No, their official response is to suggest that encrypting your communications makes you indistinguishable (at their end) from those who encrypt for criminal activity. There is a difference, and there's no getting around the idea that if the set of Bad Actors are to have the crypto broken then it will necessarily involve breaking the same crypto in use by the Good Actors.
Even the NSA also says in the very paragraph quoted that encryption is also used for "nations [...] to protect their secrets" (which is hardly a criminal or illegitimate goal).
Likewise, if the government hires a lockpicker to plant a bug in an embassy then by definition they now have the technical ability to pick locks (even if they don't have the legal permission).
The rest of his points, on the whole, are quite valid but are sometimes answering a question that isn't actually behing asked from the other side.
The NSA says: "It should hardly be surprising that our intelligence agencies seek ways to counteract our adversaries’ use of encryption. Throughout history, nations have used encryption to protect their secrets, and today, terrorists, cybercriminals, human traffickers and others also use code to hide their activities. Our intelligence community would not be doing its job if we did not try to counter that."
Ken replies: "The NSA's official response is to suggest that wanting to secure our communications from our surveillance is inherently suspicious and suggestive of criminal activity."
But that doesn't follow at all! A cop might say "well of course we have battering rams for breaking down locked doors." That doesn't mean he thinks anyone who locks their door is a criminal!
Difference here is that the cops have been going around with their battering ram and breaking down every door in town.
This is more like a society in which the police routinely break into houses by picking the lock in order to rifle through your papers secretly, without telling you. They say that they have secret warrants to do this, but since they're secret, and they do the breaking in in secret, you can't even find out if they have broken into your house.
People don't like this; they don't like the idea that some cop may be in their home rifling through their things. So they start developing stronger and stronger locks. The police get worried that they won't be able to pick the locks on your doors, and will actually have to get a warrant and not break in secretly. So they lobby to pass a law that all locks have to either be weak enough to be picked, or have a master key that the police have. Of course, the people, who don't like the police breaking in with impunity, defeat this bill.
So the police don't stop there. Instead, they just make secret deals with a few key lockmakers, to build locks that accept master keys anyhow. When lockmakers standardize on key designs that are more secure, the police add a section to the standard that makes it so that any lock that implements that standard will be able to be opened with a particular master key, but in a way that you can't tell what that master key is from the standard. Since there are enough lockmakers that they can't subvert them all, and not everyone implements those standards they subverted, they also talk to a few doormakers to add a secret part that you can push to disengage the hinges.
Now this information comes out. People are outraged; their lockmakers are supposed to make locks that even the police can't get in through; people don't trust these secret warrants and secret searches, and with good reason, as the police have used these secret searches to investigate ex-lovers before, not just terrorists. They're outraged by the betrayal of the police, making an end-run around the law that they thoroughly defeated to prevent the police from having master keys. They're outraged by the lockmakers subverting their trust.
And what's the police response? "We need these tools to investigate terrorists and criminals." Never mind that in order to investigate terrorists and criminals, they've weakened everyone's security, and everyone's trust in their government and the companies that sold the compromised locks. Never mind that they've been through the houses of many innocent people, in a wide sweep to try to find evidence of a few criminals. Never mind that the system has been abused many times, but the only way the abuses have come to light is by whistleblowers who the police prosecute severely.
The police (or the NSA, to step back from the analogy to the real world) find these tools useful in their job. I'm sure they do. But the public finds these tools too intrusive. I'm sure it would be useful for the police to be able to secretly break into any house they wanted, rifle through people's papers, and find people who had jihadist leanings that way. We have amendments in our constitution specifically forbidding that, for good reason.
Likewise, regardless of how useful the NSA finds these abilities, we the public find them abhorrent. Just like the police should have ways to get warrants and under the authority of those warrants, search houses, there are definitely legitimate uses for some of what the NSA does, if properly regulated. But weakening everyone's security, so they can intercept and read your mail at will, in secret, with no oversight, is just as wrong as the police breaking into your house in secret, at night, and rifling through your belongings.
Also, I'm surprised not more is being made of the massive security problem in Utah: who's defending the NSA perimeter?
It sounds snarky but it cuts to the core of the peoples' relationship with government. How much do you trust the government? How much can you trust the government?
That's why libertarians are generally logically consistent when they oppose the NSA, and entitlement programs, and giant government services, etc., because they're the ones who will tell you that a government big enough to give you $FOO is big enough to take it away from everyone else.
Sure, if it were possible to stop the government from doing anything at all I would be in favour of that, letalone obviously positive things like not spying on everybody or busting down their doors. Of course, there are no doors that require more energy than that available in the universe to forcibly enter. That's not the case for cryptography so it makes sense to exploit that. What am I missing here?
> It sounds snarky but it cuts to the core of the peoples' relationship with government. How much do you trust the government? How much can you trust the government?
This sounds like it is supposed to be some kind of profound question, but the answer is consistent and obvious in both cases, not at all.
> That's why libertarians are generally logically consistent when they oppose the NSA, and entitlement programs, and giant government services, etc., because they're the ones who will tell you that a government big enough to give you $FOO is big enough to take it away from everyone else.
Sure, I'd tell you that, I don't see why it's inconsistent to believe that and simultaneously want to dismantle the government? Isn't it actually pretty much the only logically consistent position?
It is one logically consistent position, yes.
I happen to disagree that it is the only logically consistent position, which is one reason I've been poking so hard at the notion that people need to examine under what logical basis government operates at all before they go 'rah rah government bad!'.
Much like a corporation is the legal stand-in for the will of the collective shareholders, a government is the societal stand-in for the will of the people at large.
A society that tries to maintain no government, or very limited government, is at an unstable point. In the best case it will collapse from internal conflict but be left alone from there (e.g. Somalia, tribal areas of Afghanistan/Pakistan). In the normal case the society will simply be eventually overrun by those who choose to organize (e.g. USA vs. the Native Americans, Hitler vs. the appeasers), but a government will spring up again one way or another.
When I say it's a logically consistent position, what I mean to imply by that is for people who think that government is an abomination, it is logically consistent for them to hope for the dismantling thereof. You, who most decidedly do not think that government is an abomination, as a lawyer, are logically consistent in thinking that it should not be dismantled.
> Much like a corporation is the legal stand-in for the will of the collective shareholders, a government is the societal stand-in for the will of the people at large.
Except that it most clearly is not.
> A society that tries to maintain no government, or very limited government, is at an unstable point. In the best case it will collapse from internal conflict but be left alone from there (e.g. Somalia, tribal areas of Afghanistan/Pakistan). In the normal case the society will simply be eventually overrun by those who choose to organize (e.g. USA vs. the Native Americans, Hitler vs. the appeasers), but a government will spring up again one way or another.
That's a normalcy bias, there have been many points throughout history with no centralised productivity extracting parasitic force initiating agency. In fact, the variant we have now with extremely high direct taxation on the incomes of almost all productive activity within a society is the historical anathema. Not only that, but this fails to take into account the methods of control the state actually uses to exercise control on its population, and that currency control was recently removed from their hands.
Agorism becomes a very real threat under these circumstances
As a nash equilibrium, an involuntary centralised productivity extracting parasitic force initiating agency is not at all stable. It stands to reason that it will only be able to maintain control by either force or fraud. Right now they're going with fraud, from the amount of discontent I see with the political state of the world I don't know how much longer it will last until they devolve to force.
Regarding your noted normalcy bias, I would suggest you're forgetting the very many more points through recorded history with a centralized purveyor of force and taxation.
In that light, pointing out isolated counterexamples isn't very suggestive of some realistic future possibility for most or all of mankind, just as pointing out that Athens once had a direct democracy isn't very useful as a way to organize the governance of a nation.
Of course, the agorism you point out doesn't even have voting. I can only assume the idea is for some type of useful emergent behavior to come about, but that only talks about how the society would function internally, and it doesn't even really provide details about how that would work in all the important corner cases.
Is there some type of existing emergent societal system that you can point out which works in practice and need only be scaled up?
> As a nash equilibrium, an involuntary centralised productivity extracting parasitic force initiating agency is not at all stable. It stands to reason that it will only be able to maintain control by either force or fraud.
If by 'stable' you mean 'impossible to overturn' then I would argue that no political system meets this. If you mean 'can continue perpetually' then it is certainly a stable equilibrium, though it does unashamedly require force. Fraud alone can't keep it going in any event, otherwise police wouldn't be needed.
I just double checked that and saw this;
rayiner 671 days ago | link
As someone who left software engineering for law, I have to say that partnership is a great motivator.
rayiner 274 days ago | link | parent | flag
So I'm a lawyer and you should take my opinion with a grain of salt, but I think you've misread the market.
rayiner 303 days ago | link
So my grandfather on my mom's side was a doctor and a lawyer. My mom's siblings include a couple of doctors, a military officer, a business executive, etc. My mom was herself a journalist, and of her sons I'm a lawyer and my brother is a banker. This is not a coincidence. Privilege is passed down from generation to generation, not just in money, but in social status, connections, values, culture, insight, motivation, outlook, etc.
amongst a great many other descriptions of legal minutiae that I can see how I may have gotten that impression. But it leads me to wonder what your story actually is? Feel free to ignore this request if you think it's breaching privacy.
Aaaand I just realised I was talking to mpyne, not rayiner.
Sorry, you two share positions on so much I get you mixed up.
Describes a system based purely around free market mechanisms. Free markets are emergent, and they certainly work very well, scaling them up to consume all the functions currently performed by government in the methods described by this book is in my opinion the best method for abolishing the state I've heard of so far.
There are many other ideas however, and I'm open to any of them to the extent that they employ persuasion / markets rather than force.
> Fraud alone can't keep it going in any event, otherwise police wouldn't be needed.
Yes, when the lies stop being believable, then you need the jackboots to come in and crack skulls and assert the true facts of the way those in power see things. This is part of my problem with the system in question.
If you don't like what the cops in your town are doing then you can campaign for local political candidates who will rein them in and have some hope of actually affecting the election outcome. Getting anything similar done at the federal level seems to require some combination of mass fatalities that incense the public and a box truck filled with hundred dollar bills to grease the wheels, which is obviously outside the control and ability of most normal humans.
That's a good point, but local civil servants enjoy due process too, so it's not always a matter of simply hiring the right politician, as the politician may not be able to simply fire or replace offending staff. Especially when we're talking about first responders, who typically enjoy strong union protection.
Either way though, your logic applies just as much to Federal cops as it does to local ones. Think the FBI dudes around your city are a bunch of dicks? Move to the other coast, maybe they'll be better.
Hell, you can even pick an entirely different nations' cops, if you want.
However, it is not within the NSA's authority to pursue criminal activity within the U.S. — they're only mandated to spy on communications between the U.S. and a foreign country, or entirely outside the U.S. If I'm in the U.S. and send an encrypted message to somebody else in the U.S. (like my friend or my bank), they have no legal excuse to spy on me. If I'm under criminal suspicion for a crime committed in the U.S., the FBI or local law enforcement agencies need to get a warrant to intercept my communications. But, as the article states:
In fact, the NSA's "minimization" techniques — touted as methods for restricting spying to foreign terrorists instead of U.S. citizens — are often transparently and insultingly ridiculous.
But the architecture of the Internet also seems to make it very difficult to determine conclusively that a given communication has nothing whatsoever to do with someone outside the U.S.
Consider a VPN/proxies for instance, or even an email from an American to AQ_Recruiter at gmail (where the owner of AQ_Recruiter logs in from Yemen via a series of proxies, the endpoint of which is wholly-domestic).
I guarantee you that NSA wishes that problem was easy... they could pawn off the mere "domestic" stuff wholly on the FBI and focus on the "interesting" work of international spying and counter-terrorism (because again, in bizarro-world they aren't simply spying on people just because, but because they have a specific mission to attend to as directed by Congress and the DoD, which having to filter USPERS detracts from).
But the whole business of "parallel construction" where the NSA shares warrantlessly intercepted data with the DEA and keeps it secret from defense lawyers is pretty good evidence that "minimization" is a sham and the NSA is not honestly trying to keep itself within legal and constitutional bounds.
I've had occasion to think about this before, here and in other countries. I'm Irish, and as I'm sure you know there was a lot of anti-British terrorism originating in Northern Ireland for a long time. Terrorism was carried out within the UK, and for that mattter a good bit of it was funded from the US by people who considered that terrorism a noble cause (including, famously, Republican representative Peter King - http://en.wikipedia.org/wiki/Peter_T._King#Support_for_the_I...).
No dispute with that point. I just want to clarify that the NSA's legitimate scope is not defined purely geographically.
That's why the NSA is generally careful to refer to "U.S. persons" instead of "U.S. citizens" when they talk in technical terms about things like minimization.
See also http://scholarship.law.georgetown.edu/cgi/viewcontent.cgi?ar...
BTW can you drop me an email at some point? Username at gmail.
If that were true then http://en.wikipedia.org/wiki/Parallel_construction would not be part and parcel of this whole story.
In the NSA's heyday there was simply never a need for parallel construction as it wasn't as if they were going to be bringing up Soviet diplomats on indictments. They explicitly didn't touch people on American soil so the whole idea of 'chain of custody' was almost completely moot.
Even now parallel construction is only a thing because it's that much easier for NSA to run across domestic communications commingled with international comms. Nowadays the analyst may see evidence of a major upcoming crime in the process of their actual duties, which puts you back in Churchill's Coventry quandry.
And lots of other places.
(2) The NSA is way out of line in this respect and no matter how much they do/did it that stands and you should not apologize for it. If you do you are essentially advocating for broadening the official reach of the NSA's powers rather than to rein them in because they clearly can not stick to their mandate.
The balance here is not to get to perfect security without privacy, the balance point is to get to an optimal level of security with a maximum of privacy. Anything less won't do, lest we all end telling another generation how terribly sorry we were.
Power corrupts, it's never been any different historically.
It's not whether it actually happened that's important or not, and I think you realize that. Prime Minister Churchill certainly did need to be careful about what actions he took based on ULTRA decrypts so as to avoid revealing the activities of Bletchley Park. Coventry is the quotable example despite not actually happening the way the story is told.
However if you require an example that actually happened, consider when Adm. Nimitz received message intelligence pointing out Adm. Yamamoto's flight itinerary.
In his case he ended up using a literal example of parallel construction (having a coastwatcher send a report of a Japanese flight) to generate a non-codebreaking reason for his staff to know about the flight, and then sent out his fighter planes to shoot Yamamoto's flight down.
> (2) The NSA is way out of line in this respect and no matter how much they do/did it that stands and you should not apologize for it.
With respect to things like DEA I would agree with you. But on the other hand if they came across a no-shit email from a hitman or something describing an upcoming murder I would expect them to report it.
It may be that it's impossible to write a policy that straddles that border, in which case I'd say we should probably ban that type of information sharing and then rely on the idea that an analyst who sees that type of murder plot might still leave an anonymous tip.
> The balance here is not to get to perfect security without privacy, the balance point is to get to an optimal level of security with a maximum of privacy.
Hey look at that, we fully agree!
Completely untrue. The NSA is in the business of gathering national foreign intelligence, which includes intelligence on the signals activity of foreign persons within the US. Suppose we know there are two Belgian spies in New York, are you telling me the NSA isn't allowed to listen into their conversations? Of course they are. This notion that they're not supposed to listen to any calls that begin and end within the US is just absurd. Foreign intelligence doesn't just encompass other places, it encompasses persons from those places who may be acting within the US. I can't believe I have to explain this.
See http://www.archives.gov/federal-register/codification/execut... 1.12b
EDIT: It amuses me that people downvote posts with citations to primary sources. Have some more! Here's the definition of US persons (who the NSA is not supposed to spy on): http://www.nsa.gov/sigint/faqs.shtml#sigint4 per http://www.law.cornell.edu/uscode/text/50/1801 which defines exactly who is a US person, an agent of a foreign power etc. basically, individuals who are citizens or hold green cards are US persons (also some associations and corporations, but you can read it yourself), any other individual is not regardless of whether they are in the US or not.
"Roamers: Roaming incidents occur when valid foreign target selectors are active inside the U.S. Roamer incidents continue to constitute the largest category of collection incidents across E.O. 12333 and FAA authorities. Roamer incidents are largely unpreventable, even with good target awareness and traffic review, since target travel activities are often unannounced and not easily predicted."
I should have cited a link to EO 12333  in my previous comment; the section that indicates that the FBI has the lead in domestic counterintelligence is section 2.3 (b). I'll admit it's not the most clearly worded, but it does go out of its way to single out the FBI:
"Collection within the United States of foreign intelligence not otherwise obtainable shall be undertaken by the FBI or, when significant foreign intelligence is sought, by other authorized agencies of the Intelligence Community, provided that no foreign intelligence collection by such agencies may be undertaken for the purpose of acquiring information concerning the domestic activities of United States persons"
The section on the NSA responsibilities (section 1.12(b)) speaks primarily to collecting signals intelligence for foreign intelligence purposes in support of the Department of Defense; it doesn't mention anything about counterintelligence. The FBI is singled out again in 1.14(a) as having the responsibility to conduct domestic counterintelligence. Other parts of the DoD have the responsibity to work with the FBI on matters of domestic counterintelligence (1.12(d)).
As mentioned elsewhere in this thread, that term refers to citizens and green card holders, plus associations/corporations made up largely of those two groups. A tourist or someone on a temporary visa, for example, is not a US person. therefore, any activities they engage in are by definition those of a forieng person. I stand by my argument that 'foreign/domestic' is a function of the people involved and the scope of their activities, not of geography.
"NSA's domestic surveillance activities are limited by the requirements imposed by the Fourth Amendment to the U.S. Constitution; however, these protections do not apply to non-U.S. persons located outside of U.S. borders, so the NSA's foreign surveillance efforts are subject to far fewer limitations under U.S. law."
As you mentioned in another one of your comments, the Fourth Amendment applies in the U.S. even to people who are not U.S. Persons. So this would seem to imply that warrantless eavesdropping on people's communications within the U.S. by the NSA is not permissible.
Also, regarding FISA:
"In sum, a significant purpose of the electronic surveillance must be to obtain intelligence in the United States on foreign powers (such as enemy agents or spies) or individuals connected to international terrorist groups. To use FISA, the government must show probable cause that the “target of the surveillance is a foreign power or agent of a foreign power."
This does not seem to permit going after ordinary criminals such as drug dealers, and it does not seem to permit indiscriminate gathering of all internet communications (since there would be no probable cause for the vast majority of these communications).
"Suppose we know there are two Belgian spies in New York, are you telling me the NSA isn't allowed to listen into their conversations?"
Sure they are, if they go to the FISA court and get a warrant.
I'm specifically not talking about that non-national security contexts. Everything I've heard about the relationship between the NSA and the DEA seems like a massive ethical and legal fail.
As has been discussed before, internet communications almost certainly do not meet the definition of 'papers' per the 4th amendment, especially if those communications are not point-to-point but go through third party providers like webmail providers. Arguably they should be, but my understanding of the alw (especially Smith v. Maryland) is that they're not.
There is evidence that the FBI also engages in warrantless wiretapping. See http://mitpress.mit.edu/books/privacy-line
Smooth move, NSAssholes.
I personally would like to see the NSA organization around defense and not offense. Make better tools to protect us. Don't backdoor things since any backdoor they have can be discover and used by others. etc.
Worth a read:
"How the NSA could stop sucking and be awesome instead" by Ted Dziuba:
The trouble is that, in aggregate, the knowledge acquired is powerful and transcends time-honored boundaries.
What I have a problem with is invading my privacy and gathering my communications and information without a warrant. My 4th amendment rights have been completely violated.
Whatever short-sighted jerk-offs came up with this grand plan ought to be put in prison for harming US interests. To say that Snowden is the one who harmed US interests for revealing these activities is an intolerable act of a government that values only one thing, loyalty. Principles? Nah. Principles are soooo pre-Industrial revolution. And let's face it: with all the thousands of people working on these projects, someone was bound to blow the whistle sooner or later, because no matter how far down the rabbit hole an agency like the NSA goes when it comes to defining new norms, there are always some awesome weirdos who don't buy it, no matter how normal everyone around them treats it. (Hat tip to you, Snowden, for not drinking the Kool-Aid).
Guess what bozos (yes, NSA, I'm talking to you): national security is affected by abrogation of trust and betrayal of people like you. Our position as an exemplar of personal freedom, and self-restrained government, has been badly damaged by you. Going after Snowden, doubling down on internal security...these damage you, and us, further. Maybe Congress is confused on this issue, but I (and most everyone I've talked to) am not: you need to stop collecting data without warrants immediately. You need to dismantle your capacity to do so. You need to delete all information that you've gathered under those conditions.
And this should be the last act of the NSA's senior leadership before resigning.
What is the problem is the NSA doing this sort of blanket surveillance where a warrant is normally required but where they make an end-run around the Constitution.
We require warrants because we require magistrates to require particularity in the warrant.
But it gets worse. What will come out of this is a massive market for more secure communications, much of it designed to thwart this sort of surveillance. The NSA by not respecting our rule of law has now encouraged people to do exactly what they are afraid of and in the end, wiretaps will now go dark. The NSA broke their end of the legal bargain and now the entire government will pay a price, and that price will, no doubt, impede legitimate law enforcement efforts as well as this.
Information traversing the Internet has been legally deemed to not be included in one's "person, house, paper or effects" and as such is not constitutionally protected by the fourth amendment.
Please provide citations regarding SCOTUS. In fact, given that Katz v. United States was never overruled, that sounds very suspicious. The closest I think you can get is Amnesty International v. Clapper but that was a standing issue and never reached the merits.
The "communications records that receive special protection" are limited to ECPA, I believe, which doesn't apply to NSA since foreign surveillance trumps that law (though, IANAL so feel free to read and analyze for yourself).
The much more concerning line of cases are the banking instrument cases, like US v. Miller (http://caselaw.lp.findlaw.com/cgi-bin/getcase.pl?navby=volpa...) and California Bankers Association v. Shultz (http://supreme.justia.com/cases/federal/us/416/21/) which hold no 4th Amendment protection for banking transaction information.
The problem with communications is that while call detail records fall outside 4h Amendment protection in general, wiretaps require a warrant (see Katz v. United States) and Smith v. Maryland did have dissenters due to the fact that it is hard to draw a line between these two. More recently a circuit split has developed over whether cell site location data is at least potentially protected. The 5th Circuit (which also holds that all airport searches at security checkpoints are necessarily consented to, so presumably random strip and body cavity searches would be Constitutional) says they are not, while the third says they may be. See http://crimeinthesuites.com/circuit-split-brewing-over-gover...
My point is that "knowingly exposed to a third party" is not at all as clear as the page suggests. The reason this line is there is that it is an indication that certain information is not really expected to be secret, but if it was read literally, Katz would have come out very differently and wiretaps would not require a warrant.
Obviously if you write details of your criminal conspiracy on the back of a postcard, you can't complain when the postmaster reads it, but when you put it in an envelope then this would be a search. This sort of line is much harder to draw regarding papers outside that sort of home or mail environment than it is in them, but that's largely what I would describe the difficulty to be. This leads to the question of whether email is like a postcard or like a letter or a phone call and I don't think the answer is clear.
At any rate I would suggest that this is an area of developing law regarding electronic communications and I have been watching interesting developments there just in the last few years.
Actually, it's not clear to me that there is path for NSA-related activities to be considered in the SCOTUS.
For thousands of years, some groups of humans have been trying to find ways to protect their communications, and other groups of humans have sought ways to break those protections.
At times the code-makers become aware of the breakthroughs that the codebreakers have made and change their tactics, or new technology gives them a new cipher. Either way, the codebreaker sets a setback and has to change their tactics as well.
This new revelation doesn't seem like anything too different from that cycle - it is just revealing a larger breakthrough than is regularly revealed.
It boils down really to who do you think can be a suspect, just because they have locks on their doors.
If all crypto users are potential criminals, then all gun owners, knife owners or any person who owns an item that can maim another human being is a suspect. A state that suspects almost all of its citizenry, is a state that has bigger problems than terrorists.
Even worse, a state this does this, sooner or later, will convert a large chunk of its perfectly good citizens into behaving like bad ones because they are no longer sure what exactly constitutes bad.
At the heart of a democratic society is the social contract that the state will, largely, do things that will keep most of the citizens safe and un-harassed; while, on the flip side, the citizens are largely expected to behave in a manner that is not detrimental to the state.
What you see play out right now is that contract being broken.
Important question is, what is the right price to pay in freedom for what is deemed to be adequate security?
Good way to put it. An analogy that might help this stick in your mind: encrypting your communications is like walking around downtown in black clothes and a face-covering balaclava. You might not be doing anything wrong--but if someone in the same area robs a convenience store, the police won't be able to tell that you aren't them, and they'll have to at least stop you and search you for stolen goods before they can let you go.
Interestingly, just asking you to take off the mask (i.e. knowing that the source and destination headers on the packets are both local) isn't enough; they don't know what the face of the guy who robbed the store looks like under his mask, so knowing what you look like under yours won't tell them whether you're him or not. (Likewise, they don't know that the chinese hackers they're trying to infiltrate aren't using Tor with a US exit node, so they can't trust US-to-US traffic to be, well, US traffic.)
That is to say the likelihood of a random encrypted message on the internet being malicious is infinitely smaller than the likelihood of a person wearing all black with a facemask in the vicinity of a crime perpetrated by someone also wearing all black with a facemask.
No, it's like walking around clothed when most people are naked. You may have legitimate reasons to cover your body, but because you're part of a minority you stand out.
Either way changing the labels you use doesn't significantly change the point.
This reminds me of a conversation I had with a locksmith in the spring: he is essentially a full time contractor and goes around the city drilling out locks to which the military custodians have lost the combo. Your tax dollars at work.
What if everyone believed that law-abiding citizens should use postcards for their mail? If some brave soul tried to assert his privacy by using an envelope for his mail, it would draw suspicion. Perhaps the authorities would open his mail to see what he's hiding. Fortunately, we don't live in that kind of world, because everyone protects most of their mail with envelopes. So no one draws suspicion by asserting their privacy with an envelope. There's safety in numbers. Analogously, it would be nice if everyone routinely used encryption for all their E-mail, innocent or not, so that no one drew suspicion by asserting their E-mail privacy with encryption. Think of it as a form of solidarity."
Phil Zimmerman, 1994
Who delivers those letters? In the U.S., and many other countries, it's the government.
You're literally handing your letters to the government and asking them to deliver them to the intended recipient without peeking. In short, you are trusting them to do the right thing, because they certainly could look inside the envelope if the really wanted to.
Legal safeguards are your only defense against the government here, but we the people generally consider it a solid safeguard.
But if it were to even be suggested to send email using government-provided networks (even encrypted email) you'd be laughed right out of any hacker con you attend.
It's a pretty surreal difference IMHO.
If I was a person of intense interest to the government I definitely would not trust the mail system. But as a nobody, I imagine its pretty unlikely anyone is looking at my mail.
With email, the resources required to record all email is comparatively trivial and this makes it much more feasible that even us nobodies are having our privacy invaded.
But for the vast, vast majority of people it's apparently not something they worry about. They indeed simply trust the government to obey the law.
Luckily, the vast majority of people aren't really needed to bring about change because most people do nothing because their blind trust doesn't require them to… Only just a relatively few methodically dedicated people who have the ability to see beyond and work through their current circumstances and help forge the future they want to see, are all that are needed.
I am also the other.
Who (of any relevance) on the NSA or DoJ side is saying people don't need crypto or security though? I've seen a Congressman use the 'nothing to hide' line but haven't seen it much elsewhere even among NSA's defenders.
The government does seem to be saying that if you're only concerned about the government possibly seeing your stuff, that you don't have anything to worry about (as long as you're not recruiting for AQ or something) as the NSA doesn't have time to care about you anyways, but that's not quite the same concept.
Plus even that has an adequate justification if we assume there is some bizarro universe where the NSA might actually only be doing their job (as everyone "needlessly" using crypto to hide their innocous emails simply helps The Bad Guys to blend in even more effectively).
If you don't believe there could be a 'needless' reason to hide emails from any possible government collection, or that there's no such thing as Bad Guys (or both) then you would probably conclude we don't actually live in that bizarro universe.
But not everyone would come to the same answers for both and they have logical reasons too.
"The government does seem to be saying that if you're only
concerned about the government possibly seeing your stuff,
that you don't have anything to worry about (as long as
you're not recruiting for AQ or something) as the NSA
doesn't have time to care about you anyways, but that's
not quite the same concept.
In fact, I would love to see how the NSA has been using the tools at their disposal since this story broke over two months ago. It would shock me if resources had not already been diverted from "find the terrorists" to "monitor and control American public discontent with our surveillance practices because the attitude of the American people present an existential threat to us."
IMHO not one penny of tax payer money should ever be spent on any public relations activity at any level of government. I pay taxes for the government to provide me with services which I deem valuable. I do not pay taxes to pay for the labor that will defend how they spend my tax dollars. The problem with permitting any government agency to spend our tax dollars on such activities was succinctly summarized by Clay Shirky, "Institutions will try to preserve the problem to which they are the solution."
That may happen anyway, in time, if this situation is not fixed, but it could happen so much faster if companies like Google, Microsoft and Facebook (ok, I know I'm really pushing with this one) who have services used by over a billion people would offer very secure end-to-end communications platform, by default, and in a very transparent way (being able to check for sneaky backdoors pre-encryption, or anything like that).
They don't even have to do it for everything, especially the parts which are meant to be more public anyway, but there's absolutely no reason why IM's couldn't be completely private - from everyone and anyone, including the companies themselves.
So what are you waiting for Google, Microsoft and Facebook (and others, too)?
This is part of why I never trusted GMail from the beginning. (But I'm still stuck with it.)
They already do! Everyone who makes Amazon purchases, or sends Facebook messages, or does online banking is all using some form of strong crypto.
Does our government treat all e-commerce shoppers as "bad guys"? No.
Yes, Americans have fought and suffered and died to preserve some nebulous definition of freedom, but not the Americans you think--nor the freedoms you think. I'm not sure how the original author meant the statement, but usually, statements like that refer to American soldiors who fought in wars that are assumed to have preserved US freedom. But not since 1812 have the US armed forces needed to defend the territory where the freedoms enshrined in its constitution are in effect. For the US civil war, there was no black nor white (to make a bad pun) on the Union side, so I'll call that a wash on preserving freedoms. Yes, during the world wars, the US projected its power and helped to reinstate freedoms in Europe (almost exclusively), but we're not talking about the defense of Europe here.
One could argue that by using and projecting military power and becoming the sole remaining world superpower, the US has preserved US freedoms by pushing our "borders" further away and engaging the "enemies" of said freedoms before they reach us/US (which is why 9/11 was such a shock, similar to the Vandals sacking Rome). I think that's a stretch, given that much of our recent military action seems directly aimed at preserving access to petroleum energy, not actually preserving freedoms.
Taking the Howard Zinn approach to US history, there have always been US citizens who are denied their freedoms within the US. From native Americans in the 19th century, to labor movements in the early 20th century, targets of McCarthy, civil rights activists, to occupiers of the 21st century. Many of these did suffer and die because they dared to oppose the political and economic status quo, and relied on their freedoms of speech and assembly to do so.
And to be frank, they preserved nothing. The freedoms were always trampled whenever it suited the powers-that-be. In other words, exactly what's happening now.
I think now feels different because the internet gave us a taste of true freedoms. Freedom to publish your speech to the world at almost zero cost. Freedom to find and network with like-minded people. Freedom to have political influence just by writing a blog. Freedom to enact change lawfully and peacefully by rallying against WallSt corruption, revealing the extent of the Military-Industrial Complex, questioning the wars, questioning the powers-that-be.
It turns out, we never really had those freedoms on the internet. Edit to add one of my favorite pithy sayings: same as it ever was.
Of course it would be better, b/c:
Right after the argument for the right to privacy comes the fact that there literally IS no terrorism (in western countries, anyway - I'm not about places like Iraq after the invasion etc.). We've been brainwashed by our media to think there is. Just take a look at some numbers: http://www.washingtonsblog.com/2011/06/fear-of-terror-makes-...
Conclusion (as an example): If we know that "You are 8 times more likely to be killed by a police officer than by a terrorist", then we'd first need to fight the police officers before pouring billions into a surveillance state.
Who here wouldn't love to hear from a developer who's helping with this and has strong beliefs in their reasons for doing it?
The government almost certainly doesn't want to spy on you, it just wants to be able to find spies and other bad actors among you.
I have to admit to taking a jaundiced view of these complaints, since for almost 20 years the US has maintained an immigration regime in which illegal aliens have virtually no legal path to residency (despite many of them having no criminal record - unauthorized presence in the US is a violation of administrative rather criminal law, and it only become a criminal matter in the case of deportation and repeated unlawful re-entry); illegal immigrants can be detained incommunicado for up 6 months without any right to a hearing, have no right to provided counsel, and enjoy very few constitutional protections (in general, those extended to 'persons' rather than 'citizens' or 'the people'). Leaving the US imposes a whole raft of additional sanctions on such a person (eg a 3 or a 10 year banishment during which the person may not even apply to re-enter the country) which don't apply to people who stay, and thus create a strong economic incentive to remain, resulting in an entirely legal underclass of about 11 million people who have even fewer rights than ex-felons. 'But they broke our laws' is the response of most people, as if the laws were not the responsibility of the legislators and people who elected them, but had come down from heaven.
I'm not excusing the NSA's overbroad vacuum-cleaner approach to gathering metadata, busting encryption and so on, other than to note it's not very different from the kind of data collection private actors fiercely defend the right to engage in, saying that the onus is on the data owner to use good security. But it's very hard for me to give a sympathetic ear to complaints of tyranny from people who seem happy to tolerate a system that severely curtails the freedom of several millions of their neighbors.
Maybe, that is true today. My fear is that tomorrow they will want to spy on me? Why, because the definition of "bad actor" has serious scope creep. I think this is the authors point.
As of 2013, the Federal government is required to recognize gay marriage and no adults engaged in consensual sexual relations can be hit with criminal charges in the US. That's a significant shrinkage in the scope of state power.
It's a two way street. Just as the notion that government is always benign or correct (a subset of the just world fallacy) is flawed, so is the libertarian trope that government is always oppressive and encroaching (a subset of the mean world fallacy). In the context of this conversation, I agree that the NSA's reach is overbroad, which is worrying because of the potential for government blackmail or overprosecution; but on the other hand I note that things you could have been blackmailed with or prosecuted for up to quite recently - and which had been considered serious crimes going back to ancient times - are no longer criminal, which is an enormous step forward for individual freedom.
And then against the First; sharing links to websites that stream videos is a crime once we get you extradited here. Writing a tasteless joke online is a felony that warrants half a million for bail. Sharing a link to documents we don't want you to see is a felony.
Maybe they're not always oppressive. But it's reasonable for us to assume the possibility of scope creep. And it's reasonable to not want them to have all our communications stored against the event.