Hacker News new | comments | ask | show | jobs | submit login
Stop the NSA "Fake Fix" Bill (eff.org)
312 points by joshfraser on Nov 10, 2013 | hide | past | web | favorite | 55 comments



As a Californian I am never not ashamed to have Senator Feinstein representing me. Is there a "tech lobby"? If there is, why is its number one priority not fielding a decent primary challenger to oust this authoritarian disgrace to our state?


She has seniority in the Senate and it's a "devil you know" situation. Mostly we don't want to Tea Party ourselves by trying to purify our ranks.


That is the kind of cowardice that gets you people like Feinstein. Grow a pair and stop voting for her until she gets her act together.


Perhaps, but Tea Partying one's primaries gets you people like Akin.


That's why I've always voted against her.


Isn't she retiring after this term?


That was the rumor before her current term.


ok, yes, we need to start working on this then


Feinstein.

How is she still in office? She's the spitting image of Dolores Umbridge; an authoritarian freak who has nothing better to do than make the lives of honest individuals completely arduous.


People vote for the lesser of two evils. At some point people stopped understanding that "the lesser of two evils" is still evil.


Crap. Senator Feinstein is my senator. I'm pretty sure sending her a letter isn't going to help.


Every time I hear this woman's name its attached to bad legislation proposals. She didn't manage to strip america of thier 2nd amendment rights so now she's going after our 4th and 5th amendments apparently? How did this women get into office?




Do it anyway. Each person who raises their voice may be a little mouse, but a million mice working together can topple anything.


Sending Feinstein a bunch of letters is going to help reign in NSA power? Good luck with that.

She's a big part of why the NSA is as powerful as it is, because people like her are given total power to watch over the watchers (the secret panels of judges) who watch over the watchers, etc. Each level seems as apathetic to reigning in the NSA's power than the next (including the president).

This is a big systemic issue, the political response both by the public and politicians has been embarrassingly impotent, considering the scale of the mass surveillance.

Forgive my apathy, but this isn't like SOPA where internet campaigns are going to fix things. The power is already deeply rooted in place and the players involved are not giving it back easily.

If you're going to try to counter it via politics, why waste your time sending letters to politicians who are totally complicit in the problem?


>Each level seems as apathetic to reigning in the NSA's power than the next (including the president).

They are not just apathetic with respect to mass surveillance, they are its main proponents. They have good reason to champion the NSA's programs, as they are some of the most likely targets of any potential plot, and even if they were not physically endangered by a terrorist attack, they would be blamed for it.


> She's a big part of why the NSA is as powerful as it is,

At this point, isn't it unsafe to write letters to such people?

You may end up on one of the "lists".


I welcome being put on a list, if it happens. I want to be part of this conflict. Something is happening now, and we need to keep pushing.


Feinstein is dishonest. No point.


it also identifies you to them as an enemy of sorts

i much prefer a system of feedback/preference in which anonymity is preserved, while also the voter/sender's validity as a natural US citizen individual is assured as well. right now we tend to have one, or the other, but not both


Senator Feinstein is touting this proposal as a way to address the problems with uncontrolled NSA spying, but don’t be fooled: it’s a fake fix.

Urgh. Person with something to lose, protecting her power and influence?


Searching for the legislation?

https://www.govtrack.us/congress/bills/113/s1631


I don't doubt the EFF, but I am automatically skeptical of anyone who tries to get me to take action without bothering to post the bill or even relevant excerpts.


After reading the amendment, my take on it is that the EFF article is stating that the whole program needs to be scrapped and criticizing Feinstein for not doing so. Feinstein is apparently of the opinion that the program could be useful and her tactic is instead to put additional oversight in place. Here is what this bill does specify:

- Codifies that no message content may be collected under this authority

- Specifies that any queries against this data must have documentation showing "reasonable articulable suspicion that the selector is associated with international terrorism or activities in preparation thereof" (note that military/political/counter-espionage/etc. is not listed)

- A person meeting the above criteria who travels into the US may continue to be targeted for up to 72 hours. The Attorney General may grant an extension as an "emergency authorization".

- A record is to be made for each search against the database of the phone number searched for, the person who searched for it, date and time it occurred and documentation as to why the search was performed.

- The documentation for each search must be given to the FISC. The FISC is explicitly granted the ability to terminate any collection if it finds that the search was unlawful.

- Directs the FISC to appoint additional personnel with access to classified information and expertise in "privacy and civil liberties, intelligence collection, telecommunications, or any other area that may lend legal or technical expertise to the court." An annual report must be submitted to Congress on the number of personnel appointed.

- Any individual who circumvents access to the phone records database will be fined or imprisoned for up to 10 years.

- A semiannual report needs to be made to the House and Senate Intelligence Subcommittees with information on all electronic surveillance, physical searches and use of pen registers/trap and trace devices conducted under this act. The report needs to include the total number of requests made to the court, how many were approved/denied/modified, the names of any targets within the United States, compliance incidents, any emergency authorizations, etc. That information, along with any of the documentation mentioned above must be made available on request to the NSA Inspector General, the Intelligence Community Inspector General, DoJ and the Privacy and Civil Liberties Oversight Board

- An unclassified summary of all of the above information needs to be made available to each member of Congress.


"Feinstein is apparently of the opinion that the program could be useful and her tactic is instead to put additional oversight in place."

In other words, oversight has failed, let's use oversight to fix it. The only real reform in that list is this:

"Any individual who circumvents access to the phone records database will be fined or imprisoned for up to 10 years"

Of course, without periodic public review of the NSA, we will never know if people are being punished for that sort of thing. At this point we have no reason whatsoever to trust any secret oversight or secret courts. We got into this mess because everything the NSA does is done in secret, and because the FISC operates in secret, and because when someone breaks the rules it is reported to people who are sworn to secrecy.

Of course, public review is conspicuously absent from that list. Only privileged members of Congress, long out of touch with the public, will be reviewing this -- it's business as usual.


It's worth noting that a month ago the EFF was calling for people with technical and civil liberties expertise to help provide more oversight [1].

The NSA exists solely for the purpose of gathering foreign intelligence - it's a spy agency. As a result, you'll never be able to get completely transparent public review of their activities without making them effectively useless. I see a few options on the table:

A) Go with the status quo, not change anything just trust the NSA to do its business under the existing oversight.

B) Strengthen the oversight to further ensure that the NSA is only conducting the work it's authorized to do against the targets it's authorized to spy on.

C) Assert that espionage just isn't worth it and just take the tools away from the NSA.

There are plenty of things that you can do under option B to address problems. Some of them are in this bill, and some of them can be made available to the public. Members of Congress have conflicting views on how much information they've been given by the NSA [2], which to me implies that some take their positions on the intelligence committees more seriously than others. If you look at the actual video of the hearing, Congressman Mike Rogers suggests that serving on the intelligence committee is a much bigger responsibility than serving on the other committees and they can't bring their staffers to assist [3]. If Congress isn't capable of providing the oversight they tasked themselves to do with the resources they have, then they need to either gather the resources they need or appoint another group to conduct oversight in a manner that can effectively ensure to the public that the NSA is gathering valid foreign intelligence and nothing else.

[1] https://www.eff.org/deeplinks/2013/10/47-prominent-technolog...

[2] http://www.reuters.com/article/2013/10/29/us-usa-security-ns...

[3] http://www.c-span.org/Events/Intel-Officials-Discuss-Propose... (jump to about 01:34:00)


> The documentation for each search must be given to the FISC. The FISC is explicitly granted the ability to terminate any collection if it finds that the search was unlawful.

I thought they were already supposed to do that, and the reason they had a "Court" of judges in the first place. Why would I believe anything will change with regarding that Court, once this bill is passed?

Also, as Bruce Schneier says, "metadata is surveillance":

https://www.schneier.com/blog/archives/2013/09/metadata_equa...

They assassinate people with signature strikes based on metadata, so don't say "metadata isn't important". It's deadly so.

The solution isn't to allow them to only collect metadata (only in US, seems they will keep collecting everything on "foreigners"), it's to end "mass surveillance", whichever way it's done. Surveillance should only ever be targeted. As whistleblower and former NSA William Binney said recently, NSA used to do that - they didn't always do mass surveillance on every country's individuals.

And finally, Feinstein just can't be trusted. For all we know that bill was written by NSA itself, knowing full well how they could "interpret" some of the stuff in the bill.


> - Specifies that any queries against this data must have documentation showing "reasonable articulable suspicion that the selector is associated with international terrorism or activities in preparation thereof" (note that military/political/counter-espionage/etc. is not listed)

This language only modifies FISA section 501, which pertains to bulk collection of business records (i.e. Verizon phone call data), and not 702 [1].

The amendment adds language explicitly allowing searching of US communications under 702, despite the section being titled "[p]rocedures for targeting certain persons outside the United States other than United States persons" and starting with "limitations: may not intentionally target a United States person".

Although 702 has been used to target US citizens [2], the law doesn't reflect this usage -- yet.

Here is the addition [3]:

> A query of the contents of communications acquired under this section with a selector known to be used by a United States person may be conducted by ... the Intelligence Community only if the purpose of the query is to obtain foreign intelligence information or information necessary to understand foreign intelligence information or to assess its importance.

And the loophole (a 2nd one is omitted here):

> Nothing in this subsection may be construed to limit the authority of a law enforcement agency to conduct a query for law enforcement purposes of the contents of communications acquired under this section.

This is the only part of the amendment that I read, and it looks a lot like swiss cheese already.

1. Section 702: http://www.law.cornell.edu/uscode/text/50/1881a

2. http://www.theguardian.com/world/2013/aug/09/nsa-loophole-wa...

3. Section 6 of the amendment.


You're right - most of this bill focuses more section 501. That's where most of the debate in Congress has been, as it specifically collects on US citizens. You have a good reason for concern on the section 702 parts, but I disagree on why. The part on section 702 doesn't authorize collection against US persons - it's strangely worded. "A query of the contents of communications acquired under this section with a selector known to be used by a United States person" - in other words, the collection must already be acquired in the documented pursuit of a valid foreign intelligence target under section 702 (b) [1]. The analyst can then search the collection for selectors known to be used by a US person. (EDIT: reworded for clarification) The bill goes on to say that this may only be done for the purpose of gathering foreign intelligence information and must be documented and reported to Congress, DoJ, FISC, etc.

The concern here is that it may be a loophole to allow reverse targeting - collecting foreigner's communications not because the foreigner is interesting, but rather because the Americans that foreigner is in contact with are interesting. Personally, I'd like to see more language in the bill to address this.

Your second loophole doesn't apply to the NSA (they're not a law enforcement agency), but is a concern for the FBI. It doesn't make much sense to me why it would be worded this way in her bill, since the potential loophole is addressed in Section 704 of the existing law:

"No element of the intelligence community may intentionally target, for the purpose of acquiring foreign intelligence information, a United States person reasonably believed to be located outside the United States under circumstances in which the targeted United States person has a reasonable expectation of privacy and a warrant would be required if the acquisition were conducted inside the United States for law enforcement purposes, unless a judge of the Foreign Intelligence Surveillance Court has entered an order with respect to such targeted United States person or the Attorney General has authorized an emergency acquisition pursuant to subsection (c) or (d), respectively, or any other provision of this Act."

I'd also like to address your targeting US citizens argument:

Although 702 has been used to target US citizens [2], the law doesn't reflect this usage -- yet.

That's a bold claim, and the evidence you provide doesn't seem to support that. I'm not saying that is hasn't necessarily happened, but the evidence isn't there. From the article you cite:

"While the FAA 702 minimization procedures approved on 3 October 2011 now allow for use of certain United States person names and identifiers as query terms when reviewing collected FAA 702 data," the glossary states, "analysts may NOT/NOT [not repeat not] implement any USP [US persons] queries until an effective oversight process has been developed by NSA and agreed to by DOJ/ODNI [Office of the Director of National Intelligence]."

...

The document – which is undated, though metadata suggests this version was last updated in June 2012 – does not say whether the oversight process it mentions has been established or whether any searches against US person names have taken place.

I'd like to see a document showing specific examples of instances where 702 was used to target Americans and what the NSA's reason for doing so was. This shows a blurb saying that certain minimization procedures have been proposed, but have not been approved, so analysts are still not allowed to query against US persons.

The article goes on to cite leaked minimization procedures [2]. Those procedures talk a lot about what to do if the NSA comes across US communications, procedures standardizing how to determine whether or not a selector belongs to a US person, what to do if an analyst finds out that they've inadvertently targeted a US person, what to do if a foreign target comes to the US, etc.

There's a whole section in 702 detailing how minimization procedures are to established and updated (see section entitled "Judicial review of certifications and procedures") - the Attorney General and FISC both need to sign off. The blurb seems to fit with the bill that Feinstein is putting forward. It's anyone's guess as to whether the minimization procedures were approved by the courts and DoJ first and is being legitimized by the bill, or if the courts/DoJ said the law won't back up that interpretation and Feinstein is now trying to fill it in.

[1] https://www.govtrack.us/congress/bills/110/hr6304/text

[2] http://www.theguardian.com/world/2013/jun/20/fisa-court-nsa-...


> Your second loophole doesn't apply to the NSA (they're not a law enforcement agency), but is a concern for the FBI.

Good to know, thanks.

702 doesn't allow intentional collection of US communications - intentional being a key part, as they are only required to minimize the amount of US communications collected. For example, the leaked minimization procedures includes "[t]he communications that may be retained include electronic communications acquired because of limitations on NSA’s ability to filter communications."

The proposed amendment has no bearing on collection, but would allow querying of the data incidentally collected on US citizens under 702.

"Reverse targeting" is explicitly disallowed by 702(b)(2): "may not intentionally target a person reasonably believed to be located outside the United States if the purpose of such acquisition is to target a particular, known person reasonably believed to be in the United States."

From a 2012 Committee on Intelligence report:

"[D]ue to the nature of the collection and the limits of the technology involved, it is not reasonably possible to identify the number of people located in the United States whose communications may have been reviewed under Section 702 authority."

"Finally, on a related matter, the Committee considered whether querying information collected under Section 702 to find communications of a particular United States person should be prohibited or more robustly constrained. With respect to analyzing the information lawfully collected under Section 702, however, the Intelligence Community provided several examples in which it might have a legitimate foreign intelligence need to conduct queries in order to analyze data already in its possession."

http://www.emptywheel.net/2013/06/25/confirmed-nsa-does-sear...


Executive branch oversight of government programs has never been effective in protecting the citizenry from harm in the past, and there is no reason to believe this 'effort' would be any different.


FISC is part of the problem, so it cannot be a part of the solution.

Same is with the intelligence committees.


> ..."...associated with international terrorism..."...

Is "terrorism" defined? If not, everything will be stretched to fall under its meaning.


That wouldn't help either. If something as explicit as the Seventh Amendment's "twenty dollars" requirement can be argued away, anything can.

http://faculty.msb.edu/hasnasj/GTWebSite/MythWeb.htm


There don't seem to be any obvious points leverage with which to apply pressure on Diane Feinstein. Her age, wealth and long term membership in Senate make her much less vulnerable to standard political tactics.

It seems that we need to manipulate the situation so that Diane Feinstein feels that is in her interests to support a more robust set of NSA reforms. I don't feel like I have a complete understand how Senator Feinstein perceives her interests.


I saw a great bumper sticker today: "One nation under surveillance."


It's important to realize that the EFF is not a research institution--it is an advocacy institution. In other words, the EFF doesn't start off with an unbiased view of an issue and then decide what is in the public interest. Instead, it takes predictable positions on a number of issues, and those positions will never change no matter what the facts may turn out to be. After all, it was founded to push an agenda which was pre-defined in advance of its founding 25 years ago.

Therefore, you should never read EFF materials with blind credulity as many of the commentators on this post do. They put out propaganda like all advocacy groups do, and it's up to neutral third parties to filter it. To be fair, they're not as bad as other groups (NRA, anyone?) but if you read their output directly, it's up to you to pick out the disingenuous parts, if you can find them, and/or also read opposing views to get the full view. Otherwise, it's like a jury deciding a trial in which only one side presents their case. That's a shame, because I often agree with the EFF, yet I have to do a lot of work to unbend their reality distortion field.


Specifically what do you take umbrage with in the case of this bill and the EFF's position?

I'm asking as someone who agrees with your overall point but is mystified about what made you post it here under this article specifically.


Sounds good. Got any articles on this topic from unbiased research institutions that we can read?


It is plain to see that our government servants are serving interests which are against "We the People."


Feinstein is a terrorist.

(Haha iOS attempts to autocorrect Feinstein to festering, perfect)


My first reaction was to call up my representatives ... but I wonder if doing so would put me on some kind of 'special' list.


Don't be a coward.


I think we're all on special lists already.


Good job EFF, when the bill gets inevitably defeated, you can claim a personal victory and solicit for more donations! Put it up with all your other accomplishments on your website you invested so much time and money into achieving.


So what do you suggest the EFF do here, not oppose the bill?


I suggest they actually do something other than asking the public to publish empty rhetoric via an auto-form.

At least they did that one thing a while ago and helped sue the RIAA like 10 years ago when someone already started the case. That was a real big PR win for EFF. They can use all those donations to actually fluff their couch and sip iced tea now and publish more damnations from the comfort of their non-profit internet connection.

All the EFF does is take in donations and claim any legal victory as their own, you know because they wrote a letter on their website saying how nasty the defendant is. Thanks EFF! They also help spin pro big-media legislation as victories for information freedom. While people fight against pointless strawmen DRM issues that the industry knows will ultimately fail, the real line is being fortified legally in bills like the Trans-Pacific Partnership (Pact has negative conotations) and being enforced at the network level with internet-breaking packet-inspection devices.


Are you kidding me? The EFF, along with EPIC, are the two organizations that actually help with modern 4th amendment issues. I don't know where your hate for the EFF comes from, but it's certainly not based on a reasoned analysis of their work over the last decade.


They havn't done anything in the last decade.

http://en.wikipedia.org/wiki/Timeline_of_Electronic_Frontier...

Pick one thing in that list that is "ground breaking" where the EFF actually invested their own resources into helping accomplish. Did you even know that the President of EFF owns a record company?


Gasp, not a record company!!1!


I typically hesitate to repeat myself to trolls, but what do you suggest the EFF do here?


burden of proof is in your court. Why should I trust the EFF with my money? Also moving the goal posts, the discussion here is about the effectiveness of the EFF.

I guess I could throw in Ad Hominem for calling me a troll. Are you into politics or sales? Sorry, that was a loaded question.


"the eff isn't accomplishing anything significantly useful by this, just making themselves look good and recieving donations."

"what would they have to do for you to consider them to be worth donating to?"

"something other than having people send forms. They haven't since a legal battle a decade ago. They also are making bad legislation sound good."

["they help, and you haven't been paying attention to them during the last decade."

"they haven't done anything (groundbraking) in the last decade. "]

"What would the eff have to do for you to consider them to have earned your donation? Also I think you are trolling"

"you have yet to prove that the eff has done enough to warrant my donation. We are not talking about what they would have to do to be deserving of donations, we are talking about whether they have done useful things. Also calling me a troll is an ad hominem. Also you are deceptive"

The initial comment for this sub conversation essentially stated that they had not done anything sufficient (lately) to deserve donations.

Afterwards, the person claimed that asking what would be sufficient action to justify donations.

So, "x has not y!" "how can you tell/what do you mean/[something] that x has not y?" "don't change the subject!"

What parts of this post I am making are innaccurate?

Edit 1:

Ok, first comment rather says that they take donations and do nothing useful, which isn't neccisarily exactly the same as saying that they haven't done enough to warrant donations.


What the hell are you smoking? I'm not attempting to prove anything, I am asking you a question.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: