillance state. But that doesn't alter my skepticism about how a class action lawsuit would actually fare in the courts.


FISA courts may be unconstitutional, as in they don't satisfy the requirements for Article III courts, and FISA courts are the only valve on this behavior (such as they are). Congress is only told what is going on, and not very much (and to very few members) at that.


>I'm not all that sure it is unconstitutional

And you know who the perfect people to decide that would be? Judges. In a court of law. Since that's one of their main job functions.


As I have pointed out numerous times over the last few weeks, my belief is that they made that determination in 1979, in Smith v Maryland.


Please explain to me how a "constitutional amendment creating an explicit right to privacy" would do fuck all if the only body that assesses constitutionality won't allow us to complain when that right is breached.


You're allowed to complain, but they may not agree that your complaint has any merit. You don't seem like the sort of person who's into changing their mind though, so I don't really know what to tell you. You could try checking out some books on Constitutional law from the library to get a better understanding of how this works.


You did not address my point. "It won't happen because the court does not believe you have any rights that have been violated" is something that can be fixed by a constitutional amendment granting an explicit right to privacy, but seems to me a different claim than "it's just politics," and the court has supported a right to privacy in the past (though it's complicated). Obviously, the court may or may not consider us to have a right to privacy, may not consider the right to extend that far, &c, &c. Those still seem qualitatively different than what you'd lead with. What am I actually missing?

I fucking love changing my mind, but it takes actually convincing me, not simply argument from authority without even any credentials given. "Go read a bunch of books" is bad form (doubly so with no particular recommendations) - I have plenty on my reading list as it stands.


It looks like "lack of judicially discoverable and manageable standards for resolving it" doesn't apply here. The 4th amendment clearly applies to the question of whether the government should be recording your mother's phone calls.


Read Smith v. Maryland and get back to me. The issue of standing is more complex, and lies along a philosophical fault line about the role of the judiciary; I refer you to this law review article for an overview of those issues: http://scholarship.law.berkeley.edu/cgi/viewcontent.cgi?arti...


For call metadata, the pen register comparison might fly. If they are storing content, as is likely, it won't.

The beginning of the article on standing does raise questions I hadn't thought about. How would you decide the penalty for something with the potential for abuse? Just because the NSA is storing the largest ever collection of personal info with potential for blackmail, election skullduggery, stalking, identity theft, etc. doesn't mean that those things would happen. If all their data centers were hit by EMPs tomorrow, there may be no injury.

It would seem that when information which would indicate standing is itself concealed, though, that the threshold should be lower. Eh, I'll keep reading.


I'm thinking of the metadata, yes. I'm not convinced yet about the content allegations, and I suspect (but have not researched) that the point if illegality is when people start listening to them without a warrant rather than when they're merely stored.


That is certainly what the NSA seems to be claiming, and coincidentally it is the most convenient interpretation for them. But it seems highly bogus to me. Has the RIAA ever worried about whether downloaders actually listened to the contents of EnterSandman.rar?

More worrying, the NSA could abuse this by listening to whatever they liked, then getting information by other means, then lying about listening. And we certainly already know that the NSA is capable of lying and willing to do so.


"...The two programs violate both the letter and the spirit of federal law."

"We may never know all the details of the mass surveillance programs, but we know this: The administration has justified them through abuse of language, intentional evasion of statutory protections, secret, unreviewable investigative procedures and constitutional arguments that make a mockery of the government’s professed concern with protecting Americans’ privacy. It’s time to call the N.S.A.’s mass surveillance programs what they are: criminal."

Fatal bug throughout the whole `stack'?

Are these lawyered authors actually telling us the rudder is gone and the entire hull rotten?


The whole thing as implemented now definitely needs better accountability and oversight to call it a program that befits the public service. But I don't know about the rudder being gone (or what you mean by that exactly).


Well gudgeon-ed and pintel-ed teak rudder:

Respect for civilization's eye's covered verdigris bronze lady holding up scales.


"Let’s turn to Prism: the streamlined, electronic seizure of communications from Internet companies." OK, good so far, PRISM does indeed streamline and automate the process...

"... Prism is further proof that the agency is collecting vast amounts of e-mails and other messages — including communications to, from and between Americans."

??? PRISM was the one thing I stopped being worried about as soon as I figured out what it was. The government has always been able to subpoena a third-party for records pursuant to an actual investigation, and even Google seemed to be satisfied with the idea that specific PRISM requests have been legal (even if they forced NSA to get a real warrant first).

Other things may indicate NSA is hoovering emails like a Mob boss hoovering blow but PRISM isn't one of them. PRISM has to be turned on to acquire data, unlike other NSA SIGINT this one's not actually magic.

I'm kind of disappointed by the opinion piece because if they only took efforts to be factual they would probably be able to make a much more persuasive case (e.g. by bringing up Carnivore or 641A-style data interception instead of a system that queries specific individual users one-at-a-time).


So from Wikipedia, Boundless Informant uses 504 separate DNR (electronic surveillance program records) and DNI (metadata) collection sources known as SIGADs. In a 30-day period, they collected 3 billion data elements from within the US from these SIGADS.

And the PRISM document says it is the "the number one source of raw intelligence used for NSA analytic reports". Doesn't that mean that PRISM is the majority source of those 3 billion data elements?

And why did Page, Zuckerberg and Apple say they never heard of PRISM? Perhaps I am wrong but it's somewhat confusing!


If 2.999 billion elements never make it into those analytic reports then it may very well be possible that of the remainder that manual systems like PRISM end up being the majority source. As you note, there are hundreds of SIGADs, of which PRISM is just one.

> And why did Page, Zuckerberg and Apple say they never heard of PRISM?

Because PRISM is the name for the NSA end of that service and associated data tools. The company end of that service would be whatever they called the system they use for FISA warrant/NSL compliance.


HN's own PRISM apologist. You haven't figured out what PRISM is, you don't have a clue. But when, otherwise very conservative (by this I mean "less likely to fly off the handle") individuals start getting up in arms, you should realize this is probably a big deal. But then, you probably do realize it.


It's criminal and people should go to prison. When we talk about locking people up forever because they're a threat to society, I can't think of a better example than this.


Take a gander at David Addington:

http://froomkin.tumblr.com/post/54026897885


Yes, it is time to call the N.S.A.’s mass surveillance programs what they are: Both criminal - and a betrayal of the people of the United States of America.


This post makes a similar argument to my blog post[1] from earlier this week - that PRISM is simply criminal - although my analysis focused on why this made Snowden immune to charges as a whistleblower.

I agree that it's time to take the US government to task over this. How does that happen? A civil suit, a private prosecution?

[1] http://joe-jordan.co.uk/blog/2013/06/tinker-tailor-whistlebl... (hacker news comments: https://news.ycombinator.com/item?id=5945185 )


Well said.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: