Hacker News new | past | comments | ask | show | jobs | submit login
NSA broke privacy rules thousands of times per year, audit finds (washingtonpost.com)
416 points by glhaynes on Aug 16, 2013 | hide | past | web | favorite | 86 comments



>James R. Clapper Jr., the director of national intelligence, has acknowledged that the court found the NSA in breach of the Fourth Amendment, which prohibits unreasonable searches and seizures, but the Obama administration has fought a Freedom of Information lawsuit that seeks the opinion.

Are you fucking kidding me? Let's take this incident to the most die-hard scaremonger out there and ask them how the hell is it in the interest of national security to hide it when government institutions are found guilty of breaching the Constitution?


Fully agreed.

Further, let's assume that you were an every-man (as we all are) and had the ability to type anything into a magical console that spat out private details about US citizens. That would be an "unreasonable search and seizure", so you wouldn't do it, right? It's logged! How many of your fellow citizens would not do that search? But the NSA doesn't just hire anyone, so you have to assume the folks aren't exactly like your fellow citizens and they know they're being logged. But is your guess "0"? I've seen people delete ("sudo rm -rf /some-important-dir") critical bits of infrastructure when they knew logs were in place, so my guess is most certainly not zero.

Note: I know some 3-letter-agency folks and they are very tight-lipped, so I don't want to suggest 3-letter-agency folks are not entirely trustworthy. But the NSA appears to have an incredible honey-pot and it't hard to imagine that no NSA analyst would have a taste.

Note^2: the NSA should have internal honey-pots to catch analysts browsing their (girl|boy)friends and such, but I'd not be surprised to hear that they don't...


The thing is that they don't even need to do anything as obvious as that. They could simply eavesdrop on the communications of some important executive of a foreign enterprise with ADRs trading on a US Stock Exchange. The potential for abuse extends well beyond personal intrusions.

The NSA could literally fund itself entirely by simply trading against the information they have access to.


Tangentially, so could Google.


From what I hear, so is Google.


With the whole "NSA has a GMail backdoor" and "Windows Phone YouTube app blocking" thing, I really don't wannna defend Google but...

Baseless accusations like that will get you nowhere.


I'm usually surprised by the depths of cynicism I find at large corporations, not by their altruistic goody-two-shoes-ness.

Google would be remiss if it wasn't trading against the massive wealth of data it has. They're probably not mining email (though they could use a proxy and look at the frequency of particular ads' being displayed in Gmail), and probably have a privacy line, somewhere, that they're unwilling to cross. But I'd be surprised if most people ended up being comfortable with that line's placement. And it's not like we have any way of knowing where it is.


Well, you are right that I do not have any evidence, and I am basically just spreading a rumor. However, the rumor originated from my former line manager back when I worked in the fund management industry, so it is not totally implausible for it to have some basis in truth. Also, Google does make investments beyond it's Google Ventures operation: http://www.bloomberg.com/apps/news?pid=newsarchive&sid=a7cZr...


With the NSA at least theoretically we have congressional oversight. The same can't be said for Google and most of the other companies we trust with our data. Their level of access may be comparable with the NSA but there are few if any legal protections or opportunities for oversight. If the same abuses were happening, they might never come to light. With the big companies, we might only ever be able to speculate.


Google employees that become whistle-blowers don't have to face the same adversity as government employees that become whistle-blowers. It's also easier to sue Google than it is to sue agencies like the NSA.


> Windows Phone YouTube app blocking

Wasn't the issue that the app displayed the YouTube videos without the advertisements though, and this was against the Terms of Service?


Didn't Clapper get up on stage and say emphatically there had been zero abuses? This guy's lies have lies.


Stop complaining! We have the most open, most honest and most transparent administration since founding fathers!

Here, first time ever you can find out who visit White House!

http://youtu.be/OXWTdTnhebs?t=12s

EDIT: In case someone did not notice, I was being sarcastic.

Here is more related clip: http://youtu.be/EpLWCvIZDuI?t=2m


Wrong. Overreaction. The DoJ plans to make the ruling available, but wants to redact it to remove classified information:

https://www.eff.org/document/doj-status-report-re-releasing-...

Don't let my facts interrupt your rant, though.


BS. The document you link to indicates quite clearly that they had no intention of making it anything less than "top secret" after it was found unconstitutional:

>in response to the unauthorized disclosure of classified information, the government has declassified certain information concerning intelligence collection pursuant to Section 702

>[the government] further provides notice [...] that it has determined it will release to Plaintiff a redacted version of the [FISC] opinion previously withheld [but requests a delay]

It's only because the EFF requested it (after Snowden's disclosures) and fought for it in court that the finding of unconstitutionality will now be made public. Or rather, whatever parts the government decides to let go of.


Yes, all of the FISA rulings are secret by default, but redacting a ruling to remove classified information is not the same as fighting a FOIA request.


drivebyacct2 is hellbanned but I see no reason why this particular comment of his should be censored:

>That distinction would mean more if it didn't literally come on the heals of them explicitly trying to suppress the entire court decision.


Not sure why but it looks like this comment 45 days ago is what did it:

https://news.ycombinator.com/item?id=5982741

No idea why that merits a hellban if that's the reason why.


Very curious about what the NSA were doing that was found unconstitutional by its own kangaroo court. It must've been pretty bad.


Or are they just waiting for everything in it to become classified?


> In one instance, the NSA decided that it need not report the unintended surveillance of Americans. A notable example in 2008 was the interception of a “large number” of calls placed from Washington when a programming error confused U.S. area code 202 for 20, the international dialing code for Egypt

Considering their track record with honesty, why should we believe this was an accident?


Suppose you're a Foreign Terrorist. If you're planning an attack on the US, can you do it entirely from your country? At some point you have to contact some people in the US to carry out the attacks. But oh, the Americans you hired are very wily, and they know that, to be relatively anonymous and have their shenanigans hidden, they have to call from different phones, send emails from different accounts, use different identities, encrypt everything...

Mr. American Terrorist Contractor can't have all his communications tied to a single identity that could be reassembled with Big Data. So he tries to keep very few traces of his activity, and confuse snoops with false leads and dead ends.

Mr. American Terrorist Contractor called from many phones, used many addresses, etc. The dragnet to catch him must be large. It will include some innocent Americans. Tens who called a phone he called that same day. Hundreds who went to the same deli as he went last Friday. Add more situations, area codes, phone call graphs and quickly you have most Americans.

That's by design, though: you can't have surveillance that's capable of catching domestic terrorists without surveilling innocent citizens, and you can't try to end terrorism with surveillance without spying on the people who will actually perform the terrorist acts in your land.

EDIT: As it currently stands, the NSA is supposed to help end terrorism by spying on all foreigners. What I'm arguing is that surveillance of non-citizens always leads to surveillance of citizens. Some Americans are uncomfortable with the US government spying on American citizens, but comfortable with the USG spying on foreigners. They may be less comforted when they realize how, if the real intent of the surveillance is to prevent terrorism, only spying on foreigners won't help much.


How about we just give up on "ending terrorism"? Two attacks by foreigners in 250 years of history is ABSOLUTELY NOT WORTH the bullshit we're being put through as a country. This shouldn't really even be up for debate.


You cannot end terrorism at all.

Any plan with that as its stated goal, is a stupid one.


Its a good thing that all terrorists are foreigners. (or rather, all foreigners are potential terrorists).

Clearly, no US citizen could ever be a terrorist.

</sarcasm>

How does reasoning like that ever make sense? I just can't accept that EVERYONE working for the NSA is a moron. Thus, there must be other motives. Think about that.


The FBI is meant to deal with domestic terrorism. The NSA's remit is foreign signals intelligence.


Please tell me this is Swiftian irony and you are playing Devil's Advocate for the sake of conversation.


I wouldn't call it Swiftian irony, but I was trying to expose how the USG has to spy on Americans if it wants to end or prevent terrorism through surveillance.

To play with the idea of Swiftian irony, destroying the privacy of non-Americans to protect America from threats real or presumed may work... in the same way selling the children of the poor for meat would solve certain problems.


   " if it wants to end or prevent terrorism through 
   surveillance."
TBH I just want them to end or prevent terrorism through good old fashioned detective work and only rely on surveillance into private spaces when they have a warrant issued by a court.


A real, non-secret court, with the warrant targeting individual people, with probable cause, without the ability to start surveillance days ahead of getting approval.


I was thinking this. I wonder if they also happened to get the 20 country code calls in addition to the 202 calls. Do they have any quality control on their code?


you'd think they'd at least disallow three-digit area codes.


I have no doubt that their entire surveillance apparatus is layer upon layer of barely-working garbage code.


It's why they have to copy all of their technology from the private sector, or have it provided by the private sector. The government can't do anything well, much less software product development.

If the NSA were so brilliant, they wouldn't need to borrow from Google, it'd be the other way around:

http://www.wired.com/wiredenterprise/2012/07/nsa-accumulo-go...


> “You can look at it as a percentage of our total activity that occurs each day,” he said. “You look at a number in absolute terms that looks big, and when you look at it in relative terms, it looks a little different.”

I wonder if he realized what that implies.


Most of the infractions involve unauthorized surveillance of Americans or foreign intelligence targets in the United States, both of which are restricted by law and executive order.

Aren't criminal counts per action? not per-percentage? WTF.


I like this defense.

"Your honor, I only stole 0.00000512% of this bank's money. I should get off with time served."

"Your honor, I was only distributing 0.00000125% of the city's weed. I should get off with time served."

"Your honor, I only murdered 0.000000004695% of the population of the US. You look at a number in absolute terms that looks big, and when you look at it in relative terms, it looks a little different."


It's not even, "time served," but "a promotion." Perish the thought that a prosecution would even be a possibility.


NSA statements to The Post: http://www.washingtonpost.com/world/national-security/nsa-st...

Be sure to read the bottom. Hilarious.


This is the tip of the tip of the tip of the iceberg.

We were not paranoid enough. I was not paranoid enough. You were not paranoid enough. Reality outstripped our imaginations. How are we going to recalibrate our expectations? What's next?


Here's my answer: predictive Bayesian algorithms, run across the data-set of all human behavior, and algorithmically generated dossiers and smear campaigns for every human on the planet. All available for sale, for favors and influence if not for money.

...that is, assuming these aren't being done already.


A part of me wishes all these dossiers would become public. If everyone's skeletons were out of the closet, we wouldn't care about skeletons so much.


I think most people would proceed to focus on everybody else's skeletons in a shallow judgmental fashion and continue to ignore their own flaws exactly as they do today. The net effect would be to put our rotting culture's worst aspects on steroids.

What would occur is mass ostracizing and general social chaos from imploded relationships (friends, lovers, family). There would be shocking and boring skeletons, it would become a giant cultural witch hunt, pleasure would be taken in socially mocking and assaulting people with the most outrageous or abnormal skeletons. We live in a bankrupt culture that worships tabloids, gossip and low value entertainment (low value everything in fact, including food, just so long as it distracts for a moment). I see no reason to think people would suddenly change the way they go about the world: the averages for what is considered scandalous behavior would simply shift and there would be a new unlimited supply of people to be socially assaulted. Why just look at my boring skeletons compared to that guy! My scandal is nowhere near as bad as hers!


C.f. congress has a <20% approval rating, but everybody likes their own congresscritter.


Yup. I am fed up with the lies we all tell to ourselves - all the BS that we smother ourselves in:- all for appearance's sake. If we could admit to ourselves (and to each other) how crap we (as human beings) really are, then we might actually stand a chance of fixing ourselves - and maybe also make a start on all of the obviously broken systems in the world. Only we cannot - we dare not point out our flaws or criticize the systems that govern and control the world:- because that would be "weird". The emperor is stark bollock naked, and we need somebody to point it out in such a way that we all take notice.


I can't help but be fascinated by the web of lies that comprises so much of the social fabric: not only cultural notions like "God cares about your sex life" or "America is the greatest nation", but even fundamentally obvious ideas like "human life has value" or "the truth matters". :P

Beliefs, and the deceptions that maintain them, are more properly understood as self-fulfilling prophecies; prescriptive ideas, masquerading as descriptive ideas. I have a serious concern that if we magically evaporated every single lie, and therefore every belief, we would disintegrate back into "nature red in tooth and claw".

Our capacity for aspirational imagination and social climbing through deception is as every bit baked into the history of human evolution as our empathy for those like us, or our care for child-rearing. It is, in Stross's term, a wicked problem.

"We are what we pretend to be, so we must be careful about what we pretend to be."

- Vonnegut


Wow. Interesting take on things. I may have to think about this a bit.


We were not paranoid enough. I was not paranoid enough. You were not paranoid enough. Reality outstripped our imaginations.

Unfortunately now twisted, this lesson from 9/11 stares back at us in the mirror like a nightmare. Social engineering and conditioning were manipulated by the terrorists, too. The lesson is don't be naive. People can do some ugly things. Especially when they abuse positions of trust and basic norms of civility.


The lesson of 9/11 is: The terrorists won. The NSA et al. was way more effective at spreading terror than those terrorists ever were. And it probably cost more money (and lives?), too.


Its not clear that they have "won", in an endgame sense. But if the NSA has commandeered the internet ("for security")... The logical conclusion points to (/seems to be) the course of history is nearing at an inflection point.


It's too soon to say game over, but the won the first few rounds. At a high level the terrorist goals are to strike fear in Americans and cause disruption to democracy. Most of the country seems to be okay with the gov abusing our rights and violating the constitution in order to protect against people trying to take it away. We live in a constant state of fear. You hear announcements of random search in the NYC subway, you can't fly without taking your shoes off or having a few ounces of liquid, and you can't go to a ball game without a pat down. Is this not what the terrorists game plan was?


>Its not clear that they have "won", in an endgame sense.

We'll see after the next election. If a whole bunch of incumbent security hawks and war hawks aren't unseated by civil libertarians, then we're probably out of chances.


Except that elections ultimately don't change the cast of characters that matter, who are either the elites pushing things to their own benefit, or the useful idiots in place as civil servants or military. Elections are all a distraction to keep us from seeing what's permanent about the oligarchy.

As Jimmy Carter says (as buffoonish as he might have been), we don't really have a functioning democracy any more in the US.


Please let us know how to identify some civil libertarians.

It would help if they aren't also crazy in their own right.


If I see one, I'll let you know.


The NSA appears to have mastered the concept of exploiting Outrage Fatigue.


I was outrage fatigued before Snowden did his leak. I'm not tired anymore.


Second revolutionary-wind


    "The most serious incidents included a violation of a 
    court order and unauthorized use of data about more than 
    3,000 Americans and green-card holders."
If these were willful acts that wouldn't pass an ethics committee, I sure hope people went to jail over this instead of getting an administrative slap on the wrist. We need to have moral hazard for those at the top pyramid. We've let bankers get away with crimes, I would hope that we aren't doing the same with these people as well. However I doubt anyone ever gets prosecuted for these violations.

    In another case, the Foreign Intelligence Surveillance Court, 
    which has authority over some NSA operations, did not learn about 
    a new collection method until it had been in operation for many 
    months. The court ruled it unconstitutional.
Wow. Just wow. You'd imagine that they wouldn't be able to implement any system before it has been deemed Constitutional and authorized by Congress. If there is any question, then they shouldn't even begin to seriously research and implement a new technique without first getting Congressional approval.


> We need to have moral hazard for those at the top pyramid

Actually, "moral hazard" means:

> moral hazard is a situation where a party will have a tendency to take risks because the costs that could incur will not be felt by the party taking the risk. In other words, it is a tendency to be more willing to take a risk, knowing that the potential costs or burdens of taking such risk will be borne, in whole or in part, by others.

We probably want less of that.

( http://en.wikipedia.org/wiki/Moral_hazard )


oops. thanks for the correction.


> the agency’s internal definition of “data” does not cover “metadata”

If I download terabytes of Wikipedia XML dumps, could I argue to my ISP I never actually downloaded any "data"?


via @AntDerosa:

"To be clear, that was only an audit spanning 12 months, May 2011 to May 2012. There may have been more violations by NSA before and after.

Also, this audit only covers NSA’s Fort Meade headquarters and other facilities in the Washington area."


From the article:

> Three government officials, speaking on the condition of anonymity to discuss classified matters, said the number would be substantially higher if it included other NSA operating units and regional collection centers.


Let's not get side-tracked. This article is "just" about a some details.

The real issue that must be resolved and is still not being addressed is:

As long as these NSA activities are not dismantled and the People do not have transparency over what the NSA/government does, everyone of us can still be "eliminated" by the push of a few buttons and democracy therefor no longer exists.

Even if its decline happens slowly and behind our backs (https://en.wikipedia.org/wiki/Boiling_frog).


>current operations rely on technology that cannot quickly determine whether a foreign mobile phone has entered the United States

If only this kind of communication could have a known location, like say, its origin tower. Maybe I completely misunderstand the phone protocols, but I thought origin tower was hard to miss.


Here you can find the classified slides in full : http://apps.washingtonpost.com/g/page/national/nsa-report-on...


The NSA has gone rogue. This can't possibly have anything to do with our safety.


note to mkessy: your account appears to be hellbanned.


Same is true for drivebyacct2


If Obama is serious about not violating civilian rights. He should just fire the NSA boss WITHOUT giving him any other job opportunities or compensation!

But be honest, he's never going to do that... Obama is just as involved as the chief of NSA.


New program code word -DISHFIRE - google results bring up interesting open positions.


While 2500 may seem like a large number, it's actually a very tiny error rate given the millions of gigs of data obtained from server mirroring and phone tracking.


....and most people don't care with what the NSA is doing so let's move on with this NSA thingy and submit more interesting technology news so that we all can be happy, no?


No!

To allow these abrogations of our civil rights to go unpunished equates to tacit approval, and I, for one, absolutely refuse to let this matter rest until the violations cease and those responsible are duly punished to the full extent of the law.

Secret courts handing down secret rulings regarding secret police is not something one would expect of a nation which claims "moral high ground" when justifying their breach of the public trust on multiple fronts.

Some of us swore an Oath to uphold and defend the Constitution of the United States, and we take our vows with deadly seriousness.

I'll see myself rot in some prison before I allow this situation to be shuffled off the collective radar.


> I, for one, absolutely refuse to let this matter rest

So what are you doing about it?

> I allow this situation to be shuffled off the collective radar.

Voting up articles about the issue on a niche news site is not "doing something".


So what are you doing about it?

A lot more than someone saying "let's not talk about this", that's for fucking sure.

Voting up articles about the issue on a niche news site is not "doing something".

And answering to your own post isn't really "making a point". Who claimed that's enough? Who claimed it's even a lot? How is it not better than neither doing something, nor talking about the problem?


> A lot more than someone saying "let's not talk about this", that's for fucking sure.

jister was obviously being sarcastic. In kind of a facile way, I suppose, but I guess it went completely over people's heads.

> How is it not better than neither doing something, nor talking about the problem?

Because it apparently lulls some people into thinking they have done something meaningful. Talking about it endlessly here accomplishes two things: jack, and shit.


Because it apparently lulls some people into thinking they have done something meaningful.

And this is worse than not even wanting to do something meaningful, or anything at all? Nonense.

Talking about it endlessly here accomplishes two things: jack, and shit.

Talking about it "endlessly" is just another strawman, right now we're talking about discussing it at all, vs. discussing it not at all, because realizing in what belly people live is not interesting enough for some.pond.

If talk achieved nothing, corrupt authority throughout history including today, wouldn't be so fucking terrified of it, they would dare to shut up for a second, and let the "narrative" unfold itself, instead of being dictated. The emperor is naked, and collectively realizing that is not only half the battle, it's 90%. Unless you're suggesting to go off and just assassinate people, which would backfire, I don't see what one could do without talking about it: Before anything can be done, people need to be aware, and once they're aware, what will be done will also depend on them.


>Talking about it endlessly here accomplishes two things: jack, and shit.

This is absolutely untrue. The longer it is kept in the public consciousness, outside of a government frame, the better. Talking about it with your grandmother is useful.


> public consciousness

HN is not the "public consciousness".


This is obviously anecdotal, but hopefully it is an example of how discussion here can have a positive influence: Before I started reading about it on HN, my opinion of the NSA scandal wasn't much more complex than "it's bad". Sure I had some reasons (right to privacy, violation of the constitution, etc), but my thinking was basically "I already knew government is a bunch of dicks, and there was that AT&T thing a while back, so this isn't even anything new, it'll probably just blow over in a couple of days". Obviously, it didn't, and as I kept reading the discussions, I found myself caring about this thing more and more - I never really talked about the news with my friends, but the discussion on HN gave me a reason to; before, if I talked about the news with them, it was a one time thing - none of us read more than the article, so we only had our own insights to discuss. But the discussion on HN gave me (and them) a much broader view. It hadn't even occurred to me that this could be used by terrorists against us - until I read a comment here. As for real action, I have written my congressfolks about this, and I know 2 other people who have done the same because of discussions we had. Again, this is anecdotal, I (and/or my friends) might be a exception, but I hope you can understand that even though HN is obviously not the "public consciousness", discussion here can influence people who would never have otherwise cared.

(Of course if you were just diffusing the "We're such a important and powerful part of the world" type of attitude that seems prevalent on reddit and seems to be implied by pessimizer's comment, go for it)


Implying that I haven't been firing off letters to my elected representatives is an erroneous assumption on your part.

Keeping this issue alive and at the forefront of the collective mindset is doing something.


> Implying that I haven't been firing off letters to my elected representatives is an erroneous assumption on your part.

I didn't assume that, I asked.

> Keeping this issue alive and at the forefront of the collective mindset is doing something.

Not really. Everyone here knows about the issue and has an opinion about it already. I would really hope that, like you, most of us have acted on it (I called mine rather than writing), but it's a pretty small group, all things considered, and basically an echo chamber for issues like this. To really do something, people need to "get out of the building", to borrow a phrase.


Sending letters... You Americans should be on the fucking streets!

I'm sorry, I'm in a bad mood. As an European, all I can do is upvote these articles and donate to the EFF...


Aside from our moral duty to stand up for Freedom and Western Democracy when it is threatened, consider how bad it is for the startup ecosystem to have the entire world of potential users (including those in the US) perpetually doubting the integrity of our jurisdictional and technical data protection systems.




Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: