Hacker News new | comments | show | ask | jobs | submit login
What It's Like to Get a National-Security Letter (newyorker.com)
111 points by vinhnx on June 29, 2013 | hide | past | web | favorite | 21 comments

Tell them to send me one. I'll print it in my blog. If everyone did that there'd be no more NSLs.

I've had similar thoughts. But then you think about how would your family get by, and then you (I) chicken out. But if _everyone_ really did...?

That is why it is always college students who take the chances; (see student protests of the 1960s and the Tiananmen Square protests in the late 1980s), like all young people they think they are immortal and they don't have any tangible and valuable assets yet like a job or a spouse.

That's very interesting but in the OP he couldn't tell anyone, which makes me wonder how many people would need access to stop the canary message being sent.

I can imagine NSL-like letters being sent directly to individuals to coerce/threaten them into handing over data, without the management/legal team ever knowing.

Of course, having such a canary message is likely better than not having it.

I wish I had more than one upvote to give you.

Have you passed this by a lawyer? Can the requirement to keep the NSLs secret be used to legally coerce you to lie?

Don't chicken out. It'd be a rare opportunity to do something good and strike back at the people who make this world a lot worse than it needs to be. Drake did the right thing, and although he was badly harmed, he doesn't regret it. The harm will fade away, but his feeling about himself will still be there.

I have no family and at my age (55) it's not a big deal. But then again I don't do anything that NSLs target.

"Six months before, we got a notice from the San Francisco F.B.I., saying they were going to give us a national-security letter [...] And we couldn’t figure out why they would say they were going to give us this letter! Kind of an odd thing to do [...] And they didn’t give us one, not at that time. It was later that they did."

This is a fascinating glimpse into the logistical aspects. Either the FBI was trolling to see if they'd roll over easily, or they were baiting them into some kind of reaction. I wonder what would have happened had they gone super public with their "we plan on NSLing you" notification?


Do you encrypt all your own e-mail, as a result of this stuff?

No, that’s really hard.

TWiT had a decent show on how to encrypt your e-mail with Mailvelope (Chrome/FF extension) and also with Thunderbird/Enigmail:


The hard part isn't the encryption, it's making sure everyone has everyone elses public key and nobdy loses their private key, otherwise the average person will see it as too much bother and just won't do it.

It would help if we had popular services create databases with people's public keys. Like let's say Gmail would allow you to search for your friend's public key, or you could find it in their profile, and you'd be able to easily import it in whatever PGP app you're using.

Of course that implies these services to actually care about security for their users this much. There are a ton of things major companies could to do make end-to-end encryption mainstream and popular. The problem is they have no interest in doing it, and not enough people are asking them to do it.

But I'd like to think that in a Post-PRISM world where nothing changes at the government level, there would be more services popping up and offering these "features". It's what competition is supposed to do.

The searching is part of the problem, it's just too much effort.

Build checking whether a public key is available via the STMP servers, do it transparently with designated trusted pub key repos much like browsers have trusted CAs or something along the lines of dns.

Problem still stands, lose your pub key, all mail signed with it is lost to you and people will complain. You could offer a service that allows folks to store and retrive the pub key, but that kinda misses the point because anyone who stores that info can hand it over to the NSA et all.

Other problem with this is the .GOV could MITM this service, give you a fake pub key, read the mail, then resign with read pub key and send it on. You need your mail client to actually register the pub key on first send and hope you weren't always being intercepted from the start, and give you a warning when the key changes.

No way that general encryption of personal, non-financial data would remain legal long after this became the norm. These syping programs are more invasive than outlawing encryption.

I wonder how many black hats are using fake NSLs.

In case you haven't noticed, many US govt employees are the blackhats.

Torture, disappearances, indefinite secret imprisonment without trial or access to lawyers or medical care, inflitration and mass arrests of people participating in nonviolent protest, agent provacateurs, lying to the congress, spying on virtually everyone, giving retroactive immunity to and pardoning criminal lackeys, and mass murder on a scale the Taliban couldn't achieve in their wildest dreams.

These are not the actions of "whitehats" or "good guys", no matter what the lapdog media and corrupt, self-serving politicians may tell you.

Another piece of advise would be to never collect data you don't want to give out later.

Marco has talked about this (on a podcast I think, 5by5 build and analyze) although his reasoning was to do with feeling dirty collecting personal data and (I think) removing the possibility of it coming out via a bug or hack or such like. Different reasons but the end effect is the same.

The article is low on content. More useful info is here:


God damn I so tired of this all.

“I did go home that night and over dinner with my family, I said, “Ask me what it was I did today, and remember my answer.” So my son, who was, I don’t know, nine, or something like that, asked me, “Daddy, what did you do today?” And I said, “I can’t tell you.” That was the only thing I said, and then months and months and months went by.

Just so utterly defeatingly unacceptable. This is not my America.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact