Hacker News new | comments | show | ask | jobs | submit login
U.S. Postal Service Logging All Mail for Law Enforcement (nytimes.com)
497 points by rdp 1361 days ago | hide | past | web | 237 comments | favorite

About seven years ago, I was at a sushi bar and struck up a conversation with an older gentleman sitting next to me. He told me he was a developer and created systems for USPS. I am always fascinated by the technology used in large scale systems so I picked his brain for a good hour.

From what I recall, he said at the key distribution centers, USPS scans every single mail (in standard envelop sizes) and in under a second, runs OCR for the destination address. Results from OCR are matched to the address database and if the match is significant, the mail is automatically diverted to the correct queue. Now here's the fun part - if OCR fails or print/handwriting is unreadable, a photograph is immediately sent to one of the hundreds of humans waiting to decipher the address and type it in (think Amazon Mechanical Turk). The humans have under 10 seconds to read, decipher, type, and submit the correct address. During this time, the letter is held up in a waiting buffer and the moment the correct address is available, it is diverted to the correct queue.

I asked him if that means USPS took a photo of every single piece of mail and he said yes, they had to, otherwise nobody would ever get any mail due to the sheer volume of mail they had to manage. I asked if the photos of envelopes were saved forever and he said, well, I'm pretty sure they are but I'm not allowed to publicly admit that.

I know it's a personal anecdote but that was seven years ago. I can't even imagine what they're doing now.

(Using a throwaway account)

I worked on the OCR systems. Fun fact: at one time, the USPS was the world's biggest user of Linux in a production setting. Their OCR boxes ran on Linux (until they were replace with SGI O2 boxes at a massive cost... but I digress).

Here's the path the mail takes: it is picked up by carriers from the mail boxes. Then dump trucks bring it to the P&DCs (Processing and Distribution Centers). There are about a 1000 PDCs in the country, I think. There, mail is dumped into a massive conveyor belt, where the first machine (AFCS, or Automated Facer Canceller System) makes sure that the mail is facing the right way, and is upright. Various heuristics are used for this. Here the mail is stacked nicely into flat boxes, vertically.

Postal workers then feed these boxes to the MLOCR (Multi-Line OCR) machines. These machines scan pieces at the rate of 13/second. After being scanned, the letter goes on a long loop before coming back to the beginning: this loop, about 3 seconds (not sure about this) is the latency: the reading machine has this much time to decode the address. Also at this time: a fluorescent barcode is sprayed at the back of the piece, giving it a unique ID. If the OCR machine can read the address, it is sent to a bin indexed by the first 2 digits (or so) of the ZIP code (assuming it's not local).

If the OCR can't read the mail, it is sent to a separate pile. Then a program called RCR (Remote Computer Reader) kicks in: a person sitting in some remote area gets the image, enters enough information to decode the address, and the results are collected (tagged by the ID of the fluorescent barcode). After a few hours, this separate pile is run through the sorting machine again: this time, the fluorescent barcode ID is used to match the results from the human, and a real barcode is sprayed on the front and the piece is sorted as before.

Now, there are variations in the above, but this is the gist of it.

Fun facts: the USPS aims to handle a piece at most 7 times. And when a piece gets jammed in the machine and is torn, it gets put in a "body bag" with an apologetic note.

Great info, thanks.

How reliable is the mail delivery? Do you know how much mail is lost? One percent, more, less? (I believe one kind of failure is called UAA - undeliverable as addressed.)

I'd love to learn more, but don't know where to start.

Some of us election integrity activists are deeply concerned with the transition to vote by mail (all postal ballots, no more poll sites). One practical complaint is our assumption that 1% of all mail is lost. In a big county like mine, that's 12,000 ballots.

My FOIA requests were rebuffed. Apparently the data gathering is done by third parties, so is considered proprietary. (A nice dodge, illustrating how privatization reduces government transparency and accountability.)

The best information I found was looking at court cases, where USPS' customers (eg bulk mailers) dispute the UAA, and don't want to pay extra.

In general, I think mail delivery is very reliable. But given the volume, there will be outliers. Even if we assumed 99.9999% reliability (a hypothetical number), given that they sort 300MM pieces per day, 300 pieces per day will be affected.

If you have the money, you should try an experiment: mail a large number of ballot-like pieces from different mailboxes all over the county (say, 10,000 letters) and see how many reach the destination. Sure, it'll cost $5K, but you may have a better answer.

The Royal Mail in the UK quotes ~99.74% reliability (for delivery, not on-time delivery), FWIW.

I'm curious how much mail also gets lost due to being delivered to the wrong mailbox. I average at least one mail per month that is not addressed to me in my mailbox.

In 2006, during my senior year of college, I worked nights at the Postal Encoding Center in Beaumont, Texas. The starting pay was $15/hr and encoding is a 24/7 operation, making it a highly pursued job by college students.

It's true that every piece of mail goes through OCR. If that fails, it's sent off to one of the encoding centers as you described. There wasn't a 10 second limit to encode an address, but all encoder's performance was continually monitored and those that didn't perform quickly would not get as many hours per week. There were random audits done of a sample of 10 responses; over time your accuracy was expected to be 99%.

In addition to encoding scans of envelopes, there were more sophisticated systems for encoding packages and magazines. Since there is no standard place to put an address on a box or a magazine, encoders were provided with images from all sides of an item, making the encoding process have two steps: finding the address, encoding the address.

As OCR improved, the number of Postal Encoding Centers was reduced. The last I heard was that the Beaumont center shut down and there are only 5 left nationwide.

Better OCR (and, cynically, perhaps a higher tolerance of error to cut costs) is making the human handwriting readers obsolete.


And much less hand addressed mail. It's much easier to OCR a printed label.

I wouldn't be surprised if modern domain specific OCR can give you an error rate that beats that of a time-constrained human reader.

While I agree with you at the general level, it sounds like these trained individuals are ridiculously good at what they do. Even seven years ago, to be able to take a crack at an envelope in just 10 seconds and type out the result is impressive.

And their jobs are getting harder:

"It used to be that we'd get letters that were somewhat legible but the machines weren't good enough to read them. Now we get letters and packages with the most awful handwriting you can imagine."

It'd be more interesting if they captured the address the package is sent to; the return address (if any); and the post mark.

As I understand it postal mail is traditionally given much stronger protections than other forms of communication, especially in the US.

I'd be very surprised if postal mail was being intercepted and contents were read without very strong warrants.

EDIT: It does sound like a fascinating system though. All that mechanical stuff; all those different sizes; all that paper dust! Postal mail is amazing.

It really is. I used to do embedded software for controlling mailing machines and the technology for paper handling is amazing. You mentioned paper dust: the printer we used was based on a Canon print engine with wipers added to periodically clean off accumulated dust and ink goo. IIRC, we ran a wipe cycle every two minutes to keep it clean enough to not clog the jets. It was a real problem because the ink had to be a fast-drying composition to avoid smearing as the mailpieces stacked up.

I moved on before I got to work on the sorting machines: the intricacy of that stuff is truly mindblowing for a mechanisms geek like me ;-)

I'm not surprised, and I think this is general knowledge.

When I move, I tell the post office my new address. They are able to reroute my mail to me (while the new tenant gets their mail successfully). The post office reads the outsides of envelopes, and understands that mail to the same address can be treated differently.

So the fact that they send digital records of all mail sent to the FBI shouldn't be a surprise. But still is, somehow.

> I can't even imagine what they're doing now.

Not delivering as much mail? http://en.wikipedia.org/wiki/United_States_Postal_Service#Re...

I wonder if they fed the human-matched addresses back into the OCR system to train it to be better at reading handwriting.

I'm sure with the right light frequency, x-ray or other, they can partially read mail through the envelope.

Not saying they're doing it, just saying it's possible.

I know that these and similar cameras are in use at the Postal Service.


I know from experience that you can read at least the outside page of a tri-folded letter through most envelopes on the address side. According to one of the Fairchild applications engineers, it is a problem with mail sorting systems, because they have to reject that noise to read the address properly. The Osprey camera has excellent sensitivity in both UV and Visible wavelengths.

Well there's ways to pull the paper out without disturbing the envelope if they really wanted to go that far.

As it stands what you're suggesting is at least already illegal, FWIW.

> As it stands what you're suggesting is at least already illegal, FWIW.

Unless a secret presidential order established a secret law (declared legal by a secret court) that made it legal (but illegal to disclose to the public), that is.

The "secret order" you refer to is in accordance with the public law, otherwise the "secret court" you refer to wouldn't have said that it's legal.

Invading the mail, on the other hand, is quite explicitly illegal.

An undisclosed order that is in accordance with an undisclosed nonintuitive interpretation of the public law oughtn't be legal, and regardless of conformance to the USC, seems to violate the constitution that provides the foundation for the government's existence.

Edit: I wished I'd read rayiner's sibling reply elsewhere. It explains the point I'm trying to make in a fashion that's about 100x better. -----

To the extent that revealing an E.O. doesn't endanger national security or other legitimate government purposes I agree completely that it should be public.

However I don't agree that it's safe in general to rely on a given Administration's "interpretation of the law". As Snowden has pointed out, the Administration can change... you should assume that what is permissible under the law and Constitution is actually being done, if that actually worries you.

So if the law says that the Government can intercept foreign communications pursuant to a trap-and-trace it's probably a good assumption to make that the Government is actually, at some point, trapping aforementioned communications.

I mean, if this was working just like a normal law enforcement scheme then you'd already have to deal with the possibility that the government is tapping a communications channel pursuant to a regular Article III warrant to investigate communications of a terror cell for months at a time. Presumably this wound theoretically still accumulate enough data (and metadata) to theoretically wreck your theoretical world should a theoretical despotism come to pass.

What an E.O. should do is to define where an Administration will focus its limited resources in enforcing the law. Perhaps they will decline to fully defend laws that are anti-homosexual in nature. Perhaps they will avoid aggressively going after marijuana usage (would be nice!). But even in that situation, if you cross state lines to buy weed you're still technically breaking the law and should be prepared for consequences of that; the E.O. could change tomorrow, after all.

And besides all that, what if they guy making an interpretation is at a much lower level. An individual cop might make a snap decision, do you expect them all to mail you a Policy & Vision Statement each month?

Even if that did, it would be hopeless to try to push the edge of 1000 different "lawful ways to enforce the law". Assume anything the law permits might be done.... and even then, it's hard enough to fully comply with all the law, even the ones that clearly fall within Constitutional guidelines.

Ugh. When the news media refers to "secret courts" and "secret laws" they're taking some liberties with the definitions of "court" and "law".

The first thing to understand is that one of the basic concepts in our separation of powers system is that the executive has discretion in how it enforces the law. Take something basic like the Sherman Antitrust Act (15 U.S.C. 1). The most important piece is just one paragraph: "Every contract, combination in the form of trust or otherwise, or conspiracy, in restraint of trade or commerce among the several States, or with foreign nations, is declared to be illegal..."

The courts establish the precise contours of what is a "restraint of trade" or what is a "combination" under the law. This creates a set of boundaries for the executive. The executive is empowered to enforce the law, but has discretion within those boundaries. If it thinks some class of things is or is not a violation of the law, it is entitled to prosecute cases accordingly until the courts decide the point one way or another or Congress clarifies the law.

Presidential orders cannot create law, but they can guide the rest of the executive branch's enforcement of the law, within those boundaries of discretion. The President might issue a directive telling the DOJ: "we don't think that such and such agreement is a 'combination' under the antitrust laws, so don't prosecute such cases." Usually these interpretations are public (and are published in the form of regulations). Sometimes these interpretations are secret, in which case the media calls it a "secret law." But the key thing is that the directive only guides executive action that was lawful anyway.

Now, the FISA court has been called a "secret court" but it again serves to guide executive discretion, and is not a court of general jurisdiction. Its opinions are binding on no other court other than itself, and its jurisdiction is extremely limited. The basic principle behind FISA is that the executive can do a lot of things as a part of its foreign intelligence function Constitutionally that we don't necessarily want it to do. In particular, it can conduct surveillance of foreign agents entirely without warrants because foreign agents don't have 4th amendment rights. The purpose of the FISA court is to constrain the executive's discretion in this regard, by requiring it to get a FISA warrant for all foreign surveillance, even though such surveillance would not require a warrant under the 4th amendment.

To circle back to mpyne's point: neither "secret courts" nor "secret law" can override public courts and public law. Rather, they are internal to the executive. They guide the executive's discretionary powers within the boundaries established by public law. If they hadn't written it down, they'd still be entitled to do it, and nobody would complain about any "secret laws" or "presidential directives." The things mpyne mentioned are illegal according to public law, and thus not within the executive's power to do regardless of any secret directives or secret court opinions.

"7 years ago they were saving 100% of the information... I can't even imagine how much higher that percentage must be by now"

I meant, they were storing then. Who knows what they're doing now. Analyzing, creating graphs/networks, sharing historical records?

this was a Linux system, I remember reading the articles taking about it (but it's been a while)...

That one was for machine-printed addresses. I had the luck to hire the lead on that project in 1997 or 1998. The interview consisted of "teach me how that works."

Edit: Ah, after we worked together it looks as if he went back to pick up the hand-written addresses as well: http://www.linuxjournal.com/article/2985

Oh man, I remember when those dual Pentium Pro 200's came out. So much awesome...

Except I've never, ever heard of this used to solve a crime.

Definitely never used in court or we'd hear about it but they probably wouldn't risk the constitutionality of that.

So they are just collecting it for the sake of spying on everyone. Lovely.

Just because you haven't heard of it doesn't mean it doesn't happen. Here's a case from 1970: http://scholar.google.com/scholar_case?case=1776184466461190...

You'll notice that early on, it mentions Ex Parte Jackson, an 1878 case which established that the contents of mail are protected by the Fourth Amendment, but that the outward form is not. Mail 'metadata' has always been fair game, just as it would be fair for a police officer to observe your comings and goings on the street without any need for a warrant.

Then there's the Postal Inspection Service, which is the law enforcement agency that specializes in mail fraud (perhaps you've heard of that?) and which predates the founding of the USA.

I don't mean to be rude, but the fact that you've 'never, ever heard of' something doesn't mean anything special. You don't strike me as terribly well-informed.

Except I've never, ever heard of this used to solve a crime.

Reading the fine submitted article would solve that problem.

...by examining information from the front and back images of 60 pieces of mail scanned immediately before and after the tainted letters sent to Mr. Obama and Mr. Bloomberg showing return addresses near her [Ms. Richardson's] home.

Those are some powerful tools for investigators.

Goddamnit this is NOT OK. This is the dark side of the technological improvements to "productivity": we have enabled a level of productivity that allows the few to track the many.

It's time we technologists all sat down and though about ways to turn the tide - they are using technology to track us, how can we use technology to thwart them?

My best answer is: data flak. We should all start building system that include extra data. Browser components that load other pages in the background. Phones that text at random. Snail mail to nowhere.

You're gonna snoop on all my data? Take it ALL and choke on it.

Essentially what you're proposing is a DoS of the tracking system. The problem with that (at least with physical mail) is that it takes far more resources to generate physical mail than to scan it. A DoS shaped like that will never work unless you have some way of massively amplifying the effect you are having.

Postage on a post card is currently 33 cents. How many postcards do you reckon you'd have to send before the automatic scanning process costs even one cent extra?

> Postage on a post card is currently 33 cents. How many postcards do you reckon you'd have to send before the automatic scanning process costs even one cent extra?

It seems like it would be a self-defeating process since the cost built into sending "data flak" would pay for the services monitoring it.

I've been thinking about the fact that a data-generation machine would be incredibly destructive to the current intelligence system. Spend a little bit of resources on a system that will manage and nurture online personas and you could render the algorithms watching things useless.

Misdirection: it's been used in magic for a long, long time.

So what happens when a piece of software can be used as a terrorist device? We're going to run into that. Soon.

I would imagine the DoS is half of the benefit. The other half is manufactured reasonable doubt.

If a person were to send periodic letters with real and fake cryptographic messages to random individuals of importance, barring a warrant to read the contents of each letter, that would constitute reasonable doubt as to whether or not that person was legitimately communicating with another person of interest.

It would also likely be taken as suspicious in its own right.

True, but given the facts of the past few weeks, it's completely reasonable to set up such a system like this now for yourself as a hedge for what the political landscape may look like in the future. I know what is illegal today, but I have no idea what may be made illegal tomorrow or 10 years from now. Implementing such a system is a hedge/insurance against dystopian futures that are becoming reality.

As long as such a system is in place and significantly predates (on the scale of years) any crime you are accused of, this argument of hedging against a dystopia makes a lot more sense and is far more defensible.

> I know what is illegal today

That is impressive, even if you are a lawyer.

Hehe. Yeah, I know. :)

Yes, they might suspect that I value the freedoms that so many have fought and died for that I would, shockingly, moderately inconvenience myself to do so.

Which means you could undertake the activity on behalf of those you wished to implicated.

>>Postage on a post card is currently 33 cents.

why put a stamp on if you don't care about where it goes? better yet, put a 1 cent stamp on and make sure it gets extra handling for postage due.

A mail proxy is what is needed (I have no idea if these exist today).

Put your letter inside an envelope to a mailing proxy. Mailing proxy opens your letter, and sends your recipient a letter from them.

There are more opportunities for misdirection - the mailing proxy service can internally shuffle letters around and add mailing delays to discourage external analysis.

Although, even with all that, I'm unsure of the effectiveness of this approach. It's usefulness also scales with the number of people willing to use such a service.

Does the gov't need a second warrant to open a letter-in-a-letter?

Alternatively, you could use a peer-to-peer mailing scheme - advertise your mailing address as a mailing "node". People who want to "use" you send you a letter, and inside that letter they write a letter to the intended recipient, with the sender addressed as you. When you receive such a letter, you merely open the one addressed to you, and drop the inner letter in the mailbox. Nest as many letters as you want and have your letter "hop" around the world.

Does the gov't need a second warrant to open a letter-in-a-letter?

Interesting question; I'm guessing no, unless the interior letter contained obviously privileged material (eg 'Dear Father, I hope you are well; enclosed is a letter I received from your lawyer after you departed, which I forward to you unopened. Your Loving Son.'), in which case a warrant would probably not issue for the contents.


Section I B - allows the contents of unsealed classes of mail "as allowed by law"

Section II B - "...Mail Covers do not authorize the search, seizure, or opening of any class of mail."

Section III B 6 - addresses attorney-client privilege.

None of which is responsive to the question asked above, which was about a letter that was lawfully opened pursuant to a warrant, but which contained a second, sealed letter.

Interestingly, postmasters can act as mail proxies.

A stamp collector who wants a particular cancellation stamp can send a letter to the postmaster containing a letter and a note: "Please postmark and deliver".

I have used this in the past to play small tricks on friends, and to send them mail from far-away places.

Per the article, the entire course of your letter is tracked, so this should never be used when actual privacy is desired.

Why stop at just a single-hop proxy? Just go full out onion routing. Here's a paper for an anonymous physical delivery system, named APOD, based on that model:


More interesting if you could make a mechanical one that would remove one envelope and forward the letter.

Then each data facility could reasonably process a few thousand letters a day, batching them for the postal service. After a few rounds of mixing, if there was significant facility-to-facility traffic, it would become impractical to find any specific letter's path.

Time for real world implementations of our high-latency packet routing algorithms?

The next step is building such a system for personal transportation pods, so nobody really knows where you're traveling ;-). However, you'll have to pack enough food to be shuffled across the country several times on underground pneumatic tubes as your personal carrier onion is unwrapped and retransmitted.

Not sure, they'll just throw more resources at the problem.

I think the problem is in "the few". If they snoop on us, we should be able to snoop on them -- especially since it's our tax dollars that pay their salaries and (although yes it's a joke of a broken system) we elect these officials more or less directly.

Just to level the field a little bit. For example, London is full of CCTV cameras -- why is it that only a small group of twisted perverts has access to the feeds? The cameras are in public places, the public should be able to see what the cameras are seeing.

It's a bit much to call bored security staff perverts and opening up the data to the public is guaranteed to attract the crazies - Would you want your (crazy) ex to be able to follow your new love life with a new partner via CCTV?

FYI it's not all bad: the UK automatic number plate recognition (ANPR) CCTV network run by the police (http://en.wikipedia.org/wiki/Police-enforced_ANPR_in_the_UK) is currently being legislated by the Coalition to bring it under statutory regulation - considering the revelations about police conduct over undercover cops it can't come to soon either.

P.S. Bless the UK gov, a full surveillance state can't happen because it's rubbish at IT: 'The current restraints on police use of ANPR data have been dictated by pragmatism rather than a concern for civil liberties. Giving every police officer free access to the system would overload the system, "make it unstable, slow it down", said John Dean, National ANPR co-ordinator for the Association of Chief Police Officers.'

I've known one of those people that watch those cameras and I'd struggle to call him a pervert. He's was just normal guy who paid his bills by doing an incredibly dull job. All it came down to was making sure that when petty shit happens in the street (drunken fights, etc), the police and so on are called to the scene.

I'm usually someone that's very fond of privacy, but I'm not entirely sure I have any qualms with CCTV in public places and in fact I'd love to hear arguments against them.

I had a friend who worked as a security guard at a factory. Sometimes I would come down and visit him in the guard shack. He showed me a controller he could use to point a security camera, and he excitedly showed me how it could be pointed and zoomed directly at the bedroom windows of several of the houses on the other side of the fence. And yes, we peeped. It was so easy and there was no way to be caught that it perverts your morals. You would have to be a strong person to resist the temptation. This was in the 1990s. Mass surveillance destroys the dignity of both the people spied on and those doing the spying.

Aren't the majority of London's CCTV's privately owned and operated?

They will simply allocate more resources to it and you as the taxpayer will end up paying for it.

The only real solution is to have end-to-end encryption that is easy to understand and use.

How are you going to encrypt your snail mail destination data?

Interesting. From a strictly technical perspective (this is impractical), we could set up a warehouse somewhere in the country which accepted incoming mail (tagged with an ID number), dumped the entire package into a plain manilla envelope, then sent it on to the final address.

The final address would be set up via an encrypted web service, so only you and the warehouse know who sent the mail & where the final destination is.

Of course, then the NSA would just take the warehouse's private encryption keys, so it'd only work for about 48 hours, but yeah, you know. Technically possible.

You know, you're not obliged to put a return address on regular mail as long as it has sufficient postage. It's required for various kinds of commercial mail, or mail requiring special handling eg delivery confirmation).

Apparently (https://news.ycombinator.com/item?id=5986011) the letter can still be tracked by looking up the return addresses and point of origin of letters with neighboring unique IDs.

Well, if you're anxious for privacy to the point of omitting your return address, you should probably not rely on the nearest mailbox to your home.

It would cost more, but what if the warehouse were outside the U.S?

You could send mail to the wrong address intentionally. Like you want to send mail to 3 Main Street, but you write "5 Main Street" instead. The person who receives it will say "Ah, this is for Joe. He lives next door!" and hand deliver it.

That's mostly sarcasm. There's no getting around the tracking if you want to use regular USPS mail or Google Gmail. Just go meet in person, and leave your cell phones at home.

Make sure you walk or go by bicycle or public bus, too. Untracked personal communication and conveyance over long distances is hard in the present system.

By putting another letter inside that may or may not contain another letter ad infinitum, where each letter is sent to a random address except the most inner letter which is sent to the actual address. In each outer letter you put a five dollar bill and the words "Mail this or else, I know where you live!"

> "Mail this or else, I know where you live!"

That is a great way to get your letter not mailed. A simple "Please" would work much better.

This is not an ease of use problem. Using something like textSecure or redPhone is relatively easy and helps greatly with creating a private channel[1]. But there's still a huge marketing problem.

[1]There's still the problems of metadata and backdoors and of legislation around encryption.

You really need both. Creating noise reduces the perceived ROI on the current programs, making them harder to justify.

Nothing is difficult to justify when you can just say "but... but... terrorists!" and get away with everything.

You could never create enough flak to keep up with the hyper expansion of capacity and processing power. Snail mail data and things like voice calls are not getting larger or more complex and will not; ditto the text in email or on facebook and twitter.

Run a 30 second calculation on any of the power laws working on bandwidth, processing power, or storage, and you should realize very quickly it's impossible to flak the system to death (and that's assuming a lot of people participated).

There are only two practical approaches to what's going on. 1) fix the political system 2) encryption

Adding flak is convoluted and ineffective compared to the elegance and efficiency of encryption (not to mention flak doesn't necessarily conceal anything, whereas encryption can).

> You could never create enough flak to keep up with the hyper expansion of capacity and processing power.

I can create enough flak to confuse a casual, or even somewhat interested observer. If the flak is smart enough (smart flak, heh) then it would be hard to differentiate between actual and fake traffic.

More to the point, not all flak is equal. You can create noise around services that you appreciate and admire, even if you don't use them yourself, creating what essentially amounts to a mild, benevolent DOS attack (mild because it would have to generate messages at human scale).

Data flak is perfect for web-browsing, but messaging is more problematic. Perhaps encryption is the key (no pun intended) but key distribution is still a problem. What you know, what you have, who you are.

A combination of the two could be killer: send 10 encrypted messages to people; 9 of them don't have the right key, so they get thrown out. The 10th can read it. And the meta-data is noisy as hell.

I agree with the notion that this is "NOT OK". I generally feel that about most things that have surfaced in the past few weeks. My problem is that I really have no idea what I can do to help or show my disapproval.

I think we really need to go back to a checks and balances type of government instead of a top heavy executive branch. This lack of checks and balances is the root cause of the issues but I really don't know if there's anything I or we can do about it.

I'm open to suggestions for specific action items. I'm extremely unsure of what I can do to help cause change.

> I'm open to suggestions for specific action items. I'm extremely unsure of what I can do to help cause change.

I'd argue that everything we're seeing is largely a symptom of the poor government structure in general, which has let two large parties entrench themselves and rig the electoral process, to make themselves virtually immune to any consequence to their actions.

The solution is changing voting policy in two ways: changing it to something besides the winner-takes-all system we have now; forcing voting districts to be concave polygons (with some algorithmic properties about minimizing area/edge length relative to certain other properties).

These two changes would a) break up the two parties by making it possible for others to compete and then essential to form coalitions and b) break up gerrymandering allowing the vote to actually reflect how the public felt.

Wrt suggestions: I recently became a contributing member of the EFF. This looked like the best move given the recent events.

Start an illegible letter writing campaign?

There's an addon called TrackMeNot that does this, though I'm not sure it's very effective.


This also reminds me of the time the FCIC asked Goldman Sachs for some data and they proceeded to send them 5 TB of nearly useless documents.

Dumping people with large amounts of data seems like the modern equivalent of paying your parking ticket with pennies.

The problem is then you're still paying for it, and they'll just make your country go bankrupt - but their spying will be the last services they take money from.

The response will be more charges for extra data usage, and a cry from the public to have apps with leaner data appetites.

Maybe I'm alone here, but I never had an expectation of privacy in regards to what I write on the outside of a envelope and drop into a public receptacle (mailbox). I expect the contents to be considered highly private, but not the outside.

There's also this issue of willing disclosure of information to an entity. When I put a stamp on something and drop it in the mailbox, I know I'm handing that information over to a government authority (or whatever you want to call the USPS's weird relationship to the government). Regardless of what they are or aren't supposed to do with it, the fact is that I know I'm putting my info in their hands and trusting them. This is unlike PRISM, where I send an email through Gmail with no expectation that it should ever pass through government hands.

Also, I'm under the impression that most if not all hand-written addresses are digitized for sorting purposes. I think you have to be naive to assume the postal service wasn't keeping that data on file.

Scope matters.

It’s quite different to assume that people can look at the outside of any particular letter, than it is to assume that people are building a database of all your mail, and doing social network analysis on it.

The results of the 2 actions are radically different, with radically different amounts of information gleaned.

Isn't that rather like the argument used regarding the JSTOR data, which we all rejected vehemently?

Abortion protesters used to write down the license plates... just some publicly available meta-data, right?

Yes. What is your point? Nobody has any expectation of a right to drive anonymously.

But they do have a right to privacy in their medical history. Recording license plate numbers at a hospital, abortion clinic, etc. is a violation of that right, even if it might otherwise be legal.

That logic isn't obviously correct. People do not have a right to go about in public, to and from notorious places, in a 2-ton death monster that requires licensure and indemnification to operate, anonymously. People requiring a higher degree of privacy than that offered by cars would be better served taking their bicycles.

I would argue that a de facto right to privacy is created by the nature of the destination. It doesn't matter if someone can see you or your car, the fact that it's a medical destination should create a right to privacy of that trip.

> It doesn't matter if someone can see you or your car, the fact that it's a medical destination should create a right to privacy of that trip.

So what you're saying is that the government should enforce a built-in gag order on people? Interesting...

> It doesn't matter if someone can see you or your car, the fact that it's a medical destination should create a right to privacy of that trip.

So what you're saying is that the government should enforce a built-in gag order on people? Interesting...

They already do with regard to medical information, in the form of HIPAA. A right to privacy has to include the right to prevent others from disclosing certain kinds of information about oneself. You could also consider it from a defamation/slander/libel perspective.

> They already do with regard to medical information, in the form of HIPAA.

HIPAA type records are not publically displayed when people walk outside.

To the extent that a given condition is public people are allowed to note that. This is why assholes were legally allowed to call me pimple-face, for instance.

HIPAA type records are not publically displayed when people walk outside.

No, but there are some things that ostensibly take place in public but should still be considered private, absent some urgently pressing higher need that can only be met by disclosure.

To the extent that a given condition is public people are allowed to note that. This is why assholes were legally allowed to call me pimple-face, for instance.

At some point of excess, wouldn't that fall under verbal abuse, harassment, or bullying, depending on whether you're considering laws or school policies, and thus not be considered free speech?

In general I believe people should be able to say anything they want, but if what they say or to whom they say it violates someone else's rights, their victims shouldn't have to put up with it.

> At some point of excess, wouldn't that fall under verbal abuse, harassment, or bullying, depending on whether you're considering laws or school policies, and thus not be considered free speech?

Perhaps. But should that point come the speech will lose protection because it is abusive, harassing, or bullying nature. Not because it describes my medical condition.

I would argue that your moon-man jurisprudence is weird.

It's not legally possible for a random citizen to get personal information from a license plate, so having someone's license plate number available isn't a violation of their right to privacy.

His point is that this metadata has one intended use, and that it is not supposed to be re-purposed to aid in the harassment of the people you disagree with.

Even if someone thought such actions were unreasonable, I have no idea how you'd use the law to prevent it.

In this century, we certainly can: do not have license plates at all, use radio beacons instead, which send encrypted copies of the plate. The police would be allowed to request decryption from the DMV (e.g., "running the plates"), and a few other authorized people, but the general public could not. The secret keys would be the weak point, and would have to be held only in a limited number of DMV data centers (which would help in establishing an audit trail when plates are accessed).

I'm not saying it is necessarily something that should be done, but it certainly can be done.

Sure, but then how do you tell the police that you just saw a black SUV with Massachusetts plates ending is 907 blow through a red light and almost run down an old lady with a cane at 7th and main? How would they ever find the driver or owner?

While there are many ways to abuse the fact that license plates are publicly-visible (the aforementioned abortion protester being one example), there are still very legitimate reasons they should continue to be that way (holding people responsible for their actions when they infringe on the rights of others, as in my example). This isn't to say that we should always and forever attach a stamped piece of metal to cars, but the current system does have the advantage of being compatible with the Mk. I Eyeball.

While we're on the subject of a slippery slope of increasing police power, we might as well assume that eventually the people will have zero power and zero responsibility with regard to crime. In this hypothetical future, you won't need to tell the police you saw a black SUV almost run down a pedestrian; it's a police problem. This is the illogical end of abdicating personal responsibility in favor of total surveillance.

Maybe I am naive but it seems like there would be a pretty small sub-set of the population that could actually do anything with someone's plate number that would be an abuse of the system. There isn't some publicly available API into the DMV records is there?

With a system like that, the intersection itself would be capable of logging the passing of every vehicle: time, direction, speed. There is no escape.

And if you see a hit and run, good luck helping the other guy out by "grabbing his plate number"

I'm not sure that would be so hard to solve. You can record the ciphertext plate and give that to the police.

Really the question is, "How important is this problem? Do we care about license plate privacy?"

A license plate is already essentially encrypted. It's a random sequence of letters and numbers that correspond with a unique individual's information. It contains no personal information in itself.

Except that your car shows everyone the same license plate every time they look at it. This would be completely unacceptable for a cryptographic solution, which would use fresh randomness to respond to every request (in theory).

Yes, the plate number on your vehicle is publicly available data. But I don't see how that is very usefully. I'm not sure there is any way for a random person to do anything with a plate number. It would require the person to have some sort of connection to the DMV or other agency that has access to your name and address based on the plate number. And those people are still not going to have access to your medical records even if they did manage to get your name and address just by knowing your plate number.

EDIT: the bit about getting at medical records seeped in from reading another comment.

I doubt an anti-abortion protestor who is collecting license plate numbers is doing it to get a hold of medical records. They have already made their "judgement".

Should they not be allowed to collect that information?

I'm curious as well, additionally how would this be enforced. In addition the collection isn't the issue, its what you do with that information after the fact that tends to be the issue at hand.

The fact that some people are "naive" does not imply what they expect to be stupid or unnecessary.

Anyone could argue for censorship and for reading your letters: "it is because of the children"... You are putting them in the hands of the USPS.

Couldn't they pick a more sympathetic guy to talk about:

"Mr. Pickering said that although he was arrested two dozen times for acts of civil disobedience and convicted of a handful of misdemeanors, he was never involved in the arson attacks the Earth Liberation Front carried out."

Gee, this guy was a member of a group that conducted arson attacks and the government is keeping track of the mail he gives to the government to deliver? I'm shocked, really...

That said, this is a great article, and the second page gives a good description of what I think is the legal theory behind the NSA programs:

1) Don't need a warrant to keep track of meta-data (whatever is readable on the outside of the mail).

2) Don't need a warrant to access contents (opening the mail) in foreign intelligence cases (i.e. where the target is a non-U.S. person).

3) Need a warrant to access contents otherwise.

> Couldn't they pick a more sympathetic guy to talk about

"The trouble with fighting for human freedom is that one spends most of one's time defending scoundrels. For it is against scoundrels that oppressive laws are first aimed, and oppression must be stopped at the beginning if it is to be stopped at all." - H.L. Mencken

This is way better than all the explanations I've been able to come up with for people about why it's important to defend weev.

Mencken had a way with words, for sure.

That might be telling you that there isn't a good reason to do so.

Oh, I had good ones, and still do: things about unpopular speech being the canary in the coal mine, things like that. It's much the same explanation.

Mencken is just a lot more eloquent than I was describing it, though.

That's a great explanation for why CFAA needs reformed and weev's sentenced substantially reduced to match the 'crime'. But he still dun goofed.

I don't just think his sentencing was improper, I don't believe that there was any criminal wrongdoing by anyone at any point. He did nothing criminal, and neither did ATT.

I've seldom seen a better timed or more appropriate quote offered in reply.

I think it's more the fact that he is now considered a free man, but still being spied on, which irks us all.

Is it "spying" for the government to remember information that he voluntary told to the government?

Did you even read the article? The government is actively sifting through his mail, more than 10 years after he was considered to be a threat... and a hippy environmentalist threat at that...

There are environmentalists and there are arsonists. His organization was the latter.

And guess what: the government has to "sift through your mail" to deliver it. All they're doing with him is remembering what they saw. Because he belonged to an organization that burned shit down.

I feel this is what a lot of people forget -- or ignore -- when they come on HN to proselytize for this week's armchair activist crusade. 99% of the time, this shit is used to stop legitimately dangerous people. It's manned by people who aren't out to ruin your life; they just want to live theirs with as little shit to worry about as possible.

Reddit, HN, and the like are collectively patting themselves on the back and talking about revolution as though they're going to do anything other than click those little arrow icons next to posts. The third top comment here is talking about DDoSing the post office -- with absolutely no hint of irony. It's ridiculous.

This is the version of "sift through" that I was referring to: http://idioms.thefreedictionary.com/sift+through

>to examine all parts of something

They weren't just reading the address and sending the domestic mail on it's way, as everyone expects they do.

Who is "they"? He's the one who, somewhat hilariously, got a note about snooping his messages in his mailbox.

If you need to send an anonymous letter - hopefully for good (say, whistle blowing) and not evil - you can still do so.

Use a fake return address (duh).

Drive to a mailbox far away from your work or home. Pick a mailbox that has no security cameras. Don't go into a Post Office, where there will be security cameras.

Turn off your phone before going anywhere near the drop location.

(This is all coming from a PBS documentary about how they went about the 2001 anthrax attack investigation.)


Buy the envelope, stamp, and any mailed material (eg paper) far from your home.

Exclusively handle all the materials to be sent in a clean environment far from your normal haunts. You may want to wear a hair net, breathing mask, and gloves. Do not lick the stamp or envelope.

Be careful about handwriting anything, if authorities may have any samples of your handwriting — as for example on prior letters addressed, or archived forms filed. Also, do not use a computer laser/inkjet printer, which may add unique invisible tracking codes.

After leaving behind your own phone, be sure not to use a vehicle with its own phone (OnStar etc) or any RFID transponders (eg tolltags, which can be read for traffic jam analysis even on non-toll motorways). Similarly, put aside any personal ID or payment cards (passports, some driver's licenses, mass-transit stored-value cards, etc) which may have remotely-readable RFID transponders.

Try to arrange for your phone, computer, or residence to continue giving off its usual signals of your presence – so that the period of the letter mailing doesn't show up as a suspiciously idle time for you.

Avoid all private and public surveillance cameras, or disguise yourself (and your car's license plate from automated readers).


Even with all these steps, it's likely the individual's capability to opt out, with effort, from being tracked will soon be obsolete. It will be too cheap and appealing to video-record all public spaces, or even regularly dust all public spaces with unique molecular tags so that when examining an artifact later (a letter, vehicle, article of clothing, etc), all other places it has recently been are evident to careful analysis.

Instead of just driving to some far away place and come back, I'd pick a mailbox that's close to something where you might go sometimes but that's not close to your house either.

For example, you could go to Ikea buy something there (with a credit card to leave a log of a transaction) and mail your letter. Ikea because they aren't that many Ikea stores but it's not out of the ordinary to drive quite a while to go to one.

My point is that if you have reasons to want to send an anonymous letter, you might want to make sure that a drive that doesn't fit your regular patterns can be explained by something reasonable.

edit: I'm not sure the credit card is a good idea. Likely not. It might be better to pay cash, and keep the receipt. This way, you can't be immediately cross-referenced, but if asked, you have an alibi. Yeah, I really don't know. :)

MI5 had a nickname of "Box" or "Box500" because postal mail was sent to "PO Box 500".

The letter would be put in an envelope. That envelope would be addressed with a department (but not a name). That envelope would then be put in another envelope. The outside envelope would be sent to Box 500.

It is kind of weird that in the 21st century we're re-learning ancient tradecraft from retired spies.

Also, don't use a laser printer that applies tracking dots.


> Turn off your phone before going anywhere near the drop location.

Better, leave your phone behind during the day-trip to whatever mailbox you are using.

I have lived in a country (Taiwan under its previous dictatorial regime in the early 1980s) where I assumed that all my postal mail, domestic or foreign, was read by the ruling party's secret police as part of the delivery process. The postal service in Taiwan was always awesomely efficient when I lived there, with residential mail delivery twice a day all days of the week, year-round except for a brief set of holidays for Chinese New Year. Because I assumed that all my mail would be read, I set up procedures to check whether any of it was seized. My dad and I would write weekly letters to each other, numbered consecutively. The course of post between Taiwan and Minnesota in those days was a week or less, so after a while each weekly letter would take the form of including a phrase like "This is letter number 12, replying to your letter number 10, which I received on [date]" and so on. As far as I can ascertain, all the letters I wrote and all the letters addressed to me were delivered, but I assumed that they were read by the secret police.

Foreign magazines and newspapers were sometimes seized and not delivered to subscribers, usually when they included articles about domestic politics in Taiwan. (I learned to respect The Economist as a news source by observing how often it was seized in delivery, either in entirety, or with blacking out of particular articles.) Local people who could read English could pay their hard-earned money to subscribe to (rather expensive, in those days) publications like The Economist or the Asian edition of the Wall Street Journal, but they couldn't count on receiving all of what they paid for.

The dictatorship in Taiwan eventually fell, after a largely peaceful people power revolution that forced a transformation to an open political system. Along the way, people I know, including the father of one my children's godparents, were imprisoned for leading peaceful protests urging free and fair elections and a stop to censorship. Most people don't have the courage to go to prison--especially prisons like those in Taiwan at the time. But courage is what it takes to undermine a dictatorship. A successful movement for greater freedom requires great courage, and a degree of social trust among the movement participants that is not easy to find. Allow me to repeat advice I have shared here on Hacker News before. If you really want to be an idealistic but hard-headed freedom-fighter, mobilizing an effective popular movement for more freedom wherever you live, I suggest you read deeply in the publications of the Albert Einstein Institution,


remembering that the transition from dictatorship to democracy described in those publications is an actual historical process with recent examples around the world that we can all learn from. Practice courage and practice collective action.

> ...courage is what it takes to undermine a dictatorship

Yes, and thanks for a great comment. I'm going to read that link, http://www.aeinstein.org/organizationsde07.html.

Anger and hatred after 9/11 is what led us down this spiral, and more anger and hatred would only change the names, not the system.

Anger and hatred after 9/11 is what led us down this spiral

9/11 merely silenced the critics, allowing the power elite to bum rush the Constitution, aka the Shock Doctrine. Panopticon has always been the plan. There's always a plan, waiting for the opportunity.

It inspired people who knew better to compromise on their beliefs about freedom and torture and rule of law, and we've been paying for it ever since.

And it scared those who didn't know better into not asking themselves the tough questions required to become one who does know better.

That's both fascinating and inspiring, but note that the story is here is that are just reading the outside of envelopes, not the contents. And nothing is being censored.


Government agents literally drive all over America with loaded guns. It's only a matter before they start killing us all.

Ah, I see I've arrived at Hacker/USA Government Abuses News. And I say that as somebody deeply interested in these stories.

Who do you think builds these things? Email, cameras in phones, handwriting recognition, network analysis, facial recognition, big data... We should be highly aware of both edges of the swords we forge in our volcano.

Perhaps I've always found it obvious that creating these things, working for companies with close ties to military and surveillance (Lockheed, etc.) is quite near evil and that professionals with integrity would not do that.

I think that is a minority view in our profession, so you are probably right.

If you think working for Lockheed is evil, what do you think of working for a company like Facebook, that profits from selling the personal data of teenagers to companies who take advantage of their adolescence to peddle overpriced products to them that they don't need and that their parents can't really afford?

I'm not saying Facebook is evil, but let's face it the world is a lot more morally complex than the self-righteous want to make it out to be.

This idea that Silicon Valley is full of engineers toiling in a Parthenon of virtue while evil people in Washington misuse the fruits of their creations is utter bunk. Like every technology in history, software and internet technology can be used for different things, and there is widespread disagreement on the virtues of those ends.

E.g. Einstein might have regretted his involvement in the nuclear program, but there are a huge number of people who to this day think the development of nuclear weapons was a positive thing in how it ensured American ascendency for the succeeding half-century. At the same time, you'll find lots of people who think Lockeed, etc, are doing very noble things by developing technologies that allow American foreign policy to be implemented while getting fewer American soldiers killed (and reducing collateral damage too--a cruise missile is a lot more damaging than a drone strike). There is probably no country in history that has maintained its supremacy for as long as America has with so relatively few casualties among its armed forces. You can thank Lockheed for that.

> I'm not saying Facebook is evil

Why not? I say it is. Just as you said the other day -- advertising is preying on people's cognitive biases. Sure, the world is very morally complex, but that has no bearing on the morality of advertising and whether how Facebook in particular does it is evil or not.

It is evil for a panoply of reasons. Just say it, don't just hint at it. Facebook does more lasting harm to society than good.

I won't say it's evil because that's like saying fattening foods or sugary sweets are evil. People love getting the latest Kate Spade handbag even if its an exercise in irrational behavior. I'm no philosopher-king, I'm not going to sit here and call it evil to give people what they want.

That's just a defeatist attitude then isn't it. I think it's better to proactively attack something even slightly evil, because if you don't it'll keep becoming more accepted until it becomes normal and starts rotting the very foundations of a civilized society.

It is very important to look at the "other side" of things, because there are people just like you and I on the "other side" in even greater numbers -- just not born in privileged homes with access to the same opportunities. On the other side of the Silicon Valley society that is full of white kids from high-income households with connections in high places you have poor black kids who're too poorly educated, who are more susceptible to getting had by mischievous advertising schemes of today. How this is different from pyramid schemes and other immoral -- but legal things -- is it's just more sophisticated... and I guess therefore, more effective, and therefore ultimately much more damaging.

(I have to add a meta-note, because this keeps happening over and over again: I think the last 4 or 5 times I responded to you I was upvoted and all of the follow-up comments you made to me were downvoted. I swear it's not me, I think it's a pity that this happens. As much and as often as I disagree with you I do like engaging with you because you're generally pretty thorough and pretty smart. I mean, at least you recognize that advertising is something not so "good" -- a lot of people here don't. Here's hoping my upvote to you helps).

My views are painted by pacifism, so nothing is as bad to me as producing military technology, or providing talent for the military industrial complex. Your Facebook example harps on some of the evils of capitalism (manipulative advertisements and such), but given the way the world works right now, even if you live in North Korea, you are born into that (black markets, etc. which of course beat having no economic freedom any day).

Enabling surveillance is a distant second, but still certainly wrong because it is direct support for the robbing of privacy, a basic human dignity. There is no room for ambiguity or argument as in the case of economic theory and such, like in the Facebook example.

Look at it from a purely numerical standpoint. How much is lost when a teenager buys a $100 pair of Ralph Lauren jeans when a pair that is identical in all but brand-name could be produced for $20 or so? That is the opportunity cost of that money to that kid?

Military technology kills a few people (large harms to a few people), but advertising diverts vast amounts of money towards industries where it is easy to take advantage of cognitive biases to create artificial distinctions between products (small harms to lots of people). And both have their legitimate justifications too. People need to know about new products and services and advertising helps them find those products and services. And while you may be a pacifist, Americans are decidedly not. They want a country that sits at the top of the world and they want to be protected from hostility and Lockeed gives Americans what they want in that regard.

And even for a pacifist: we live in the most peaceful time in human history. American military supremacy, plays a big part in maintaining that state of affairs. Countries that might be incentivized to wage war (as countries have done since there were countries), avoid doing so because they know the American military response will be swift and overwhelming.

Using war or the threat of war to apprehend peace is antithetical to pacifism.

I'm not sure what the American populace's purported will has to do with my view that war and its antecedents are revolting. Certainly you aren't suggesting that building these things is patriotic duty for a US citizen?

I think Rayiner is a consequentialist (as I am) - judging by quality of outcomes. This doesn't work for everything (since we lack foresight), so I'm a reluctant deontologist, in general; but lacking an obvious or enforceable ontology, consequentialism all the way, baby.

> Using war or the threat of war to apprehend peace is antithetical to pacifism.

I agree, but keep in mind the person-to-person analog: "Using force or the threat of force to apprehend personal safety is antithetical to pacifism." I.e. there is a convincing philosophical argument that once you agree that people have the right to use force in self-defense, that there is a collective right to use military force for collective self-defense.

Precisely. I can't speak for all pacifists, but many, like Tolstoy, outright reject personal self-defense, at least in theory. That is to say, while it is very difficult for man to give up defense of oneself and one's family (probably for good reason), a pacifist does not see the self-defender as morally pristine. The great danger is when self-defense is given priority over other means of resolving or fleeing violence. If you believe the state's case, then I think the Zimmerman murder trial is a perfect example of zealous self-defense.

Well stated.

The fact that Obama declared on national TV that they only spy on non-US citizens (6.5+bn humans) without a warrant is the biggest news in the internet industry since the mass deployment of broadband a decade ago.

Knock it off. These specific government abuses may well destroy the bulk of the revenue streams for the largest companies in silicon valley. If that isn't on topic for HN, I don't know what is.

No it isn't, that was going on all through the Cold War. It's just more efficient now.

This isn't just a government problem either; people in europe are at least as unhappy about firms like Google and Facebook warehousing their data, but at least over in Europe they have robust privacy laws that service providers have to comply with.

See for example these stories, in which (some) American users express puzzlement over Euros' insistence that they are the owners of their personal data:




There's a Facebook bias to these because those were the easiest threads for me to remember & get search hits on, but the principles apply to any firm that retains customer data. EU users have a legal right to demand companies divulge all dta stored about them, and insist on its permanent deletion - something that's not available to US users.

Now, you can hardly insist that governments be less powerful than the companies they are supposed to regulate. If you want real privacy, then you need it explicitly stated in law, and structured so that it can't be signed away in exchange for some commercial benefit, much the same as you can't legally sign yourself into slavery; such contractual arrangements are inherently invalid. This is going to require a constitutional amendment, because otherwise companies are going to defend their data hoarding and unilateral exploitation of said data on First Amendment grounds.

Interesting points.

One thing all of this brings to mind is that we appear to be nearing a crossroads (perhaps we've already passed it).

That is, we'll have to very soon decide en masse whether we are OK with the demise of privacy or not. This is irrespective of whether our privacy is lost to companies, government, or both.

Because it seems that by default, people are simply becoming accustomed to a world without personal privacy. In fact, stories such as that referenced on this thread are coming out with such frequency and ferocity now that one wonders whether it has the effect of simply jading people with sheer volume (whether designed for this intent or not).

In any event, we've been moving in this direction for some time. And, after some point those who still care about privacy won't be able to summon the support needed to effect a return to its protection.

I don't think we're seeing the demise of personal privacy. For most of American history, "privacy" meant that what happened in the walls of your home or in the confines of some other private place remained private. You could expect privacy in your house and your coat pocket and in conversations you had with people in a private setting. And by and large, that's still the case. If you live on a farm like most people did in 1789 and go into town once a week to get supplies you pay for with cash, the government doesn't really have any data on you today that it didn't have back then.

Rather, what we're seeing is these conceptions of "private spaces" not being abstracted and extended to the new media people use to communicate (cell phones, e-mail, Facebook, etc). You might analogize between your GDrive account and the contents of your desk drawer, but that doesn't seem to be the model we're heading towards.

And I think the fundamental reason for that is the nature of the technology, not the law. A teenager might post a snarky comment on Facebook which back in the day he would have said out loud in the locker room, but that analogy doesn't change the fact that back then, the only people who heard that kid were other kids in the locker room, while today there are thousands of people with access to that data as it travels over some cell phone network to Facebook's data center to be permanently recorded forever. The internet is really not designed to keep communications over it secret or private in any way, and platforms like Google and Facebook are built on exposing as much private information about users as possible.

As a Euro myself I hew to the more expansive version of privacy, in which you have a right to know what data others (private) actors store about you (not unlike an FOIA request to a public body in the US), and to have that data expunged. In general, EU citizens enjoy much more robust privacy protections, even when arrested (no perp walks or publication of mugshots, for example).

I agree that technology rather than competing philosophies of law or governance is the main driver here - witness the threads I linked to above where some people consider the work of EU-nation data commissioners to be an unwarranted intrusion on the private business relationships of internet entrepreneurs.

It's too bad we live on opposite coasts, as I feel we could enjoy a long conversation on this issue.

"For most of American history, "privacy" meant that what happened in the walls of your home or in the confines of some other private place remained private"

The problem is that today there are very few private places, and it is very hard to get to a private place unnoticed. Private, secluded places are becoming rare as security cameras are installed. Even if you can find such a place, your trip to it might be recorded by security cameras and license plate scanners. Even if records of postal mail had been kept in the past, it would have been very difficult to make use of that data -- but data mining techniques are changing that.

"The internet is really not designed to keep communications over it secret or private in any way, and platforms like Google and Facebook are built on exposing as much private information about users as possible."

I once had this view, but I have come to see that it is flawed. Most people are not making an informed decision about this, and there is almost no effort to teach the background needed to make such an informed choice. What we are seeing are governments and corporations taking advantage of the general population's ignorance. It is not that people do not value privacy, it is that they do not even realize the extent to which they are giving it up.

I don't disagree that many people aren't making an informed decision about this, especially all the kids and young teenagers who use Facebook and Google, etc. But my point is about the technology, not the people. The technology isn't designed to keep information private. SMTP sends plain-text e-mails through intermediate servers. Anybody can inspect the packets flying by on their network, which mostly have plain-text contents. Apparently at Google (from what we've learned from the David Barksdale stalking story: http://gawker.com/5637234/gcreep-google-engineer-stalked-tee...) lots of people have extensive access to customer data. I don't imagine the situation is much better at Facebook.

The technology didn't have to be designed that way. Google could, e.g. encrypt your gdrive contents client-side, and I bet there would be a way to store e-mail accounts encrypted so only the inbox/outbox would be stored in plain text on Google's servers. Facebook might be harder but it would be an interesting technical challenge to see what extent to which Facebook accounts could be stored encrypted on Facebook's servers. But by and large the internet is not designed that way. It is designed to leak your data all over the place, to every sysadmin at every intermediary, which makes privacy very hard to achieve, whether from the government or from companies.

> I bet there would be a way to store e-mail accounts encrypted so only the inbox/outbox would be stored in plain text on Google's servers.

What makes you think that's not being done now?

The fact that search works implies that the contents of your email are not encrypted.

It's easy to search encrypted data, you just decrypt it first.

What makes you think Google would be reckless enough to store unencrypted private data on disk, or incompetent enough to not implement search over an encrypted set of data?

My suggestion was to encrypt the data client-side and store the accounts encrypted, so Google couldn't themselves decrypt the accounts. The purpose is to think of ways to structure the technologies so the hosting providers don't have to be trusted entities.

That doesn't work, as anyone providing you a clientside cryptosystem can provide you a backdoored clientside cryptosystem at the government's demand (one that silently uploads your key material to the server).

It doesn't matter if they don't normally store the key. It's a webapp.

Also, they need the key to do search. Furthermore, this does nothing to hide the metadata surrounding your communications, which necessarily must not be encrypted for services to work.

Yes, the historical conception of privacy meant certain things, while other things weren't a part of this conception, simply because the technology of the day made them inconceivable.

For example, it would be akin today to someone believing that the people should be free from being spontaneously teleported by the government against one's will. It's just not something we worry about.

But, putting that silly (but salient) analogy aside, there is an underlying ethos with regard to our conception of privacy that I think is true historically, as well as today. It survives changes in technology and generally weathers the test of time. I think that ethos feels something like the Constitution with regard to federal government rights not specifically expressed. That is, they fall to the states and the people.

So, likewise, I think people believe (at some level of consciousness) that the government simply should not be where it doesn't belong (i.e. in areas of their private lives) and that the government should have access to the minimal information about us required to do its job. And for privacy advocates, this extends to erring on the side of rights vs. security when in doubt.

In short, I think most people would agree that just because technology provides the possibility of more government access to our information, it doesn't mean they should have such access.

Mind you, I am not saying that any of this is codified, but rather is a part of people's conception of privacy. So, I disagree with your assessment of what people consider private.

With regard to your Facebook snarky comment example, I think we're talking about different things. Publicly posting such is, I think, a conscious decision that what is being posted is not deemed private. However, the notion that everything uploaded, e-mailed, or otherwise stored or communicated (even if not marked for public consumption, or clearly is not intended for same) should be accessible to the federal government is an entirely different matter. And, I believe, most people would view such carte blanche access as an invasion of their privacy.

I fully agree. In the short term, I'd urge particular attention to the US-EU Free Trade Agreement talks that are underway at present. I'm strongly in favor of an FTA, but I think there's a lot to be learned from how the disparity between the US and EU laws on privacy are handled therein.

Over the long term, I really do think a constitutional amendment is necessary, which is a 10-year project at minimum.

If I were in the government of other countries, I'd be setting up more programs to woo technical talent from the US. In Brazil, Rio de Janeiro's Botofogo district is a prime location for tech talent to go to. It's an international city with a great quality of life that Americans tend to love. Berlin is another city that could be actively wooing dozens to hundreds of American developers.

Make it a no strings attached program. All you need to do is move to the country and work with software/hardware. You would be given assistance to either join an existing company or set a new one up. Your choice.

I think it's OK for now. This is big news; very very big. I am a fan of trying to keep HN on topic but for now I am very interested in what everyone here has to say.

I have to say, I thought I was very up to date on US spying - I know people who have worked with Echelon and would not say certain words on the phone - but I have still been blown away with the revelations. They're game-changing. They're relevant to HN. Business exists in a context; that context is changing around us, or at least being revealed for its true form. It's very relevant.

And FWIW I am astounded at the lengths "they" are going to get him and the massive political capital they seem happy to burn in the attempt. Genuinely amazing stuff. I have no idea what's next; no-one has. We're in a genuinely unprecedented era here. Anything is possible.

This particular linked story really isn't very big news.

Well maybe not for you, but for me it's another piece of a jigsaw which is beginning to show a very ugly picture indeed.

You're a US citizen I see. Well, maybe you don't understand or give a shit, but from the outside, the opinion of your country is being revised dramatically downwards. Very dramatically. All of this human rights, freedom of speech, fourth amendment stuff is being exposed for the bullshit that it is.

The damage to the reputation of the USA from these events is incalculable. Do you have any conception of what it means when normal people are suggesting that a whistleblower on the run from the USA seek refuge in Russia or China?

> Maybe you view the scanning of the outside of people's letters differently now... but it's not a new story and the article says as much.

I guess it's the context of an all-pervasive spying culture that lends it a new relevance.

And who cares if it's "new". We might only realise the relevance of an old story years later. We might only realise a whistleblower was telling the truth after years of dismissing their tall tales.

edit: eli deleted the post I quote. Oh, don't like things you say online being used against you later? That's not new either.

No need to attack my character. I deleted the comment immediately after writing it because I decided it contributes to the thing I'm complaining about, which is many front page stories full of repetitive comment threads that are only tangentially related to the linked story and contain little new information or insight.

Fair enough. Usually I would probably agree with you. But in this case, I feel the "reaction comments" are important. The reaction is going to be the main story, after all.

Einstein spent his entire life changing the world for great good. Of course another one of this contributions lead to the development of the Atomic Bomb. It is said that in his later life he slumped into a bout of depression knowing how his work was being used.

On a different scale, i think a lot of us are realizing that all the things we've been working towards (machine vision, machine learning, twitter, facebook etc) are also being used against us. Its a bit disappointing really.

Of course, ever since nuclear proliferation, worldwide violence has been dramatically reduced... so take that for what its worth ;)

Agreed, although the top comment here was actually quite interesting.

HN has made an exception for all things US gov't spying related. I even lost my flagging rights for flagging all the snowden stuff (which I thought was exactly what you were supposed to do when you thought something was off topic... not my fault it was the entire front page!)

It's an important topic, but like you I preferred when HN was an oasis of tech away from this nonsense.

It's an important topic, but like you I preferred when HN was an oasis of tech away from this nonsense.

Unfortunately, politics have invaded our tech oasis, and I don't mean HN. The politicization and militarization of technology is undeniable; at this point, retreating to some new oasis and denying it won't make it go away. While I do want a site where I can see more articles about Erlang and lambda calculus, for now at least, I can accept the pressing need to maintain focus on political issues that undermine our ability to build the technology we want and have it used for good instead of evil.

>The politicization and militarization of technology is undeniable

You make this statement as if it was some sort of new happening. This is as old as technology itself. Finding new ways to kill each other has been the number one driver of technology progress, and always has been.

The web was not invented to kill people.

Ah, the web was invented to keep military sites in communication (presumably so that they could keep killing people) while the rest of the world was dying a horrible, nuclear death. So it kinda was.

I strongly agree that there is too much "shallowly interesting" stuff, rather than "deeply interesting" stuff on HN.

It's a shame that people who flag "too much" fluff lose their flagging ability. I flag 4 submissions per day; I still have my flag button. I upvote good articles on new. I've been restricting my comments on the fluff articles. I've been upvoting the comments in good submission threads.

Perhaps someone could create an "HN-Shallowly-interesting"?

"It's an important topic, but like you I preferred when HN was an oasis of tech away from this nonsense."

So you like playing with your tech toys completely indifferent to the actual effect of these toys in people's life.

This is called egoism and onanism, looking for granting yourself pleasure without caring for anything or anybody else.

No, it's called focusing on a particular topic at one time.

You cannot concern yourself with politics all the damn time any more than you can concern yourself with anything else exclusively.

Wonder if it would make sense to have two categories: Tech and non-tech. Though some topics would definitely straddle the line.

How did you find out that you lost your flagging rights? Did the 'flag' link disappear?

Pretty much, yup.

I think it's important so people can build a picture that includes the full scope, and with the more areas and dots to connect, the more prominent it will become in ones' mind.

Between here and Reddit, it's overkill...until you realize here the people might actually have the ability to execute to do something about it more quickly and over at Reddit well...just throw up the best meme you can and sit back and reap the karma.

On the other hand when Reddit does something, the talking heads notice that something happens (however badly it all comes out), while when HNN carps about things nobody cares.

Between your comment and loceng's, there seems to be an agenda, and the latent idea of co-opting programmers and decision makers to make "something" happen. I understand people are furious, but people are furious about all sorts of things that maybe folks here could intervene on if prodded. I think long-time HN users mostly care about where technology notably intersects with these scandals (or anything for that matter).

Just tell me where I need to click to register my outrage this time.

"Hacker" now optional.

Call me crazy but I can imagine seeing this type of stuff in the ole 2600, no?

Gotta get in your daily outrage.

Two minutes hate.

It's a bit on the heavy side, but on the other hand, the surveillance under discussion relies on technology, in many cases recent technology and products that 5-10 years ago many of us were really excited about and may not have seen the downsides of. It's pretty relevant.

I guess that the government's legal justification for this is that people have no reasonable expectation of privacy under the 4th Amendment re: the info on the outside of the mail (name, address, etc.). That is why the need a warrant to actually open the mail.

So does the same apply to email headers? "We didn't look at the body or subject".

The best analogy re: address info on mail is to garbage that you leave on the curb for the trash collector. You probably don't have a reasonable expectation of privacy in that garbage because you exposed it to the public by leaving it out on the curb. There is case law to back this up. Similarly, if you hand over a letter to a postal carrier, you arguably wouldn't have a reasonable expectation of privacy in the info on the envelope since that info can be gleaned by anybody who looks at the letter. Email would be different since that is presumably store on your computer or a server or some other place or thing that would fall under the 4th Amendment protections (and require a warrant).

In a way email is worse, due to all the third-parties who might conceivably be "shown" the email en route.

Perhaps the courts will come up with a legal construct that information which is processed and handled in a completely automated fashion does not "count" as having been seen in public. Something similar to DMCA safe harbor and "common carrier" provisions already defined in telecommunications law, except that it would apply in general and not just to 'large enough' websites or telecom companies.

Everything you do is subject to some kind of informational storage by the government. Some day our thoughts might be recordable too.

They already are. Viewing someones data problem, search results, texts, files and etc one can to surprising accuracy determine the thoughts and inner working of the through process of a person.

Surprising, you say? Do you have a link?

I can think of no legal or Constitutional arguments against this program. Yet, I am still deeply troubled by its existence. I call it unconstitutional by reason of scale.

> I call it unconstitutional by reason of scale.

Which is actually the kind of argument which justices on the Supreme Court might be comfortable with. "Yes, this program somehow squeezes into the letter of the law, but not anywhere close to the intent of the law or the Constitution".

Is the "Mail Isolation Control and Tracking System" ever used to do anything other than decide guilt by assocation?

That is, does the to/from data they collect ever get used to exonerate someone from a crime, or is it just used to decide who to put on "no fly" lists and other such un-American things?

Can this data have any use other than providing guilt by assocation? Can this data be used to say "no, not a terrorist" or something like that?

If it's just one sided, used or useful only for prosecution and persecution, then it needs to be done away with. As it stands, this practice is just Soviet. It's un-American to do guilt by assocation, and to have prosecution evidence that the defendant can't challenge in public.

Prosecutors are required to hand over all evidence to defense counsel on request, and almost invariably do (which is why it's news when a conviction is overturned on the grounds of a prosecutor concealing evidence from the defense). Likewise, a defense lawyer could subpoena this information from the USPS if it was likely to be probative.

I think it's naive to ever have thought that all network and mail were not being monitored. America has been a police state since the "threat" of communism, and it's only now that we're seeing proof.

I also assume that Fedex and UPS et all are required to record your data as well?

I have no idea if they are required to do so, but it's worth noting that while the government requires a warrant to open US mail and inspect the contents, your agreement with UPS/FedEx allows them to open anything they see fit to.

To be clear, it allows UPS/FedEx to open it, not the government. Although UPS/FedEx can then voluntarily give it to the government should they open it...

That's extraordinarily obvious considering Fedex and UPS have advertised tracking for years. They even let you use the system.

I'm sure they record your data for other reasons, like checking to see where lost packages were actually delivered, optimizing delivery routes, etc. But yes, the government probably can request their data on you too.

Why is this news? Of course they log mail for law enforcement, that's a no brainer! This has nothing to do with the NSA fallout and the fact that it's being framed as such is just silly.


"Law enforcement officials need warrants to open the mail, although President George W. Bush asserted in a signing statement in 2007 that the federal government had the authority to open mail without warrants in emergencies or foreign intelligence cases."

The scanning of the envelope is rather benign and critical to efficient operation of the mail sorting/routing system. However, the long term storage of correspondence and association in light of recent NSA disclosures is more concerning. The possibility of abuse is enormous. All you would have to do is find someone that is being tracked and start placing letters addressed to any of your political enemies in their mailbox for pick up.

If its an image it suggests that it might be fun to print QR codes on your mail which refer to specific URLs. If the URL is accessed you get a hit on who looked it up. Sort of like putting a 1x1 gif in an email which is loaded from your web site as cheap analytics (pro tip, don't do this if you work at Google, the security guys don't like it :-).

Always interesting if you can get the other side to reveal information by playing on the fact that they are trying to get as much information about you as possible.

That assumes that what ever is getting the images is also going to process them as QR codes and follow any URL encoded in them. Based on what the system is described as doing, I don't see why it would have any concern over a QR code since QR codes are not an accepted form of addressing a envelope.

All US mail gets a delivery bar code imprinted on it when it is sorted. There are quality checks that verify that the delivery bar code is accurate. Electronic postage is also created using 2D barcodes. My guess is that the folks who build such systems have them just eat bar codes for lunch (which is to say interpret all bar codes) and include that interpretation in the meta data.

If as you say they are never looked at (and I can certainly believe that is true) then the URL you encoded would never be accessed. If however you got a web log entry on your web server that your URL was fetched from a machine run by Booz Hamilton, well there ya go, a bit of information extracted by putting a puzzle in front of them. :-)

Could you not just refrain from writing a return address on your mail? Or instead, put down a false return address?

In that case there'd be no tracking of who is mailing whom, but instead just how many letters someone is receiving.

Yes, and for most private mail that's perfectly fine as long as there is adequate postage. People who are required to furnish an accurate return address include senders of prepaid mail (you know, where it's printed on the envelope with a number), distributers of periodicals, senders of priority and registered mail, and a few other similar examples.

It's still possible to identify where the letter was sent based on the postmark and unique barcode printed on the envelope when it is scanned.

Based on https://news.ycombinator.com/item?id=5986635 and https://news.ycombinator.com/item?id=5986011

Edit: this comment is for scrabble's sake, as you and I already exchanged comments on the subject.

Everytime I read things like this, I'm wondering why the US still has no strong Pirate Party. (Yes, I know, Winner-takes-it-all-2-party-system..)

Are you guys not getting fed up at some point? Land of the free, please be it again.

Well, people getting fed up (with how left-wing and liberal the US was getting) is how we ended up with the Tea Party, which is now apparently enough of a force that it controls the Republicans by proxy, and meanwhile Occupy seems to be so much dust in the wind, so make of that what you will.

I would vote for the Pirate Party. Unfortunately I can't.

From a secure, undisclosed location from some secret intercepts via advanced technological means from an interview in a secure vault inside a Faraday cage with multi-sensor shielding in bedrock deep under the Senate chamber:

Interviewer: Chairman Feinstein, what can you tell us about the USPS data collection just reported by the NYT?

Chairman Feinstein: Our committee received highly confidential, double secret, triple national command authority top secret, quadruple crypto secret, eyes only, not to be remembered (as in the movie Men in Black -- it wasn't just a movie) on the main threats to US national security.

Interviewer: And?

Chairman Feinstein: We got the best of the best of the best.

Interviewer: And?

Chairman Feinstein: Well, we learned about the main threats to US national security, in descending order of seriousness, (1) invisible squads of ETs corrupting our precious bodily fluids, (2) marauding giant herds of 100 ton, angry, rabid mastodons destroying our cities, and (3) progress in the genetics of intelligence that produced a strain of giant rats with intelligence and cunning far above that of humans. Yes, the rats have escaped and are now breeding rapidly in the sewers of our major East Coast cities and spreading quickly west. They have been stowaways on airlines and now are colonizing San Francisco and spreading rapidly on the West Coast.

Interviewer: And why have we not heard of these massive dangers before?

Chairman Feinstein: Isn't it obvious? The intense work of our committee, yes, with that of the House, and our national security command authority has been successful.

Interviewer: But what about the Boston bombers?

Chairman Feinstein: Well, nearly successful. But that was a small gap compared with invisible squads of ETs, marauding mastodons, and super genius intelligent giant rats.

Interviewer: But what did all of that work cost?

Chairman Feinstein: The budget is classified, so high that no one can see it, not even God.

Interviewer: Ms. Chairman, thank you for your interview, and I'm sure all US citizens will be intensely interested in the work of you and your committee.

Indeed! If the post office has the ability to scan all my mail before it is delivered they could at least give me a digital feed of that mail.

Haha, why bother backing up your mail when the NSA has copies of it all?

The NSA should just go all-in and make a business of all this.

I wonder if private carriers, e.g. FedEx, are also under surveillance.

The US predilection for writing a sender's details on the outside of mail has always struck me as poor civic hygiene.

And yet all the anthrax letters get through to their destination and they are clueless for weeks until someone says something.

Makes you wonder what they are really doing with all this data and with the Dark Star.

It will just sit there until they have eroded our rights sufficiently that it can be used for any purpose. Storage is cheap, in particular when you print your own money.

Good thing I stopped using mail like 7 years ago.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact