Rolling back a surveillance state and establishing a government with more protection of individual liberties is something that has been done before. I have seen it done. I related at greater length here on HN my experiences living in a surveillance state that included government assassins to eliminate political opponents at home and abroad. Getting rid of such a regime is not easy, but it is possible. It takes courage, and it takes unity among the courageous people making up the freedom movement.
I remind my freedom-loving friends here on Hacker News that there are resources to help you if you really want to be an idealistic but hard-headed freedom-fighter. If you are mobilizing an effective popular movement for more freedom wherever you live, I suggest you read deeply in the publications of the Albert Einstein Institution, which are compiled by advisers who have helped bring about democratic transitions in various parts of the world. Not all of those movements have succeeded yet, but I bet on their long-term success in China, Russia, Saudi Arabia, Iran, North Korea, Afghanistan, and wherever freedom is scarce. Remember that the transition from dictatorship to democracy described in the Albert Einstein Institution publications is an actual historical process with recent examples around the world that we can all learn from. Practice courage and practice collective action.
The slower you take down a surveillance state, the more time they have to destroy the evidence of their wrong-doing. I don't know how you can prevent that. With any luck we can dismantle them, but we will have to cope with the possibility that after the dismantling is complete, the evidence that the dismantling was warranted will be long gone.
However I think it is necessary we preserve those records, as the Federal Commissioner for the Stasi Archives does, so that crime committed by the surveillance system and its members can be investigated (being able to prosecute individuals like Erich Mielke is essential to allow the population to regain trust in their new government), and the people should be allowed access to their own files so they can have insight into the full extent of widespread untargeted surveillance.
You could consider such a preservation to be a shameful monument to what we became. It would be a lighthouse on the rocks, looking over the wreckage of countless ships, warning us to stay away.
That being said, if I had to choose between stopping "shredding" (or whatever form the digital equivalent takes) and life / freedom / order / etc, I think I'd let them shred. We want those records, but they're among the least of many goals.
What is putting me on the side of preservation right now is the hope that with preservation, future generations will benefit, but shredding the document would only help the existing victims. People living in Germany have something concrete to show their children when they teach them about the value of privacy. With that, hopefully the "anti-surveillance immunization" will span generations.
After the DDR fell, Mielke wasn't going to be operating the Stasi any longer. Going after people like him might bring some emotional closure to people persecuted under the regime, but if the regime is gone, that's all it can do: there's no argument for deterrence. If a new police state emerges, it's not likely to be administered by the same individuals who ran the old one.
Keeping the resources used by the old police state on hand, and acting to cultivate public trust in the new government seems like a combination to be wary of. The corruptability of human institutions demonstrated by the existence of previous police states should caution us against putting excessive trust in any institutions.
I am probably being very naive to think that we stand a chance though.
Perhaps digital records will be easier for enterprising individuals to smuggle out or hide, but even if that happens it seems likely that an effort will once again be made to keep the data out of the hands of the public.
When a spy agency is in its death throes, that data stops being valuable and becomes a liability to the surviving individuals that will no longer enjoy the protection of the agency. It becomes evidence.
During the chaotic storming of the Stasi headquarters, there were incidents of Stasi officers hiding among the crowds so that they could destroy even more documents even as the public seized them. The headquarters were being sacked, there was really no remaining chain of command that could realistically make them do that, but they did anyway.
Maybe Nicolae Ceaușescu, executed less than three weeks earlier, was in the back of their minds.
Whether the mission of the Federal Commissioner for the Stasi Archives was to destroy or preserve the records probably makes little difference in this case, those records were seemingly stolen before a policy towards the records was decided upon.
Incidentally, I'm in there (for several reasons).
It's not correct, it misses the point, and the only thing it accomplishes is distracting people from the truth.
We built a communication system that is highly vulnerable to corporations and governments tracking our every move, thought, acquaintance, and opinion. The list of players that are ready and willing to take advantage of this system is very long, and includes virtually every government on the planet.
One of the many lessons we learned so far is that governments outrank corporations. That is, no matter what your fear of the corporate world, governments can always make each corporation give them the data, then combine all the data from multiple sources. This makes governments a danger that is an order of magnitude greater than other parties.
But it's not just a government story. This is a problem with the technology itself. Ever since the first web tracking code was written, people have wanted to track every tiny thing you do online. This is just the chickens coming home to roost. The NSA is the tiniest tip of the iceberg.
The US did nothing unusual, except have citizens ready to stand up and identify the problem for what it is. Don't make the mistake of nationalizing a problem that has nothing to do with nations. If you don't understand the problem, how can you possibly have a chance at forming a solution?
Re: net security. I just had to complain to our building manager that some other tenant in the building had appropriated our "assigned" IP address. They were surprised that that was possible, and I had to explain networking was designed with convenience over security.
The NSA's actions are legitimizing the internet abuses by China, Russia, Iran and others.
Unfortunately, I'm not sure his proposed solution is doable:
We need to figure out new means of internet governance, ones that makes it harder for powerful tech countries to monitor everything.
As he notes, this hasn't worked well in the past:
We need to avoid the mistakes of the International Telecommunications Union, which has become a forum to legitimize bad government behavior
As has every other international forum that tries to do "governance" (the United Nations itself being a prime example). The only international bodies that have worked reasonably well are the ones that develop standards, without making any political statements about how to use them: "mechanism, not policy". The IETF, which Schneier mentions, is such a body, and can certainly help on the technical side, but I don't see much hope on the political side if it has to be international. (For one thing, why would the governments of China, Russia, Iran, and others care what some international "governance" body says, any more than they care what the UN says?)
I still think people are vastly underestimating the impact the first 3-billion-like Facebook post (or equivalent) will have on this world.
Without 1 internet will die -fast-, so giving that up is not possible, aside from being a horribly bad idea in itself.
So there is no "governance" solution to this. There is a software solution though.
I find it surprising that you use the word "amendment". Does it mean you understand that such a proposal would have zero chance of getting passed under most governments ? If so, you must be aware that such an amendment can never apply to the internet itself, even if the US were to implement it.
Read what the ITU tried to pass during it's last meeting, and then you'll see where governance leads. Sorry to tell you this, but >70% of the world's human population lives under extremely restrictive governments, and most of them wouldn't have it any other way. If internet rule was fair, there would be no freedom on the internet, not now, not ever, nowhere. Because 300 million Americans force their way on the rest of the planet is why internet freedom exists and the only chance it has for the future (and, ironically, probably at least 60% of those Americans don't agree with their government doing this, but don't know/care).
Even Europe has more invasive laws than the NSA uses. Refusing to give up encryption keys is a crime in Europe (even for people who don't live there). The mere fact that there has to be a warrant before tapping is implemented, and that ISPs and companies can see and even fight those warrants ... well it sounds absurd to me. Companies are never trusted with this information in Europe, and dozens of different agencies (ie. all members of interpol and their components) can request information like this. Most are not bound by the rules of the government the person investigated lives in.
I find it surprising that you use the word "amendment". Does it mean you understand that such a proposal would have zero chance of getting passed under most governments ?
No, and I think you're reading too much into it. I'm talking about a constitutional amendment because it is the only way to put privacy on an equal constitutional footing with other governmental imperatives whose existence has been confirmed by precedent, and which would otherwise prevail in a legal challenge. As a law nerd, this strikes me as the most effective technical approach.
The Internet was betrayed alright, but long before this.
Maybe that was because too many of the principals in the Manhattan Project were dead. Or, maybe, we don't learn from history, and never will.
You might think my correction of the title is inflammatory but we shouldn't forget: America is a constitutional democracy. If the Americans don't like the situation then they can vote for someone who will enact legislation that reflects that, meanwhile foreigners cannot influence anything (should they?). They got the government they deserve, and they alone carry the blame.
Of course, we can also close our borders and fracture the internet, but is it really necessary? Do we really care about our security and our privacy that much? We got here too, by tying all of our communications infrastructure into America, so we have only ourselves to blame.
1. By the time the average citizen can play a role in the process, the remaining choices agree on many if not most important issues (see Obama vs. Romney).
2. Even if the public elects an official who promises certain policies, they can always be swayed later by lobbying (see Obama on privacy).
I'd posit that the political classes are an evolutionary obstacle for the technical community to solve. If successful, we thrive. If unsuccessful, technology will be owned by the political classes and we're beholden to them until we solve the problem.
You mean since the founding of the republic? http://www.businessinsider.com/american-presidents-republica.... George Washington was worth an estimated $500 million. Adams was a pauper at only $20 million. Jefferson was $200m+ before he went broke. Madison was $100m+.
The average net worth of senators is skewed up by a few wealthy businessmen. The median is around $2.5 million, which is actually not even top 1%. The top 5% mark is at $1.8m. And don't forget: Senators skew married, skew older, skew white, skew educated relative to overall households, and all of those characteristics are correlated with higher income and net worth. The median senator might not even crack the top 5% if you look only at households with white married 60-year olds who all have college degrees and 60% of whom have a JD or MD.
$2.5 million net worth is rich, but it's not "plutocracy" rich. It's "two Google engineers marrying and buying a house and putting money into their 401ks for 30 years" rich.
As rayiner pointed out, President Obama could end any of these programs with a phone call, but even though he hasn't, his supporters overwhelmingly still support him.
At least the ones he's aware of. The US government is an extremely massive and complex entity with multiple layers of compartmentalization and secrecy. I bet there are programs that even the POTUS doesn't know about.
I don't care if the number is wrong on the net worth of a sitting US senator based on the comment that the actual average is less. If you're net worth is $2.5M because of your position in the Senate and not because you were a smart business person prior too then you're paid for and bought.
I heard Senator Franken vehemently avoiding NSA questions on MPR the other week. He claims to be a proponent of Internet neutrality and privacy, yet his voting and "amendments" he coauthored day otherwise. He's an actor and a comedian first which is why he plays well in the political realm until he's asked direct questions outside of his box of comfort that is the hand that feeds him.
I'm definitely glad to see Schneier in the position he's weaving into. He's a great advocate and I support his views, perspectives and ideals to revert the damage and system that is now in place. I hope that I can tell my grandchildren Alexander and the posse under and around him were publicly shamed and stripped of all honors and decorations the United States of America has unfortunately afforded these puppets. Many of these traitors (of the American people) need to be made public examples and placed into the same solitude and torture the whistle-blowers have been subject to.
Thirty years of high income (100-150K family income in today's dollars) with 10-15% saving and investing in the market can easily result in a net worth in the low millions, not including inherited investments, long-term real estate property appreciation, etc. People in their 60s have seen an incredible appreciation over the past 30 years in most sectors (Just the S&P Index itself is over 9% annualized over that time frame).
Long story, short, $2.5M is not by any means exorbitant for retirement age people with an educated and successful life.
It would be a bizarro world where we would want idiot paupers to be Senators, or even a socio-economically equivalent demographic.
I think most government workers, elected or not, would find the idea that you work in government for the money amusing to say the least.
I'd like to think that all Senators have their caucus at heart, but I've lost a lot of faith in these sort of people over the years. When they reel on simple questions around these topics it doesn't help.
Looking at it another way, the median net worth of freshman congressmen is $1m. Do you think you need to take bribes and engage in dirty insider trading to double that in 10-15 years?
Tools that force transparency or promote it by changing the social norms in political offices are valuable, and are most likely to be effective at the city and state level, where it is much much harder to hide behind policies of national security. We're never going to get Congress, POTUS and SCOTUS to be transparent first, especially when any transparency solution will be disparaged as disadvantaging us against other countries. At the national level, people will claim that attempts at transparency are unpatriotic. At the city and state level, it's much harder to make claims against transparency.
Perhaps the will of the people actually IS being subverted.
Obama might have lied about transparency and whatnot, but people don't seem to have elected him on that basis. They elected him for his views on healthcare, social welfare, abortion, etc.
Thought experiment: look at the tiny number of democrats complaining about the NSA issue, then think about what would happen if Obama instead had done a 180 on Social Security, abortion, etc. You think his approval rating among democrats would be 75-80% if he had signed legislation to dismantle Social Security?
If you like it here so much, why don't you stop insulting your audience and start proposing solutions?
Note that I generally only point out that HN-ers have minority views in response to comments along the lines of "the USG doesn't represent the people" or "the US is not a democracy" or similar hyperbole.
Finally, understanding your insignificance is part of the solution. Politics is about building coalitions. Echo chamber nerd rage will have zero impact on the status quo. Reaching out to groups with votes might.
Monarchy - Tyranny of the hereditary minority
Oligarchy - Tyranny of the rich minority
Communism, libertarianism - Tyranny of the philosophic
Anarchy/tribalism - Tyranny of the physically strong minority
The government of the US is an okay system for managing the varying interests of its geographic groups (the States), but it's not really set up to reflect the will of the US people on any particular issue.
Which makes me think maybe the government should be broken up functionally as well as geographically. Imagine you could vote for separate Presidents and legislators in each of the departments of the Treasury, Defense, Education, et al and make them negotiate equally amongst themselves when their purviews intersect. Then you could get the anti-NSA candidate elected to President of Defense or President of National Intelligence without worrying about his opinions on abortion or drug policy or whatever. And then you could legitimately say "The American people betrayed/saved the internet."
This is something I would also like to see. There are many conceivable ways of partitioning responsibility; geographical partitioning has historical momentum, but there's no reason it has to be the only way.
Corporations, labor unions and foreign nationals are also forbidden from donating to candidates' campaigns.
If you're thinking of Citizens United, it doesn't apply to elected officials "receiving money".
There is an important difference between "not permitted to" and "don't".
I'm not sure what argument your comment is meant to respond to. Candidates and PACs sometimes run afoul of FEC regulations? Who's saying they don't? That's a big jump from a regime of legal anonymous direct contributions implied by the original comment.
"And if elected, I will arrest and prosecute more whistleblowers than all administrations before me combined, I will record the metadata for every call that every American makes, and much of the actual contents, and all emails. I will kill innocent women and children as collateral damage in CIA drone strikes, and blame them for not having better parents. And I'll buy a puppy for my daughters."
Like who? Red? Or Blue?
They got the government they deserve, and they alone carry the blame.
Condescension doesn't help.
Yes, we should be angry. But we should also check the assumptions that led us to misplace our trust.
The West has lost the plot and any sense of reason or proportion.
The NSA was originally tasked with protecting the communications of the United States Government, its People and its Institutions. A large portion of that is encryption research. Now it's doing the opposite, clearly attacking many of those protections for its own means. Organizationally it can no longer be trusted, and we now need a second organization to restore order. Every country in the world that is not the US or the UK has a very real interest in the existence of such an organization. It's both an issue of economics and sovereignty.
It is simply not possible to maintain the sovereignty of your country under the status quo. What's worse is that a country may be losing sovereignty in ways that they are not even aware of.
As Bruce points out, the "this is a political problem and requires a political solution" line of reasoning is only partially true. We need technical solutions as well.
I have no hope for change until I hear people standing up and saying "I'd rather die than live without privacy." Or even more powerful "I would rather my children face danger than fear their own government."
Or the economic angle "I would rather my children face danger from people other than those that they pay taxes to support, rather than face danger from those that they do support and trust."
It's about more than just privacy or danger. Like a case of (what should be) a trusted parent, relative, clergy, etc. abusing someone is in some ways worse than a random criminal doing it. Both are wrong and bad, but one is wrong on more levels. And once trust and respect are violated, other things break down or are called into question.
Freedom is another matter. The government would be useless without sufficient force to compel anyone (or corporation) to adhere to the laws. To remedy abuse of that force against freedom, as you say, we do need laws. Something like a contract that says "you can have plenty of force to compel any one of us, but if you consistently violate these agreements, then we may join together with enough force to overpower you". Maybe it could be done with some amendments to the constitution. We could call it something like a 'bill of rights' or something...
Only if bin Laden's aim was to strengthen the US surveillance apparatus and step up American military involvement in the Middle East.
What better way to discredit freedom than to turn it into an illusion?
Anonymity and secrecy requires careful management of one's online behavior. Toward these goals, overlay-network apps that encrypt end-to-end with mixnet proxies using the existing internet would work just fine.
Change for change's sake is useless churn and wholesale change is unlikely for compatibility reasons.
Think before coding or throwing out the baby with bath-water.
Take it back? Never was ours.
US and UK spy agencies defeat privacy and security on the internet
• NSA and GCHQ unlock encryption used to protect emails, banking and medical records
• $250m-a-year US program works covertly with tech companies to insert weaknesses into products
• Security experts say programs 'undermine the fabric of the internet'
For example: "Unlocking encryption." We've heard that they haven't actually broken (some?) crypto primitives (caveat: with large enough key sizes). What attack have they actually succeeded in?
The backdooring of proprietary products is interesting, if not surprising. It's good to see it come to light. You may not be able to trust OSS without auditing it, but at least you can audit it.
"Undermine the fabric of the internet" is pretty vague.
It sounds like there isn't actually a lot of detail out there yet -- I look forward to learning more.
Or the kids have to be picked up from soccer practice or there's a PTA meeting where important things like next weekend's bake-sale have to be discussed.
In a few weeks the one-sided war with another CIA-engineered enemy in Syria will start up and the propaganda has swayed the populace to the camp of needing surveillance on everyone in the name of keeping the country safe from the naughty "terrorists" from Syria, who are about to invade the US by magically flying their troops over an ocean.
The article, written by an intelligent person, is nothing else than naive dreaming. The author, as much as I enjoy Bruce's security writings, forgets that although he may be surrounded by a bunch of smart people with similar ideas, the US/UK/Germany/etc are filled by normal people with normal IQs and normal children and normal mortgages. Going farther, Africa and China are filled by people who live on a handful of dollars each day and care only about feeding and clothing themselves for the day. Good luck getting _them_ on the anti-surveillance bandwagon.
There are protocols designed and published as part of the security infrastructure. Whether these protocols are used for good or evil, is really up to who has setup and configured the hardware. The bottom line is that you can't Luddite your way back into the golden age of the Internet.
In fact, in a lot of ways, the NSA is just cooping technology that businesses and black hats were already using. Do you think that only the NSA knows how to do deep packet scanning or protocol pattern matching?
> It's a straightforward set of network operations security requirements.
Oh, Is it?
> It looks to me like it's about disabling the insecure defaults.
Oh really? Mr. Snider has used is podium in The Guardian to tell us to set up a WiFi password? What article did you read exactly?