Hacker News new | past | comments | ask | show | jobs | submit login
The NSA: An Inside View (lorensr.me)
367 points by lorendsr on Dec 15, 2013 | hide | past | web | favorite | 313 comments



Interesting to get a look at what it's like to be inside the bubble. It's compartmentalized enough that the individual actors can justify their actions by the assumed competence and benevolence of the others.

> I didn't test it, but I'm sure there was automated analysis that prevented or flagged use of US selectors.

The mental leap here is subtle, but substantial. Since I have been told I can't use US selectors , I assume the system enforces this. As such, US citizens have nothing to worry about. However, in the immediately previous paragraph, he noted:

> one employee spied on a spouse

So much for automated analysis, besides not being able to filter out US citizens' data it can't even filter out an employee's direct family. But there's no need to worry citizen, the NSA has a very high-quality workforce.

In the NY Times this morning was a piece noting that the government has concluded they don't know what files Snowden took with him (http://www.nytimes.com/2013/12/15/us/officials-say-us-may-ne...). The most technologically advanced intelligence agency in the history of the world and they have no idea what files were electronically taken by one of their own. One of their own who passed the background check by the way--I don't know why the OP is so enamored with the polygraph.


What's particularly interesting is that some of the recent disclosures don't seem to be visible inside the bubble. Take this assertion, for instance:

"The NSA copy of my emails won't be viewed by police or FBI investigating me about marijuana use, for instance. Law enforcement might get a search warrant and retrieve a copy from Google, but not from the NSA."

In fact, it's been known for months that the DEA receives intercepts from the NSA in such volume that they have an office devoted to handling them (the DEA's "Special Operations Division"). And as for search warrants, the manuals for that office describe a practice of "parallel construction" which involves, not to put to fine a point on it, lying about the ultimate source of the information they're using, with the clear intent of evading judicial scrutiny.

Details here: http://www.reuters.com/article/2013/08/07/us-dea-irs-idUSBRE...


This is an interesting article, thanks for sharing. Your summary does not quite reflect the article though. You say "In fact, it's been known for months that the DEA receives intercepts from the NSA in such volume that they have an office devoted to handling them (the DEA's "Special Operations Division")", which to me created the impression that the NSA was funneling large amounts of information about US citizens to the DEA.

However, the article actually says: "...two dozen arms of the government working with the Special Operations Division, including the Federal Bureau of Investigation, the National Security Agency and the Central Intelligence Agency.", and later that "the Special Operations Division of the DEA funnels information from overseas NSA intercepts, domestic wiretaps, informants and a large DEA database of telephone records to authorities nationwide to help them launch criminal investigations of Americans. The DEA phone database is distinct from a NSA database disclosed by former NSA contractor Edward Snowden." [emphasis mine]

It's quite possible that the NSA passed only occasional information about non-US citizens - it's impossible to tell from that article - if that's the case, then to many people they're acting within their mandate.

I'm not trying to defend the NSA, and I'm deeply troubled by the implications of mass surveillance. But it's important I think to be clear about the claims we're making since otherwise it's easy for people to dismiss us.


Thanks for the close reading. I guess it depends what you think "no domestic intercepts" excludes, and how much you believe that everyone in the NSA follows the rules. Even if most of them do, a few have the tools to become a very big problem --- and the rest of the organization wouldn't necessarily know, since in an organization like the NSA, people aren't supposed to know what's happening in the office down the hall.

To start with the scope of what's available: it almost certainly includes data on US persons "incidentally" acquired in taps on an authorized target. I'm not aware of anything on DEA procedures there specifically, but as for the general rules, see here: http://www.emptywheel.net/2013/11/08/the-intelligence-commun...

Of course, even if NSA analysts know that they have DEA "customers" (as they apparently call the recipients of their intelligence), it might be a breach of the rules to select overseas targets which would be likely to have domestic contacts of interest to the DEA. But given that knowingly breaking the rules in pursuit of an authorized goal seems to count in NSA audits as mere "lack of due diligence", and not classed as "abuse", I'm not sure how much comfort to take from that.

Analysis of NSA audit data from Marcy Wheeler here: http://www.emptywheel.net/2013/08/16/lack-of-due-diligence-t...

... with further notes on the audit process, and narrow definitions of "abuse" here: http://www.emptywheel.net/2013/08/20/if-nsa-commits-database...


It really depends on how widely it is reported. Government employees even those with clearance are prohibited from looking at the wikileaks cables. If it makes it into the NYT and they see it, then it is ok. But they can't actively dig for it. Direct from the mouths of government employees.


Again, an assumption that a magical unicorn guards the morality of being told what someone can or cannot do should be understood as a non-trustworthy system. Especially one that is referred to as the NSA in very general terms - as they have no control over employees or data dissemination / exfiltration. And, yes, the last statement is fact based on all of the supporting evidence in the public domain. If one thinks otherwise I politely redirect you back to aforementioned magical unicorns.


Outside of magical unicorns, what kind of unicorn should guard things? I'm afraid automated systems don't offer either the coverage or the flexibility to provide what you think should be provided.


Yes, but why can Loren Sands-Ramshaw use a blog, where he critics his employer and also use Kickstarter without getting fired? Not that I want him to get fired, but I worry that he risks his job in telling us this critical information!

Aren't those things, a spy shouldn't have? Is the working strategy, filling the web with disinformation about NSA employees, or is it to never use the web with a real identity for the period of contractual employment?

I mean, from a technological standpoint, every single HN member would love to work for the NSA. Because they have an extremely sophisticated set of technology that people would like to get their hands on. (Well, that's at least what we think they have). Keep in mind though, that in reality only a very small percentage of HN would actually like to work for the NSA! This is not because of the recent revelations, but because the government in general has not a positive image for most hackers.


He's no longer employed by the NSA. He left to play with a startup and some personal coding projects; the last paragraph of his post links to them. Any discussion of his employment there still gets reviewed by the NSA, but that's routine for anyone who does classified work. (And he does say up front that he sought that review, and that they had no problem with him posting what the rest of us read.)


Then it's even more important that we read this blog post in the knowledge that it's the one that made it past NSA screening. We'll never know how many didn't.


Thank you :)


What's the legal term? I think it's "double construction"? Where the prosecution knows it's you from illegal means (wiretap/NSA spying) but by that knowledge can go back and construct the legal case in reverse.

It's been rumored that Dread Pirate Of SilkRoad case was figured out that way.


It is parallel construction

http://news.ycombinator.com/item?id=6911150


> What's the legal term? I think it's "double construction"? Where the prosecution knows it's you from illegal means (wiretap/NSA spying) but by that knowledge can go back and construct the legal case in reverse.

I think the technical term is either "perjury" or "fraud on the court".

The euphemism, though, is "parallel construction".


It is not necessarily illegal means, but simply means that the government do not want to expose in open court. Perhaps this is because they are illegal, or perhaps revealing the source of intelligence could compromise an active intelligence operation. The NSA does not want its methods exposed in open court. You will probably say that this is because they are illegal. But an equally plausible explanation is that revealing details of their capabilities is of benefit to their adversaries.


The story around DPR getting caught started in him making posts that had personally identifiable information from his anonymous accounts in the very beginning, not from illegal searches.

That's just a really long scraping / pattern-matching exercise of publicly available data, and the reminder that even particularly clever people won't be on point 100% of the time.


Or they did find him illegally and found later on the public pattern-matching exercise to justify their findings. Which is exactly the point of parallel construction.

We cannot know.


Yes, this stood out at me too. As soon as I read that statement, I knew the author was either lying or underinformed. Thanks for providing the article.


> It's compartmentalized enough that the individual actors can justify their actions by the assumed competence and benevolence of the others.

I've talked to this before but this denial and self delusion is an important defense mechanism. Sometimes people write blogs and get into apologetic because they feel an internal dull pain of an inconsistency. "Hmm it looks we NSA did all these pretty bad things. I worked for them NSA. Surely I couldn't have worked for the bad guys." and then <proceed rationalizing and defending NSA, might as well put it in blog form>.

That cognitive dissonance, I believe, is pretty powerful. A lot of dark secrets and past transgressions can be filtered so well throw it.


I'd rather intel analysts have some cognitive dissonance than have absolute certainty they are always justified in their actions.


Unlike a lot of HN commentators who blindly follow the herd (i expect to get a ton a dv's for that)


Seriously, you can't win. Here you have an actual former NSA employee giving a first-hand account of his time there -- and not only his account doubted for no reason other than failure-to-comply with known-biases and unverifiable journalism, but some guy is now providing psychological analysis of him as well!

Some know-nothing armchair psychologist who read the NYT is telling this guy -- who has made an honest effort to be utterly transparent -- that he's cognitively dissonant and that comment is going to receive a hundred votes because it makes people feel good about the things they think they know. It's not truth, just an exercise in mass delusion.


The most extraordinary thing about Snowden is not that he took the documents: it is that he sacrificed his whole life to make them public.

And this should make us scared. A guy like Snowden was extremely improbable, and yet he happened. So, what to think about the far more likely case of NSA employees taking extremely sensitive information and selling it privately? How many of those have there been already?


1000 times this. If Snowden could do what he did and the NSA doesn't even know what he took, it is inevitable that a hostile foreign government will infiltrate the NSA. It is also highly probable that there are people in the intelligence apparatus that are abusing their power in some way or another.

There have already been about a dozen cases in the NSA of 'LOVEINT' where employees were spying illicitly on love interests. From what I recall, all of those people volunteered that they were spying illegally on their own, none of them were caught by any internal review process.


It all seems so sincere. Except when you see how closely this matches the talking points the NSA sent home with employees (https://s3.amazonaws.com/s3.documentcloud.org/documents/8445...)


Whoa. The above PDF link is very much worth clicking.

Almost all of those points (except maybe the very last one) are echoed by the OP.

Except that this hand-out is straight-out propaganda and the OP sort of tried to veil that.


Well, following his explanations, you can fail the polygraph and just do it again. The cost of failure is zero, so really just keep trying.

(I personally loved the bizarre mix between cyber war, nukes and North Korea. He seems to have the mindset of a paranoid Stalin, always wary of others when he's the one terrorizing.)


Definitely a bizarre mix, I thought it was a parody a couple of times. To combat the threat of nuclear war with the completely isolated totalitarian state of North Korea we must create and store copies of all global communication... (Of which approximately none will have originated in NK, our intelligence agencies still literally watch NK news broadcasts to find out what's going on in NK.)


North Korea surely has contacts with the rest of world, to deal with China, for instance.


Yes, but you don't copy all communications to try and find the astonishingly small number from the most closed-off country in the world. This is how the NSA gets smart people to build something they would never set out to build--an all powerful global snapshot of data.

They tell you about North Korea and your radioactive future. You like big problems and give it your best effort, perhaps thinking that you had a small part in saving the world. Then one day you read in the New York Times that your well intended project doesn't just scoop up communications from North Korean thugs, but what you helped make is collecting communications on everyone. It's helping the DEA illegally bust people. It's helping diplomats illegally snoop on our allies. It's helping keep US companies aware of what non-US companies are doing. Etc etc.

tl;dr Anyone could be a terrorist, everyone must be monitored.


> Yes, but you don't copy all communications to try and find the astonishingly small number from the most closed-off country in the world.

What would your collection proposal be then?

You can't determine data of interest until you have sufficient data to determine if it's of interest in the first place. Even the NSA doesn't have an Oracle computer that can look into the future and figure out what vanishingly small percentage of communications are just the ones they should be interested in. If they did, they could also solve the halting problem and rewrite the history of computer science and time-travel.

Remember, the standard the NSA is held up to is that it should not only be following known bad people who are/might be doing bad things, but to ferret out the unknown bad people. Every time there's a Boston or similar, everybody goes and climbs all over the NSA for "not knowing about these guys"

You can't do that until you have a sufficiently large enough collection of unevaluated data to start looking through.

I'm not saying it's right or wrong, only that it's the reality of the task spy agencies have before them.


I absolutely don't dispute that. I am merely pointing out that there is a small number of messages to intercept. The traffic with the AQ Khan network would be a good example. That said, no, it does not justify turning the world into a surveillance state.


TLDR Everyone IS a potential terrorist and ARE monitored.


> Well, following his explanations, you can fail the polygraph and just do it again.

He didn't say you had an arbitrary number of opportunities to pass, simply that the screening (of which polygraph was one of many he mentioned) is such that it's not as if NSA analysts are able to simply wander their way into the NSA so that they can then spy on the people.

That doesn't mean people can't make it through all the screenings (just ask Snowden), simply that it's one of many safeguards that are put in place to make it so difficult to land an NSA job for nefarious reasons that the many other layers of oversight and controls should be adequate to prevent gross abuses.


At a certain point they're likely to cut you off and stop wasting their time watching you fail the poly.


"Are we the bad guys?" http://www.youtube.com/watch?v=OpZ8EkK3eWY <---- that's inside the bubble


> The mental leap here is subtle, but substantial. Since I have been told I can't use US selectors , I assume the system enforces this. As such, US citizens have nothing to worry about.

I think it's fair to say most rank and file NSA employees are honest and actually do believe in their mission. The far scarier thought is how things may work at an extremely senior level (contractors included), where there's literally nobody there to watch the watchers, or at least challenge them without being fired and blackballed.

That said, "US selectors" shouldn't return the results that they do in the first place. Obviously there's incidental collection, which is unavoidable. But the notion of incidental collection, as with metadata collection, was hijacked and used in public relations messaging as a cover for actual domestic collection programs that intentionally capture the full contents of nearly all domestic communications within the United States.

http://www.pbs.org/newshour/bb/government_programs/july-dec1...

Despite exceptions such as the article above, this messaging has largely been successful. Even The Guardian and The Washington Post---organizations who publish stories directly sourced from documents leaked by Snowden---routinely fail to underscore the critical difference between actual collection, and "collection" in the sense of mere authorized access to data that's already intercepted and stored. The two have been intentionally conflated as part of a semantics game, and it's working beautifully to mislead the American public about what's actually happening.


> That said, "US selectors" shouldn't return the results that they do in the first place.

Determining if a "selector" is tied to a U.S. person is actually a very subtle and very hard problem.

Let's take a phone number +1 (212) 555-1234

Is this a US selector? It's a selector for a phone in the US, but that's not the same thing as a phone number tied to a US citizen. Let's say I'm following a senior North African pirate with a Maltese mobile +356 2010-1234 and he calls/is called by my number above?

- Should I follow it? Or is it absolutely off limits for me because it happens to be a U.S. number?

- How do I determine if it's tied to a U.S. person?

- What if it's a shared number between a group of associates, all of whom are not U.S. persons except for one?

- Is that number off limits now?

- If it is a U.S. person what should I do with it?

- Pretend it doesn't exist? Turn it over to U.S. Federal law enforcement? Who should I turn it over to? DEA? FBI? ATF? DHS? The Coast Guard? U.S. Customs and Border Patrol?

It's actually a significant intelligence task to figure this out.


I agree completely.

However, my statement was not intended to be read in isolation, but in context of "domestic collection programs that intentionally capture the full contents of nearly all domestic communications within the United States." I was referring to the bulk interception and subsequent long-term retention of data on US persons.

The implication of my statement was: assuming this type of collection didn't exist, selectors related to potential US persons (for whatever reason) would simply return intercept data beginning from the time said selector was invoked.

Contrast that to the present, where selectors are capable of retroactively returning the sum total of a US person's digital (and by some extension physical) life for the past 5+ years.

It's commendable that the procedures for accessing the data of potential US persons are so stringent, but at the end of the day there is still an incredibly intimate and detailed picture of almost every single US citizen's private life being retained on a long-term basis.


> The mental leap here is subtle, but substantial. Since I have been told I can't use US selectors , I assume the system enforces this. As such, US citizens have nothing to worry about.

For the life of me I cannot figure out why people refuse to accept the concept of training and policy as being relevant to proper civil liberties safeguards in addition to technical ones.

Imagine applying that idea to any other field, and keep in mind the unintended consequences.

For instance consider from a soldier's perspective "Since I've been told I can't shoot citizens or non-combatants, I assume the system enforces this. As such, US citizens and non-combatants have nothing to worry about." And yet our troops do have issued firearms (at least during things like field exercises and training), and the republic has not fallen to a coup. There are missile siloes dotted throughout the Midwest, yet no rogue junior officers or missileers have launched ICBMs at people.

You're missing his greater point, which seems to be that it didn't even occur to him to "test the interlock" since he knew that by law and by policy, it was wrong to even try. He also made quite clear (if you'd bother to read to the end instead of cherry-picking quotes to declaim) that this doesn't mean such technical controls can't or shouldn't be strengthed, merely that there is indeed a "culture of compliance" among the analysts instead of a bunch of voyeurs.

> > one employee spied on a spouse

> So much for automated analysis, besides not being able to filter out US citizens' data it can't even filter out an employee's direct family. But there's no need to worry citizen, the NSA has a very high-quality workforce.

Is it really your claim that a workforce must be 100% perfect in every way for an organization to be legitimate? Even the anarchists don't try to claim that there won't eventually be murderers amongst them, nor is there anywhere else in the real world where spouses are always exceptionally nice to each other in everything they do. Just ask Ashley Madison.

> The most technologically advanced intelligence agency in the history of the world and they have no idea what files were electronically taken by one of their own.

They also haven't solved the Halting Problem.

But anyways I know I'm going to be speaking to an uncooperative crowd but perhaps you all should consider the high-level points of his "peek inside" and then discuss the ramifications of that, instead of always drilling down into the weeds. Many of the same arguments used here could be used with equal logic toward every large civilian IT concern, which would tend to devastate the need for things like YC capital. :P


> Imagine applying that idea to any other field, and keep in mind the unintended consequences

The difference from other fields, is that the consequences in other fields are public. If a soldier shoots someone, that someone is dead and can prompt an investigation.

If someone in the NSA abuses his powers, it is very likely that nobody will ever know. Or be able to know. No investigation will be triggered, and even if one is, it cannot possibly gather any evidence.


> If someone in the NSA abuses his powers, it is very likely that nobody will ever know.

But this claim is only a concern if an analyst can unilaterally abuse his power and never be caught. Are you saying this type of surveillance capability would then be acceptable if proper accountability and oversight safeguards can be emplaced?

If anything this should be one of the easier things in the world to do, putting audit trails on computerized systems is hardly "pro league" stuff.

But either way, you say that the consequences will at least be public in other scenarios. But that's not really true either. People get shot every day in this country; how do you know that any given shooting wasn't from a soldier? How do you know when the government lets a contract that they actually fully complied with the Federal Acquisition Regulations? How do you know that when a Congressman votes against his normal voting habits, whether that vote was due to his conscience or due to someone else's wallet? How do you know that when the NSF gives one scientist a grant and refuses another, that it was done in the public interest?

You don't know any of this, as a rule, and yet many of those are much more impactful on the average citizen, even if we assume the existence of lapses in oversight.

As far as I can tell with government IT, your data will always be at more risk of being leaked to cybercriminals via hacking or stupidity (the latter has happened to me already!), than be at risk of being looked at by a rogue NSA agent.


I thought the track record of the US Government on the matter was pretty clear:

1) Write down the law

2) Break it

3) Retroactively make the violation legal

Wrt to what oversight exists, well... the fact that they have no idea what material Snowden took with him is telling. But that's not what I'd be the most worried about. How hard would it be for the White House to ask information about a specific individual for "national security" reasons?

> But either way, you say that the consequences will at least be public in other scenarios. But that's not really true either. People get shot every day in this country; how do you know that any given shooting wasn't from a soldier?

I'm not a US citizen, but I would think murders are investigated by the police. It's usually difficult to hide.

> How do you know when the government lets a contract that they actually fully complied with the Federal Acquisition Regulations?

I suppose there are audits? Not to suggest that abuse does not exist, but I assume there is some oversight.

> How do you know that when a Congressman votes against his normal voting habits, whether that vote was due to his conscience or due to someone else's wallet?

You certainly don't, but you can make an educated guess.

I'm not sure what you're trying to say here. That the NSA doesn't need any form of oversight, and can be 100% trusted with the power to snoop on everybody belonging to any country (knowing - in case you thought "I don't care about these dirty foreigners as long as they promise not to look at US data" - that nothing prevents them from asking another Five Eyes member about your whereabouts without breaking the rules)? From the same government which gave you Guantanamo, extraordinary rendition, warrantless wiretapping and extrajudicial executions-by-drone? Their definition of legality is terribly elastic.


> I'm not sure what you're trying to say here. That the NSA doesn't need any form of oversight, and can be 100% trusted with the power to snoop on everybody belonging to any country

That's not at all what I'm trying to say. In fact I would argue very strong oversight is needed, but I'd also argue that very strong oversight is possible in the first place, which means that oversight (or not) is not the proper reason to argue about the very existence of the program in the first place.

In other words, the program(s) are either required or not. If they are required, determine the needed level of oversight and install it. If it's not required, then it's not required and discussions about oversight are simply redundant.


>If someone in the NSA abuses his powers, it is very likely that nobody will ever know.

You mean, besides his family, friends, and loved ones when he loses his job and potentially ends up in prison. You're underestimating the amount of training and internal oversight that occurs.


... because this has happened how many times?


Folks have lost clearances and jobs. I don't know about prison time. But I do know the fear of these things happening is a motivating factor not to cross the line. But I'm just some guy...


The problem here is that you trust the organization to police itself, whereas it has little incentive to actually do so effectively.

The cases of caught individuals seem to have gone under-punished, as they sound worthy of prison time.

Also, even if the NSA polices against personal abuses, why would it police against systematic abuse for government's purposes against the constitution?

Self-policing does not work well, especially without elaborate mechanisms to enable it to work, and especially with a combination of secrecy and lack of oversight.


I'm not saying I trust it to police itself. I'm trying to suggest that the environment in which NSA analysts work does have a (positive) material effect on their behavior. Non-systemic transgressions are not common. When Snowden said he was able to check Obama's email, that angle was lost.

Now, systemic problems are a different issue. But the article we're all talking about here is written by an analyst from his own perspective.


So, you're claiming this, despite 0 people having ever been sent to prison due to this?


This reads like it was penned by someone who's never heard of the Stanford Prison experiment or Milgram's research. When I read "I have a very high opinion of my former coworkers ... NSA employees are the law-abiding type ... You take a long automated psych test that flags troubling personality traits," I take away "the NSA is full of the kind of person who won't look at the big picture, who will follow orders without exercising critical thinking, and who can be counted upon to be a Good German."

The problems that the HN crowd (speaking broadly) has with the NSA and related entities, are systemic problems. They are not about, "is act X legal or not," they are not about "was this particular incident harmful or not." They are about root of the thing: about the high-level agenda, about the strategies, about the ideas. It does not in the least address these concerns to say "oh, my coworkers are fine folks, we work hard to obey the law, there are scary people out there!" This says nothing to the counterarguments of "we shouldn't have to trust you" (really, you could say that the field of cryptography is about replacing situations where you have to trust a human with situations where you only have to trust math), "the law itself is a problem," and "you haven't proven that you are doing more or better compared to other ways we could push back against scary people."

As with any government agency, the more they insist that they must not be held accountable, the more accountability we should jam down their collective throats. The first sign of someone who can't be trusted with power is that they ask for more of it.


I take away "the NSA is full of the kind of person who won't look at the big picture, who will follow orders without exercising critical thinking, and who can be counted upon to be a Good German."

That is exactly right. Employees of intelligence agencies are selected primarily for loyalty, not critical thinking. Most people find that hard to believe, especially those inside who tend to have a very high opinion of themselves. In intelligence, recruiting independent minds is a mistake.


It feels like saying Bletchley Park just needed more diligent and loyal crib workers and they would have solved the Enigma.

Without Turing and the Bombe where would we all be?


Yeah well back then we had actual opponents. North Korea are crackpots, and some fundamentalists prefer living with goats in caves to comfortable air travel, but never in a million years will those cranks be the threat that the Axis or even the Soviets were.


Do you believe that China isn't a worthy enough competitor in electronic espionage? Or the occasionally conflicting interests with Russia and other countries?

The main job of NSA isn't to support short-term military operations in whatever location they're fighting today, they have to ensure that if they suddenly need to focus on country X, then they already have years/decades worth of collected intelligence.


And of course, what you say about "country X" also applies to "individual Y," doesn't it? How convenient.


Obviously North Korea isn't near the threat of the Soviets/Axis, but I'd say they have a very real capability to destabilize, at the very least, the Korean Peninsula (non-violent dissolution), and at the most all of SE Asia (A nuclear attack/violent dissolution)


How do you know this?


There was an article about how they prefer to hire Mormons. It was interesting because this was before it was revealed that the largest NSA DC was to be built in Utah.


Wow, way to throw an entire religion under the bus to "prove" that the NSA is only looking for mindless zealots.

I have heard intelligence and law enforcement agencies like Mormons for things like being bilingual (many have learned a second language while serving a two-year mission full-time) and being drug- and alcohol -free.

Disclosure: I'm a Mormon. I can't blame people too much for thinking we are all unquestioningly loyal zombies, but I think we all know it's not really a fair point if you're trying to make a logical argument.


You clearly missed the part of my comment that said "there was an article that said". - I am in no way throwing anyone under the bus.

I'm on mobile - but I have posted the article here before. If I remember later Ill find it and provide you the link


The article is basically irrelevant. Someone said intelligence agencies select "primarily for loyalty, not critical thinking." Someone else wondered how this can be known. You said because they like to hire Mormons. (Maybe you didn't mean "because", but I can't imagine any other implied connection between the post you replied to and your own.)

See why it's offensive? at least without well-cited statistics demonstrating that many Mormons are more loyal than average and will not think critically if following an authority figure? It's like someone said banks value greed, and you answered "Yeah, because I read an article that they prefer to hire Jews." I don't know, maybe I'm reading too much into your post.

In context, you were taking it as read that Mormons are known "primarily for loyalty, not critical thinking" (not your quote, but from grandparent post) and assuming that is the only conceivable reason a government agency could want to have them. I doubt that a well-written article you read used that kind of presumptuous, circular logic. It probably just said intelligence agencies like to hire Mormons.


1. The article:

http://www.businessinsider.com/11-surprising-things-you-didn...

The apparent incorruptibility of Mormons' moral righteousness make them ideal candidates for the nation's law enforcement and intelligence agencies.

Mormons are disproportionately represented in the CIA. A recruiter told the Salt Lake Tribune that returned Mormon missionaries are valued for their foreign language skills, abstinence from drugs and alcohol, and respect for authority.

>See why it's offensive?

Why should I be so sensitive to what offends you when I am simply referring to something someone else wrote?

I can think of far better ways to offend you.


Thanks for the article, but you still don't get it. It's not the words you said, or the existence of an article that said them first, it's that you said them in a context that seemed to circularly "prove" both that Mormons are known "primarily for loyalty, not critical thinking", and that NSA values those personality features above anything else, all under cover of an accurate statistic from a reputable article. If you care to understand or to convince me, look at my hypothetical Jewish thread analogy from last post and explain why it is either a) not offensive/illogical, or b) is not a fair analogy to the thread here. (To be honest, I probably would have said nothing if you had targeted another group, but I still would have found your post illogical and prejudiced.)

Either I am completely crazy here, looking for offense, or you can't empathize very well. I feel that I really don't care or get offended if individuals think I or any other Mormons are just loyal robots or gullible fools, or NSA et al. like hiring us for it, but it's totally illogical (and offensive to the spirit of healthy, honest discourse) for you to cite either as if they're a proof that the NSA only wants loyal robots. And maybe that is a completely misunderstood characterization of your original comment, but all your replies have been doing are re-emphasizing the parts I don't disagree with and seemingly ignoring the real issue. I'm not even demanding an apology or anything, but some sort of recognition of my real point or a nuanced rebuttal would be nice.


Minor nitpick: at cryptography you are not trusting math, because it has not been mathematically proven that no algorythm exists to break a certain crypto method in five seconds on an off-the-shelf processors given only the cyphertext (except possibly for one-time pads with their drawbacks).

But after hardworking experts try and fail for years to break a crypto method, you can somewhat trust that attackers won't find it either.


> As with any government agency, the more they insist that they must not be held accountable, the more accountability we should jam down their collective throats.

Did you read the same essay I did? He didn't argue for less accountability (indeed, he argued for more). He did argue that the capability had to remain in order for the U.S. to maintain its ability to survive in the ongoing shadow cyber battles.

I agree with you that the high-level concerns are the real key, but you seem to working at it in the opposite direction. You have a specific end in mind, seemingly independent of any high-level examination of the effects of achieving that end. Then you say that the high-level things (law, trust, comparisons, etc.) should be arranged to meet the specific end.

Rather I'd argue it from the other direction, just as I have from day 1 of all of this: Does a country need to have the ability to monitor the goings-on of electronic communications (including the Internet) for its welfare & national security purposes? If so, what capabilities are needed? Is "pre-emptive self defense" needed (or even allowed)?

Do the totality of these capabilities introduce a risk towards civil liberties, or otherwise conflict with law? If so, can they be mitigated, must the law be changed, or should the state simply abdicate its security/welfare reponsibility (noting that it would be only the US doing the "abdicating" here)? Can the state employ other capabilities that can achieve the same essential effect with less risk on civil liberties?

Some of these questions you touch on, e.g. "you haven't proven that you are doing more or better compared to other ways we could push back against scary people.", but many are ignored completely as it is simply assumed that absolute privacy on the Internet is sacred (but only for the NSA; criminal organizations, other nation's intelligence agencies, and the local cypherpunk wardriving around are obviously not a threat), even while absolute privacy on the old landline phones was never a reality.

The best argument I've heard so far has been that the sheer scale of this type of network surveillance, along with its near-undetectable nature, makes it different in kind. I actually agree with that viewpoint, but I also think that this matter of scale makes it possible to install good oversight and accountability if the capability is actually needed. It would take probably at least 10 people just from a "command + control" sense to launch a U.S. nuclear missile; there's no reason even better accountability, oversight, and specific legal guidance and safeguards can't be baked-in to a one-and-only central monitoring system.

But the question is whether we need the capability, and no one seems to want to take a specific answer as to why the U.S. (and the U.S. alone) can survive without it.


"Even if you are not a citizen of the Five Eyes, you shouldn't be worried about your data being viewed unless you're involved with a group of interest, such as a foreign government or violent organization."

Huh, so:

- My best friend's dad was a spy in the CIA

- During the 70s and 80s my dad worked with Russian scientists (also ones from Poland and other Communist Bloc countries). Ecology stuff, mostly.

- I've been in "interesting" circles in the crypto arena, and know people who are almost certainly under surveillance.

So, how likely is it that my email is read, that my phone records are looked at, and so on? What are the chances that I'll have trouble the next time I cross a border or try to board a plane? One percent? Fifty percent?

Am I going to get my Name on a List because I've said that we need to stop allowing the NSA to build more data centers? That I think that Dianne Feinstein needs to be removed from office?

I don't do anything that interesting and my life is quite frankly pretty boring; my personal concern about any damage from someone looking at my emails to Mom is small. But I'd still like the government to get a lot smaller in this area because I'm afraid of what things will look like ten years from now, when data mining the innocuous stuff you did fifteen years earlier gets you Special Treatment at those DUI stops.

The "developed capacity equals intent" bullshit works both ways.


You have a great point, and the TL;DR of OP's entire post is "Unless you're doing something wrong, you have nothing to worry about."

Which is the slimmest argument I ever hear in favor of these pervasive civil rights violations.

I've never been a terrorist, never given any information to a foreign enemy, hell, I've barely ever even broken the law. But I do have a personal interest in Russia, speak Russian, and have been to Russia 14 times.

Am I on a list somewhere? Maybe I have done "something wrong" in the eyes of some automated, arbitrary algorithm that's connecting the dots of US citizens around the globe?


> Unless you're doing something wrong, you have nothing to worry about.

A nice comeback is to ask the accuser to apply similar standards as a universal principle. I mean if NSA didn't do anything wrong why worry about Snowden leaks. Or why doesn't Google show us their search algorithms?


Doubt it, Russia isn't the enemy anymore, it is a country in disarray, trying to pick up the pieces after communism.


If there is anything to learn here, it is that a specific enemy is not necessary. You could get back-roomed for having said "I like Froot Loops" in a private email a decade ago. It could be /arbitrary/.


Or they could just lie.


Just like they could simply ignore the law and conspire with telecom companies to do the snooping anyways. :P

If you're going to assume that level of malice on the part of government then the game is already over.


A number of countries could be of interest, not just "the enemy".

Recall that Russian sleeper agents were arrested in the US as recently as 2010.


> "Even if you are not a citizen of the Five Eyes, you shouldn't be worried about your data being viewed unless you're involved with a group of interest, such as a foreign government or violent organization."

This really is a key quote. Even if OP's assertions about the NSA are totally correct, even if all security protocols are followed to the letter, the problem still remains that they have a tremendous amount of power that can be used to target anyone deemed an enemy of the state.

I think a lot of contention on this issue revolves around how much you trust the government to appropriately designate enemies of the state. Many people believe the government is responsible about this, and that it will only go after people who a reasonable person would consider "dangerous." The problem, of course, is that the United States doesn't exactly have the cleanest track record of appropriately focusing its wrath:

http://en.wikipedia.org/wiki/COINTELPRO

(And yes, I know COINTELPRO was FBI, not NSA... I believe it's still an instructive example of government overreach.)

Anyone who defends the NSA on the grounds that it only targets those who are worthy of targeting needs to convince me that another COINTELPRO will never happen. I would actually welcome such an argument, since it would make me feel a whole lot better about this.


It doesn't even have to be on the level of COINTELPRO. See here:

> The history of the FBI Lab hasn't been without controversy. Dr. Frederic Whitehurst, who joined the FBI in 1982 and served as a Supervisory Special Agent at the Lab from 1986 to 1998, blew the whistle on scientific misconduct at the Lab. In a subsequent investigation, it was found that evidence had been falsified, altered, or suppressed, or that FBI agents had testified falsely, in as many as 10,000 cases, resulting in many false convictions. More than a decade later, cases were still being overturned because of this massive fraud.

http://en.wikipedia.org/wiki/FBI_Laboratory#Controversy


So, an interesting question is, how many people do you think believe that all COINTELPRO targest in fact were 'worthy of targetting'? For some targets, the number of people who today think they were 'worth of targetting' may be way different than the number who may have thought so at the time. (If MLK was held in as high regard 40 years ago as he is now, he would have had a lot less work to to do).


Am I going to get my Name on a List because I've said that we need to stop allowing the NSA to build more data centers? That I think that Dianne Feinstein needs to be removed from office?

Beyond the monitoring, the deeper point of Big Brother in the book "1984" was the worry about whether what you were doing made you subject to punishment. Foucault also covers this in his discussions of the panopticon, where it is one thing to have a mechanism for constant and pervasive surveillance, and quite another when the windows of surveillance are tinted so you can never know whether the collection is being aimed at you.


Is this the best defense of the actions of NSA employees publicly available?

He spends a lot of time denying pervasive surveillance puts us in a panopticon where the FBI and other LEAs can observe everything we do. And never mentions parallel construction once.

He tries to justify a Cold War sized, and then some, security state by invoking North Korea.

This is a big bowl of very weak sauce.

The director's standard of candor is "least untruthful."

I really don't care what a mid ranking employee says about what the NSA will and won't do. EVERY revelation where people in this forum have given the NSA benefit of a doubt in the form of "they could, but they wouldn't" has max'ed out at "would do, did do, and trying hard to do it more" once more revelations have emerged.

The NSA can't be trusted with what it has.


"Project MINARET was a sister project to Project SHAMROCK operated by the National Security Agency (NSA), which, after intercepting electronic communications that contained the names of predesignated US citizens, passed them to other government law enforcement and intelligence organizations." - http://en.wikipedia.org/wiki/Project_MINARET

The NSA has a history of sharing intelligence with LE, to state that the NSA is not a LE agency is extremely misleading, if not an outright lie. Not only did the NSA do this in the past but the Snowden revelations show that they continue to do this.


There's also little analysis (here or elsewhere) of the consequences of widespread data warehousing. Why pay agents to listen to personal calls, when you can stockpile intel for the day you might need it, and analyze it via algorithm?

I foresee a day when every American has a dossier, a smear campaign, and a law enforcement attack plan on file, in case they decide to "make trouble" for the powerful. It's highly probable we're there already. Look at the history of harassment against MLK if you don't believe me. Even if they're not doing it now, sweeping up all the data in perpetuity guarantees that they'll do it later.

(I may disagree with this guy fervently about the NSA, but I'm extremely psyched to try his mayo. Good for him for transitioning into something useful.)


It would be great to see a cheerful launch page for a satirical startup that automatically generated smear campaigns for governments against persons of interest. "We use of the expanded information capabilities of our client agencies to maximize the plausibility of our allegations!"

Pricing!

$8,000: General fear, uncertainty, and doubt (duration: 2 months)

$15,000: Complete discrediting (duration: 6 months -- best value!)

$50,000: Overturn their life with "Anonymous"-style harassment (e.g. triggered by c pornography "revelations" -- duration: two years)


if your customers are governments, I think your prices are missing one or more 0s


The dossier exists in the form of all the collected communications. Moores law and Gustafson's law will allow your entire life to sliced, diced and trolled for breaches of the law in seconds. Lazy, deferred evaluation of the police state.


> I'm extremely psyched to try his mayo

Why. The only (vaguely) scientific argument the paleo diet has against legumes falls apart when you're just extracting the oils (which is not where the "toxins" are). Apart from that it'd just be an organic no-preservatives mayonnaise, and that's already widely available.

It's just another example that this guy will swallow anything you tell him with sufficient amount of authority.


On one hand, I completely buy his assertions about China's pervasive hacking attempts/successes and that the NSA is our best tool for stopping them.

On the other hand, you're right on the money about parallel construction. In my book, that's the one thing that sent the NSA "over the line." It's good to hear that many NSA employees take the police/military distinction seriously, but we know for a fact that some higher-ups don't and he didn't mention the most egregious case of this, not even once. Also, he invoked the "it only happened if they get caught" assumption while commenting on the frequency of abuses, which is highly suspicious.


Thanks for letting me know about parallel construction - I hadn't heard of it.

You're right, abuses probably have happened more often than those caught.


How can you defend a program in a public way like this without having the most basic understanding of what we know about it? Parallel construction is one of the basic story lines that has come out of the Snowden leaks.

They painted fascism with an American flag, and you ran it up the pole.

In a way its' embarrassing for the NSA to get a defence that is written by such a rube. But at the same time, the general public doesn't seem to be concerned, so perhaps it was unnecessary in the first place.

I could be wrong, but I think there is a bit of cognitive dissonance in your statement. I think you are slowly coming to realize that your actions were wrong; that you do need to defend them. The bad news is that you you fucked up, and you owe the Americans you pretend to care about an apology.


If you'd never heard of parallel construction before today, that seems to powerfully undermine your credibility. Why should we take you more seriously than someone who says "I was a secretary at the NSA for years and I never heard of anything bad happening, therefore nothing bad happened"?


"I was in the Computer Network Operations Development Program, and my office was S32X: Signals Intelligence Directorate (S) > Data Acquisition (S3) > Tailored Access Operations (S32) > Special Tactics and Techniques (S32X)."

I think it is reasonable to say that he is slightly more informed to speak on these issues than a secretary.

It's really not surprising he hasn't heard of parallel reconstruction, considering:

https://news.ycombinator.com/item?id=6911200

Also, there's no need to be so hostile. It's simply his point of view, and by the very nature of the restricted work environment at intelligence agencies, it's not reasonable to expect him to have a complete picture.

To quote the very post of his that you're replying to:

"You're right, abuses probably have happened more often than those caught."

He's hardly saying nothing bad ever happened, or that all abuses are known for that matter.


> by the very nature of the restricted work environment at intelligence agencies, it's not reasonable to expect him to have a complete picture.

How is that different from "he lacks credibility" ?


Credibility and scope are two different things. His claims can have limited scope and still be credible. I don't see any reason to doubt his character.


> I don't see any reason to doubt his character

His character is secondary to his veracity.

> His claims can have limited scope and still be credible.

His claims were about the NSA. That is the scope over which we all agree he is not a credible source on.


Come on, "left hand isn't aware what the right is doing" isn't just plausible, it's standard practice at any organization larger than a dozen or so people.

He never claimed to have more than anecdotal evidence regarding the NSA. He never asked to be taken more seriously than, as you so derisively put it, a well-placed secretary (actually, I suspect a secretary would have a much better high-level picture of what was going on, but I don't think you intended an actual comparison).

I'd like to thank him for adding his perspective to the discussion. Even though I'll be keeping my opinion, it is good to know that in some (most?) parts of the NSA, the culture of taking jurisdiction seriously still pervades. It could be a lot worse, and absent this admittedly anecdotal evidence it's difficult to know what to believe.


> Thanks for letting me know about parallel construction - I hadn't heard of it.

You should have heard of it. It was brought up the last time you posted your blog post to HN:

https://news.ycombinator.com/item?id=6882823


Have you heard of COINTELPRO http://en.wikipedia.org/wiki/COINTELPRO and the Church Committee http://en.wikipedia.org/wiki/Church_Committee ?

Quiz, where did the FISA court come from?

http://www.pbs.org/moyers/journal/10262007/profile2.html


> Thanks for letting me know about parallel construction - I hadn't heard of it.

Seriously? Have you - as far as the NSA's activities goes - been living under a rock?

... oh.


I agree this is a very weak justification.

But it plausibly is just what a purports to be - a portrait of the mentality of a rank and file NSA employee (I don't see any evidence that he's even "mid-ranking" if "mid" means middle management). That mentality seems to be a fusion of "surveillance doesn't matter if you have nothing to hide" and "America is under siege".

The thing is, it is good that the NSA has a lot of sincere employees are not now simply there for the power. It seems like this means instances of surveillance abuse are only period rather than constant. This puts them above the level of local police, who tend to have a fair of "ex-high school bullies and wanna be bullies". Yes, that's good but given the NSA's unchecked power, if an "institutional drift" towards the cynical use of power began in earnest, there isn't much people could do legally to stop that. And that is very bad.


Be careful what you wish for. The True Believers are the most dangerous. Cynics are more connected to reality.


The most dangerous are the Cynics who pretend to be True Believers, they are the prophets who know damn well that the eschaton isn't here but that there will be money to be made in the reconstruction. Some folk don't mind how small the pile is as long as they can stay near the top of it.


  EVERY revelation where people in this forum have given the
  NSA benefit of a doubt in the form of "they could, but they
  wouldn't" has max'ed out at "would do, did do, and trying
  hard to do it more" once more revelations have emerged.
I find it increasingly scary how people continue to defend the NSA's actions in the face of these escalating revelations. It almost feels like Stockholm Syndrome.


Translation: Trust us, we are the good guys.

This blog post does nothing to answer the fundamental questions that the Snowden leaks have raised. This man basically argues that, with few exceptions, everyone that works for the NSA is a true American and a patriot who only has your interests at heart and what is a little spying amongst friends anyway. Follow that with some scary hints about cyber war with nuclear responses to further raise the stakes (and the fear) to justify their dragnet surveillance police state. This man is a moron if he can't see that constitutional protections were not created to protect us from good people but bad people who can gain control of such a system in the future.

Moreover, if what he says is true that we are facing real dangers then the government has the obligation, in a free society, to reveal these threats and explain what they are doing about it. The method of using such secret threats as a basis for increase police powers and (implicit) suspension of constitutional rights is not proper for a free society.

If the result of the so called "war on terror" is a gutted and shredded constitution then I'd say the terrorists have won.

Edit: Apparently Loren is a man, Sorry.


"Moreover, if what he says is true that we are facing real dangers then the government has the obligation, in a free society, to reveal these threats and explain what they are doing about it. "

Could not agree more. To make good decisions as a nation, we need good information. When everything's classified TS/SCI or above, most Americans are denied an accurate description of reality on which to base their decisions and their votes.

Bad guys may do bad things to us regardless of whether their conduct and methods are revealed to all or classified into invisibility. If the NSA revealed everything it knows and does, it would in the near term, wreak embarrassment and economic damage on some parties, but in the longer term would help us craft a better country.

By analogy, nobody would keep money at a bank that couldn't be audited. Why would you entrust your society's core values of privacy to a completely opaque government entity having no independent oversight?


I think that giving credit to the terrorist, and saying that they have won, is wrong. The kind of paranoia that defense forces have operated under has always been there since WWII. The only thing different now it that people are a lot aware of what could be/is happening.


If we commit suicide by destroying the constitution and the freedoms it embodies then the terrorist goal of destroying America is achieved. I see your point though, they would not deserve credit for our failure to stand up to an internal threat, so consider it poetic license to dramatize my point.


Actually, it's a man, but otherwise you're right.


"I'd say the terrorists have won."

There is no such thing as 'terrorists'. It is wrong to imagine that there is a group of evil doers [I am an ESL and this expression always cracks me open:)] that is (1) organized and (2) focused on an agenda to harm United States. If you think so then you fell victim of the greatest fallacy pulled by the government.

The deterioration of your way of life is not due to some struggle with imaginary bad people, but due to the evolution of your government, which is becoming more fat, arrogant, detached from reality and self-centric. NSA is a natural spin in such evolution, where you transform from Huxley's Brave New World to an outright 1984.


The author is a man.


"We all know that it's illegal to look at a US citizen's data without a court order. I use the term "look" deliberately: the Agency makes the distinction that looking at data is surveillance, while gathering it from locations outside the US is not. We gathered everything, and only looked at a tiny percentage of it. I am okay with this..."

This is more perverse NSA interpretations of the law.

Collection is the crime.

It does bother me that the NSA asserts a right to hold copies of my GPG-encrypted messages indefinitely. It bothers me more that my web traffic, address book, or phone metadata ends up in a government database even if only temporarily.

I don't care if Google's computers were abroad or not, but they belonged to an American company.

The United States government penetrated the network and intercepted the communications of an American company. That's one of the most egregious violations of the 4th Amendment that the American government has ever committed. Don't pretend this is something that is right.

The NSA had no legal right to spy on me, and they did -- even if you say it's likely no one looked at the data. I don't care. Collection is the crime.


First off, congratulations for coming forward and giving what sounds like a honest account of your experience at the NSA. You haven't chosen the easiest forum to air your views, and that takes courage.

However, I can't disagree more with your views. You don't mind if [your] emails are copied to an Agency database and likely never read and because from a technical standpoint it would seriously impair our ability to spy if we couldn't gather everything. Really? You may be familiar with a certain Richard Nixon. How would you feel if a similar character came into power tomorrow? Imagine all the wealth of information at hand. All this... without independent oversight. The only thing you need is to make sure a second Snowden comes forward to explain how you're spying on your opponents. And I can't even begin to imagine how much this juicy information means in terms of economic intelligence. Of course, you cannot push this angle too much, because it would mean the end of the cooperation with your partners. This wonderful agreement you have to keep the free world safe. Thanks, but no thanks. I don't want security at this price.

History is littered with examples of power without accountability. And we don't need to go very far... just read any history book about the CIA. I'm sure their personnel is mostly composed of law-abiding patriots. This ends up the same way anyway: coups against democratically-elected governments. Drugs. Assassinations. Torture. And don't tell me that times have changed. The Guantanamo inmates are laughing at you. The Bagram inmates are laughing at you. Even John Yoo is laughing at you.

And that's only looking at it with the eyes of an American citizen, which I'm not. But in the end, what difference does it make? NSA, GHCQ, DGSE... Aren't you all cut in the same mold? You certainly sound like you believe in what you are doing. I'm sure STASI agents did as well, but they were never this successful.


No offense to OP, but this reads like propaganda to me. It feels like someone at the Pentagon realized they weren't winning the war of the minds of hackers, so they encouraged some of their own to blog about their experiences.

I hate to sound like a tin hat wearing conspiracist. I really do. But I wouldn't be surprised if there was some sort of concerted effort by the NSA to encourage a dialogue with hackers on platforms like HN.

Sorry for the paranoia OP. Glad you enjoyed your time at the NSA.


I set up an account to reply to this comment; I have an informed opinion.

I expect that the blog post is sincere. If the NSA or another government agency wanted to manipulate the discourse on this or a similar site, however, they would (not could, would) do so by setting up a large number of active accounts over a long period of time. These would promote articles without triggering voting ring algorithms.

For the last couple of years I have been an active participant in a part of the blogosphere that is inspired by Unqualified Reservations, a contrarian ("(neo)reactionary") blog. I recently discovered that many of the (active and quite long-standing) blogs and commenters in this online community are fraudulent. It is the situation described in Wikipedia's article on COINTELPRO: "pseudo movement groups run by government agents". This includes people with whom I've had email and even a Skype conversation.

Since the realisation, I've managed to have a little awkward and plausibly deniable dialogue with these "bloggers" and "commenters". The message seems to be that they view neo-reactionaries as a group of potentially violent dissidents whose memes, if they were to spread, would lead to serious public disorder. So it's a political broken windows theory, in which the NSA or FBI are guardians of public opinion (although I happen to be English). Apparently they have been watching closely and collecting "data" for over a year.

So, mtgentry, I don't think you are too paranoid at all. (Although I would have done until quite recently.)


I recently discovered that many of the (active and quite long-standing) blogs and commenters in this online community are fraudulent.

Realizing the potential awkwardness of this request from a stranger considering your message, is there anything publicly published about this particular situation?


No. If you want more details, please use the email address on my profile.


Did the possibility ever cross your mind that the fake accounts and users are simply an attempt by a very small fringe group to bulk up their numbers and look like a more legitimate political concern?


No offense taken. I was not asked to write this, nor guided in its contents by the government.


Really? why should anyone trust in anything coming from the NSA when you are systematically lying again and again? why should we listen to anything you say when historically, part of your strategy is to try to influence the PoV of society || specifics groups?

Specifically: how are you so sure about what the NSA is doing? in your article you say that the NSA does not do SI on US citizens without a warrant, but how can you really know that if you are just another worker? I don't think you can... but hey, you seem like a smart person so why are you making that kind of statement?

> I was not asked to write this, nor guided in its contents by the government.

I find this hard to believe, especially coming from someone in your area: if there is no way for us to verify this statement, then how relevant can this comment be for us?


why should anyone trust in anything coming from the NSA when you are systematically lying again and again?

That's a bold claim - do you have any evidence that lorendsr, who is by his own admission no longer employed by the NSA, has been systematically lying again and again? Or that historically, part of his strategy is to try to influence society or specific groups? Or are you claiming that part of the NSA's employment process is the removal of independent thought and plugging into the collective hive mind?


> That's a bold claim - do you have any evidence that lorendsr

I meant "you" the NSA, not lorendsr... I don't know him.

But yeah, sorry if my distrust of people who say they worked for a government agency that has as its main PR policy lying and manipulating public opinion sounds harsh... I'm just a bit angry because I'm not a US citizen and I know that my use of pgp,otr,tor,i2p,self-signed certs is enough to make some powerful organization start registering every single move I do on the Internet.


> Or are you claiming that part of the NSA's employment process is the removal of independent thought and plugging into the collective hive mind?

That is most likely the reason. Even reddit doesn't jerk this hard.

The OP's submission is a valuable one, even if you disagree with his views.


Of course it's valuable - as evidence of the brainwashing NSA employees must go through to justify their actions to themselves and their families.


Did your post have to go through some sort of internal review before you were allowed to publish it? I find it weird that you're allowed to blog, let alone blog about the NSA.


See bottom of post: This essay was deemed UNCLASSIFIED and approved for public release by the NSA's office of Pre-Publication Review on 11/21/2013 (PP 14-0081).


Hmmm... where do we find out about all the CLASSIFIED blog posts? NSA internal forums? Any place where there's a summary of these reviews as metadata, hence leaving the content "CLASSIFIED" ? Who is watching the watchers?


Thanks cypherpunks01.

I flagged it for my to-read list for after work. I'm an idiot and didn't RTFA.


Did you read the friendly article?

This essay was deemed UNCLASSIFIED and approved for public release by the NSA's office of Pre-Publication Review on 11/21/2013 (PP 14-0081).


> nor guided in its contents by the government.

Are you sure about this?

The government tells you what is classified and what isn't. If you have ever been privy to any classified material, you will have made the decision to self-censor that information, to keep the essay unclassified. In other words, you will have removed information that the government told you it didn't want published.

Granted the control wasn't overt, but the government has influenced your writing via your past and the controls that were embedded when you went though your initial security induction.

If it works differently to this, please do explain it to me, as I would be interested to know.


I just mean that I wasn't told what to write by a USG PR person. The only thing I heard from the NSA about it was that I didn't have to redact anything.


Thanks for replying.


You came up with all of these points by yourself?

I'm quoting m8urn's post from upthread:

> m8urn https://news.ycombinator.com/item?id=6911796

> It all seems so sincere. Except when you see how closely this matches the talking points the NSA sent home with employees https://s3.amazonaws.com/s3.documentcloud.org/documents/8445...

I don't disbelieve you came up with all those points yourself, btw. Maybe you've never even seen that PDF hand-out. However, you couldn't have reworded this obvious piece of propaganda any better, if you did.


Oh ok then. Stupid of me to think otherwise.


How would they encourage "internal" blogs though - asking directly would most likely raise flags, or a flood of insincere blog posts that would counter the desired result.

What I'd be more interested in is how much this issue is being discussed internally. If these discussions are allowed, or even surreptitiously encouraged, then I'd take that as a possible internal propaganda push, subtle as it may be. What's in the conscious mind gets written about, hence you'd see these kind of "justification" posts.

If there was very little internal discussion, or it was frowned upon, then I would expect much less of these blog posts, as it would potentially undermine your career...


These guys just don't get it. They're always saying the same thing "we don't want to look at it."

I want to scream "well maybe someday you will, and then you'll have it collected already."

What a dense mind, and I am not all inclined to insult people in fact I hate it, but in this case it is well deserved.


They've also been saying "and we're not allowed to look at it without a court order, either." The laws and authorities that allow them to conduct their activities were all written by elected representatives. You can say the NSA might someday want to look at it, but it's kind of equivalent to asking what the point of having a constitution and laws is if they might changed sometime in the future.


Do they study history? At all??

I'm honestly gobsmacked by this blogpost... that anyone in a democracy thinks that hovering up all the data, will be safe from repercussions down the line, regardless of leadership.

Head-spinningly-shortsightedly-naivé.


I see a lot of negativity in this thread, but I think a lot of folks should stop for just a moment and consider the opportunity that's presenting itself: a former employee of the NSA is posting online about his experience and is an active member of HN. He doesn't appear to be in a position where his continued employment with the government would be an issue (he's apparently got his own business), so he doesn't have to worry about talking frankly about his experience, positive or negative (although I'd image that he's still under obligation not to reveal anything classified).

Just about everything we've seen about the insides of the NSA have come from only one source. Snowden was only employed there for 3 months, and has publicly stated that his primary reason for seeking employment there was specifically to gather information on NSA surveillance systems[1] - in order words, his opinions on the NSA were solidified before he joined. To top it off, Snowden is not available for interview.

I'm not even saying you're required to believe him. I do, however, think an insider's perspective has been sadly lacking from most of the conversation that's been going on. I don't expect journalists to have a complete understanding of all of the details regarding these programs and systems that have been leaked - they've never worked with them.

So, lorendsr, thank you for your contribution. Don't let the flat out negative comments get to you. I hope your post encourages others with a background in the NSA to share what parts of their experience that they can. Everyone else, please take advantage of this opportunity to ask questions, gain any insight that you can and don't just dismiss him outright.


Huh? An intelligence officer is exactly the type of person who wouldn't "appear to be in a position where his continued employment with the government would be an issue" while actually still being a government employee. Who's to say that he isn't still working with the NSA?

I'm far from a routine skeptic but c'mon ... This post sounds like a PR message.


Well, theoretically he could still be an intelligence officer. Claiming to be a former NSA employee who got out to start up a mayonnaise company is a frankly strange and unusually high-profile cover to work under. Maybe someone can order some mayo from him and tell us if he's legit.

http://www.kickstarter.com/projects/lorensr/payo-paleo-mayo?...

Alternately, maybe this is some giant conspiracy to get us to buy NSA-sponsored mayonnaise.


That's what I was thinking - he is a fake and is using NSA to get you to his Mayonnaise. Honestly, those declassified numbers at the bottom of his post do sound made up.


Hey, and I'm a German patriot.

If the US citizens like to be spied on by its own agencies, fine for me.

As a German citizen I'm not so happy that German citizens, politicians and companies are targets of spying of unprecedented scale and depth. As a consequence we (and others, too) will have to scale back the use of US hardware, software and services. Privacy, data security, confidentially etc. are not provided. A German company would be stupid to store data on servers reachable for US industrial espionage. It's really tough to avoid that - given that the US surveillance and spying is also done directly in Germany in a large scale.

Additionally we should also deny the US the capability to plan their targeted killings from Germany - for example from the US military central command for Africa - which is located in Germany. From there strikes with armed drones are planned and controlled. Unfortunately the German government does not seem to be willing and/or able to prevent that...


Are you also similarly upset about the activities of the BND, MAD, BfV and the LfVs that operate out of your own country?


I don't need to. The BND, MAD, BfV and LfVs are not remotely doing anything like the NSA - not in scale and not in breadth.


I am horrified by this essay. It's overwhelming how much disturbing information is in here. I am deeply saddened that someone so young has had their beliefs so strongly influenced.

Some of the most disturbing passages:

> it would seriously impair our ability to spy if we couldn't gather everything.

It is saddening to hear someone so young say this.

> I am an American patriot. Patriotism to me simply means that I care about the US and its future.

How often is the word "patriot" used internally in the NSA? Who is building up this false hero, blind to his own oppression? A synonym might be a "justifier" or "oppressor" or even more simply "someone who has not yet been oppressed."

The rest speak for themselves:

> The NSA copy of my emails will only be viewed if the Agency can convince a judge that I might be a foreign agent.

> The vast majority of unauthorized retrievals of US-person data are unintentional.

> ...the rare cases of unauthorized data retrieval were ... regular employees illicitly viewing communications for personal gain

> XKeyscore ... was an analyst tool that I had access to.

> NSA employees are the law-abiding type.

I am scared to respond to this article. How easily could I be labeled a "foreign agent"? Does criticizing the system mean I'm working for another country? Did the NSA try to demonize Snowden as working for the Russians? Everything you have written has only increased my fears. To hear the blind loyalty to the system that comes from the NSA's own employees means that nothing is safe.

I hope that later in your life, as you grow as a person and a citizen, you see the evil in the system you colluded with, and experience a deep regret about your actions. The same regret that lay citizens feel when we learn our tax dollars have built a criminal entity. The regret that we did not try harder to stop it, to read up on laws like the Patriot Act and protest more. The regret of our collective ignorance that has built the tool to intrude on everything we do.


Thank you so much, kind American intelligence guy, for having the grace to not look at USA citizens emails, all the while not even mentioning foreigners, who should apparently just lie down and take it.


As a US citizen, I assume foreign countries (esp. China) spy on me. But I don't go around bitching about that. Why? Because the US will protect me. China cannot hurt me.

On the other hand, when the US spies on me, I am much more threatened, because nobody can protect me from the US. If the US turns against me (for instance, for supporting the Tea Party), declaring me part of a "violent organization", I'm in real trouble.

tl;dr compain about your own country spying on you, not other countries spying on you


I think you are missing a point: US (cloud) companies do business with for example European companies/customers. The leaks suggest that all data a non-US customer stores with them is fair game for being snooped by NSA etc. without any judge or due process. This turns "complain about your own country spying on you!" into "Don't do business with an American company if you care for legal protection/are not stupid". But please continue to pretend that economy is confined by national borders.


> The leaks suggest that all data a non-US customer stores with them is fair game for being snooped by NSA etc. without any judge or due process.

I agree.

> turns "complain about your own country spying on you!" into "Don't do business with an American company if you care for legal protection/are not stupid".

I agree. As a US citizen, I was quite upset when my employer started mandating Gmail use, and this was before the Snowden leaks.

Foreign companies are obliged not to use US cloud services, just as US companies are obliged not to use Chinese ones.

That is all water under the bridge now. There is no going back.

So you are not actually rebutting anything I said.


U.S. law has never been compatible with E.U. data protection law as I understand it though, even before Snowden. The Europeans can't seriously have thought the U.S. wasn't engaging in surveillance (and indeed, they did know otherwise, with ECHELON), so what can be said for that other than "caveat emptor"?

Until multilateral treaties are passed dictating how one national jurisdiction will handle the data of another then every EU business using a US cloud service has just been using wishful thinking. And again, this was true even before Snowden.


Except that unlike with China, the US is allied with some of the foreign countries spying on you and assisting them in their data collection, and quite likely even using the results of that spying themselves. Likewise, I'm in the UK which is allied with the US and assists them in spying on UK citizens.


And you should be fighting for the UK to break that off, because the UK is your defender.

It doesn't really matter if the US spies on you as long as the UK is your defender. The US doesn't have jurisdiction there.

This is all, really, a political issue. Ultimately, it is about political speech. Everything else you can simply encrypt and secure, and you should.


Not just lie down and take it, the foreigners should be re-assured that their communications are also shared to the USA's best friends:

> If you are a citizen of the UK, Canada, New Zealand, or Australia, you may also be glad, because everything the NSA collects is by default shared with your government (the default classification is TS//SI//REL TO FVEY, or "release to five eyes", which are the aforementioned countries and the US).


Not to mention other members of the Five Eyes who are not restrained from reading US intercepts.


You are missing the important aspect of it, and that is, just like their citizens are fair game for us, we are also fair game for them.

I would be highly surprised if those agencies are _not_ allowed to "look" at our data, since they won't be breaking any "laws".

Fuck everything about finding loopholes and skating on the edge of what is legal. NSA has repeatedly lied so far, never apologied for it. A lie would come out and bam! exposed by Snowden's docs. It was spectacular to watch.

The bottom line is, I am more scared and afraid of our NSA than of the Chinese bogey men or "cyber warriors" out there. I have not seen anything but lies, trickery and dishonesty come out of their mouth. I think they are traitors and unpatriotic.

They are betraying fundamental principles this country is founded on. I can see how slimey mafia lawyers would want the laws re-interpreted to fit their clients' purposes ("well, it depends what 'is' is, your honor"), I don't want out government doing the same. It technically might be legal it doesn't mean it isn't shitty.


This is the point of an intelligence agency, no?


Do you think the US (& friends) is the only one doing (or at least trying) to do this?


"Other people are committing unethical acts, therefore it is ok for me to do the same"


People seem to take the view that if the US stops surveillance, then they'll be truly free.


On the Internet we foreigners are colonies and the Americans are our Masters.


The NSA is not a law enforcement agency.

I am not one either. But I still have to obey the law.

Maybe that's not what's implied by that statement? But if not, what on earth is meant (more exactly, what was the author's intent in saying something that seems obvious and irrelevant if taken at face value; what am I expected to infer?)?


I meant that the NSA is only looking at your information if a judge suspects that you are a foreign agent. It will not look at your information to determine whether you have done something else illegal, which is what it would do if it were part of a police state.


http://www.reuters.com/article/2013/08/05/us-dea-sod-idUSBRE...

>One current federal prosecutor learned how agents were using SOD tips after a drug agent misled him, the prosecutor told Reuters. In a Florida drug case he was handling, the prosecutor said, a DEA agent told him the investigation of a U.S. citizen began with a tip from an informant. When the prosecutor pressed for more information, he said, a DEA supervisor intervened and revealed that the tip had actually come through the SOD and from an NSA intercept.


That sounds illegal. In same article:

>Wiretap tips forwarded by the SOD usually come from foreign governments, U.S. intelligence agencies or court-authorized domestic phone recordings. Because warrantless eavesdropping on Americans is illegal, tips from intelligence agencies are generally not forwarded to the SOD until a caller's citizenship can be verified, according to one senior law enforcement official and one former U.S. military intelligence analyst.

"Generally" should be always.


Except it wasn't and isn't. And that is the problem. Generally should be always, but we now know it's not.

And then to add to the list. "Collect" should mean "obtain" and not "use", and "metadata" is actually a subset of, and not different from "data". And "transcripts" and "summaries" are actually a form "content". "US Citizen" mean's a person who lives in the US, not "51% likely based on this metric", and "direct access" does not depend on who owns the land in which the particular section of cable is buried. And the list goes on. These words mean something, and when 'always' slips to become 'generally' - we have a problem. And when the one doing the slipping is a titanic behemoth of the size of the NSA, with as little accountability as already exists, we have an even bigger problem.

When the words used to assure us are twisted and misused, then the assurance does little. Trust is hard to earn back. Especially when we intelligent owners (US citizens) of the mechanisms and powers are not given access to their actual processes, or even their legal justifications.


So both the NSA and the DEA,IRS and ? are breaking the law. http://www.reuters.com/article/2013/08/07/us-dea-irs-idUSBRE...

How about they stop the illegal collection and then the illegal sharing cannot occur.


That sounds illegal.

Face, meet palm


It might be waived in the event of an imminent action. Sort it out after the threat of the action is over.


And most important of all, hold people accountable if they're wrong about the "imminent action."

Same with torture and other unethical activities. Think you can save the city from nuclear destruction by torturing the brown-skinned guy? Sure, go for it. But you'd better hope you're right, because (at least in a just world) that's the only way you're staying out of prison for the rest of your life.


If I run a program to look at communications and it decides that I may have done something of interest, would you look at my file then? Where is the separation between collecting and "looking" when various pieces of code automatically determine interest and connections?


"NSA is only looking at your information"

That's an overly narrow construing of the word "information". As you well know, metadata and location bits are considered "information" by anyone except the pen & trap zealots.


I'm not an American. So what you say does not apply to me, correct?

What about Americans who are 2, 3 or 4 degrees removed from suspected foreign agents?

Does 'looking' include automated processes that scan for, for lack of a better word, suspicious behavior?


A judge that is being presented cherry-picked information from the NSA, and who has no one presenting an opposing argument.


So you never heard of TIA and data mining?


Stockholm syndrome?

This guy is essentially validating the actions of the NSA because he calls himself a patriot and even admits he doesn't care about other countries other than his own: The United States of America. As an Australian I find this kind of attitude disgusting and I think it highlights a massive problem within the agency itself.

While I am somewhat more lucky than others being in a country that is part of the Five Eyes agreement, what about those not in a country that has signed the agreement? It doesn't make me feel any safer because it seems the concept of borders and rules in the intelligence game do not exist.

There is a lot of downplaying, "but your data is in a big database and nobody will most likely ever look at it", "only the NSA can see this data" — while this might be the case, if for whatever reason I found myself in a position of power, this kind of harvested information could be used to blackmail or destroy me. Just because it's not being used now doesn't mean it won't be used later.

While this is probably the only validation of the NSA's actions I can find that is somewhat backed by someone with experience working for the agency, it honestly sounds a little too safe and doesn't really address any of the concerns people have.


As an American, I think it sucks that we are spying on everyone. I don't like being spied. I don't like you being spied on. My interpretation of the constitution would read that for any information to be collected on anyone would have to get a court order. The constitution limits the powers of the government, not the people. And "the people" in the majority of the contexts is EVERYONE, all of us, all people everywhere. It is only by convention that the Supreme Court allows this shit to continue. The "ok to spy on foreigners" thing is farce. It is not ok, and I don't even understand how it continues to get promulgated.

If it takes a 50k strong Federal Corp of Judges to look at every single case, so be it. At least we could decide.


"I am an American patriot."

If anything scares me, its that. I know what he has written straight afterwards, but it still makes the hairs on the back of my neck stand up. Its all very well the author trying to define the word to suit their own purpose, but Im afraid its not that easy to get others to accept it. Try using your own definition of the word "Nigr", and see how that flies.

"Patriotism to me simply means that I care about the US and its future."

Yeah, and that is the problem. What is meant buy the "US"? The land on a map? The political system? The people who are also "patriots" and claim to care about this "US", and its future, yet do evil? Do you care about them? Every one uses the word patriot to justify their actions, good or bad.

That the author misses this, but still insists on still using the word suggest a dangerous and blinkered ignorance. TBH, it stinks of years of gentle brain washing. I'll never forget how Bush Jr used the notion of patriotism to garner support.

Im sure the author think he is well meaning, but this honestly reads like loyal, patriotic PR.


The author claims to be a patriot but I would like to ask him how can he justify mass surveillance and/or entrusting a government agency with so much power while forgetting the Fourth Amendment which was enacted just for this purpose. There is a reason that such protections exist because it is almost certain that people in power will exploit them. And yet, he claims to be a patriot while being oblivious to the basic civil liberties and the Bill of Rights that the United States was formed on.


What in the Fourth Amendment speaks to electronic communications? The Fourth Amendment speaks to a person, their home, and their effects.

Even things like postal mail do not technically fall under the Fourth Amendment. Rather, they fall under separately-passed Congressional law, and USPS regulations.

For instance, did you know that the addressee of a letter may authorize the USPS to open the letter in a sorting facility without a warrant, even if the sender was not asked?

Likewise, did you know that if you send a first-class letter but forget to put a stamp on it, that it is technically "unsealed mail" and a USPS employee may open the letter to inspect it for mailability and postage determination, and also "as expressly permitted by federal statute or postal regulations"?

So certainly the Fourth Amendment was intended to keep the government out of your personal stuff and away from your person, but everything else that people attribute to it is done without much evidence. Even in the real world there's not as much Fourth Amendment protection to communications than most people realize, once they leave your house.


@"What in the Fourth Amendment speaks to electronic communications? The Fourth Amendment speaks to a person, their home, and their effects."

The Fourth Amendment also protects people's papers from warrantless search and the Crown's abuse of the privacy of papers when executing its "general warrants" were a huge driver in the adoption of that Amendment. Private electronic communications are "papers" in that context, a "gift" of a paper from one to another.

But more importantly, the question you ask is phrased too narrowly in context. The First Amendment protects the right to communicate privately, free from government scrutiny. And the Fifth Amendment forbids the government from taking private property without due process and just compensation.

Roll all three of those amendments together and you should begin to comprehend that Congress, in establishing criminal penalties for interception of the U.S. mail --- a topic you curiously omitted --- stood on very firm constitutional ground when it did so.

Your notion that U.S. mail is protected only by federal statute simply blinks past the fact that our federal government is a government of only limited powers, allowed only to do what is permitted by the Constitution, with all other powers and rights reserved to the States and the People; i.e., a "mail" law can not lawfully exist without Constitutional authorization for Congress to enact such a law.

Also missing from your U.S. mail analogy is any analysis of a basis for believing that eMail should have any less protection than the U.S. mail. It is a criminal act for a government official on their own decision to open a letter to read the contents except in narrow common sense situations, such as a letter that is missing or has an invalid address. Why should eMail have any less protection?

Paul E. Merrell, J.D.


> Private electronic communications are "papers" in that context, a "gift" of a paper from one to another.

Except that would tend to imply that the 1s/0s of a digital communication can in some way represent a physical property of some sort which can warrant legal protection. Normally that viewpoint is completely abrogated by hacktivists since it leads inevitably to DRM and other IP-backed shenanigans.

On the contrary, the "paper" is duplicated and transmitted over third-party infrastructure, and normally to a third-party provider and then from there the "paper" still sitting in the user's computer RAM is finally forgotten by the software or saved to disk as a backup. But the copy sent to Google or FB or the ISP or whoever belongs completely to them, "gifted" or not. While the "intellectual property" and copyright will belong to the user, the "bits" belong to Google or FB or the ISP and so lose Fourth Amendment protection.

And it's better this way! The idea that one can exponentially and magically propagate property on hard disks around the world is almost laughably impossible. My point instead is that whatever protections are required for our electronic communications (either stored or in-flight) need to derive from positive statute law, not by people arguing the nuances of a Constitutional Amendment written while the "discoverer of electricity" still breathed! This is especially true since the interpretation of the Fourth Amendment which somehow corrals the government into getting the intended effect will necessarily require the invention of legal principles which will go against us in the future.

> But more importantly, the question you ask is phrased too narrowly in context. The First Amendment protects the right to communicate privately, free from government scrutiny. And the Fifth Amendment forbids the government from taking private property without due process and just compensation.

The First Amendment gives no such privacy right. Simply stated, your speech itself is protected, not your ability to privately communicate. There is a privacy right inherent in being able to associate (without the advocacy group being forced to make public its membership list), just like there's an privacy right in being able to petition anonymously. But there's no general right to privacy in the First Amendment and I'm surprised you'd make that error with a J.D. If anywhere there's a "right to privacy" against searches of this nature, it is in the Fourth Amendment (consider Katz v. United States, as modified by Smith v. Maryland).

But I'm even more worried by your reading of the Fifth Amendment. Your talk of "government taking private property" by copying 1/0s (not even on the wire necessarily, but even through things like PRISM) is EXACTLY what we've been fighting against with private companies.

A person may have signed an agreement with Google that gives Google the right to make copies of their email for delivery, but each ISP along that route signed no such thing. Are they all liable for transient IP theft then? Should a hacker copy that email unknowingly while cracking an ISP system, should they be charged for Copyright Act violations in addition to CFAA violations?

> Roll all three of those amendments together and you should begin to comprehend that Congress, in establishing criminal penalties for interception of the U.S. mail --- a topic you curiously omitted --- stood on very firm constitutional ground when it did so.

I mentioned it elsewhere, but that wasn't the topic anyways. But even there you've messed up the Constitutional principles. The reason Congress has power to regulate USPS has underpinnings entirely different from any of those 3 Amendments.

For starters, Congress has the power to regulate USPS by 2 specific clauses in Art. I, Section 8, detailing that Congress has the specific power to: "

- establish Post Offices and post Roads;, and - To make all Laws which shall be necessary and proper for carrying into Execution the foregoing Powers..."

In other words, Congress was specifically granted the power to setup the postal system of the U.S., subject to its other Constitutional constraints. So should Congress choose to further constraint the government as regards the postal service that is always their right. Congress must be at least as restrictive on the Government as the Bill of Rights demands, but they can choose to be more restrictive on their own.

But additionally, even if we weren't talking about the USPS, Congress has the right to regulate the Government in any fashion it wishes (again assuming it stays within the boundaries laid out by the Constitution) because of this clause from the same section:

"... To make Rules for the Government and Regulation of the land and naval Forces".

In fact it's only because of this positive direction from the Constitution that Congress is able to regulate, as the Tenth Amendment quite clearly states that any powers not specifically enumerated as belonging to the federal government are reserved to the states, and to the people.

> Your notion that U.S. mail is protected only by federal statute simply blinks past the fact that our federal government is a government of only limited powers, allowed only to do what is permitted by the Constitution, with all other powers and rights reserved to the States and the People; i.e., a "mail" law can not lawfully exist without Constitutional authorization for Congress to enact such a law.

Holy shit, now we agree again, will wonders never cease. But now you're inconsistent with yourself, which I'll leave you to correct however you choose.

> Also missing from your U.S. mail analogy is any analysis of a basis for believing that eMail should have any less protection than the U.S. mail. It is a criminal act for a government official on their own decision to open a letter to read the contents except in narrow common sense situations, such as a letter that is missing or has an invalid address. Why should eMail have any less protection?

I never once claimed that email should have no protection. All I've ever claimed is that it's not magically inherent in the Fourth Amendment, which speaks (on the whole) to private property and "a man's home is his castle", but not to what happens once you tell a third-party (especially a disinterested/neutral third-party) your little secret. If it were otherwise Congress would not have had to pass laws making it a crime for a government agent to open mail, engage in landline wiretaps, intercept electronic communications unless for foreign surveillance, etc. etc. etc.

> Paul E. Merrell, J.D.

Oh look, an AUTHORITY... should I link in all the opinions I find congruent to my viewpoint from a "real" J.D. or is it possible that your interpretation of the Constitution and the law is not binding simply because you and your J.D. say so?


“Patriotism, n. Combustible rubbish ready to the torch of any one ambitious to illuminate his name. In Dr. Johnson's famous dictionary patriotism is defined as the last resort of a scoundrel. With all due respect to an enlightened but inferior lexicographer I beg to submit it is the first.”

I'm with Ambrose Bierce on this one.


Sorry lorensr.me. "Trust me, they're good guys" is not an argument, and in the current context, it can only be read as a small piece of damage-control astroturf.

Or rather, the NSA's perfidy has left us with no other safe default assumption, so we have to ignore on sight. The data is tainted. All of it.


<lie type='omission' subject='parallel construction'>

The NSA copy of my emails won't be viewed by police or FBI investigating me about marijuana use, for instance. Law enforcement might get a search warrant and retrieve a copy from Google, but not from the NSA.

</lie>


I seriously don't understand if OP has written this article in satirical sense, because to me there is no logic there.

I am a foreign national, I and my company uses services provided by a US company (email etc.), and this gives right to you guys to collect and ready my emails?

tldr; of your article is this: "Oh ! he is a foreigner, fuck him. What he can do? ? He can't vote to get us out of power. So, it's ok and about the persons who can vote to get us out, they can't do anything because we know every little dirty secret of them. Oh ! one more thing, we are so good we promise we don't look at these dirty secrets. Although cases where a employee uses this 'secure' system for personal use, ya that do happen. Trust Us."


What fascinates me is how the principle of warranted search and seizure can be so completely ignored in the presence of an easy, painless way to seize and search information. It's really that simple: you either believe it's right, or it's wrong, and the possibility of doing it at a large scale is truly orthogonal to the question of what is right.

What is not in doubt is that the data from a panopticon used by a benevolent organization would be a powerful protection. But that same argument could have been used to subvert the 4th Amendment. Indeed, that argument could be used to subvert every amendment in the Bill of Rights, since a benevolent actor, by construction, would only subvert those rights with good reason.

The lack of thoughtfulness about what the Constitution means, and how it applies in a world where government wishes to piggy back on ubiquitous corporate surveillance (and extend it), is fascinating. One can imagine the creation of a new police robot that knows when you are not in your home, and which lets itself in, reads all your documents and catalogues all of your belongings, disturbing nothing. Would that be okay?


Even if we accept that the NSA is comprised solely of benevolent actors practicing perfect discretion, and will remain so for the indefinite future, the mere act of collecting "everything" is an enormous hazard. OP recognizes as much:

CBS reported that in 2007 the US suffered an "espionage Pearl Harbor" in which entities "broke into all of the high tech agencies, all of the military agencies, and downloaded terabytes of information."

What's to stop this from happening again to the NSA? They couldn't even implement audit trails internally -- there should be huge doubt as to the agency's competence in securing their data.

Also, OP, did you not hear about parallel construction? How do you rationalize your statement that the NSA "is not a law enforcement agency" in light of this?

https://www.eff.org/deeplinks/2013/08/dea-and-nsa-team-intel...


This is why I don't believe the president's assertion about the employees of the NSA being innocent of wrongdoing or anyone's assertion of them being "good guys".

This is apologia for crimes against the world and the American people. This is saying, "If you don't have anything to hide, you have nothing to worry about." This is demonstrably filled with lies and misrepresentations, whether intentional or through ignorance of what the rest of the NSA beast has been up to (but, if he has followed the Snowden leaks with more than passing interest, he would know he's lying in blatant and obvious ways).

I'm sure this article is meant to quell fears about NSA spying practices, but it only makes me more angry and more fearful. It confirms something I suspected but didn't want to believe: The entire organization from low-level analysts on up to the leadership (who will repeatedly lie to Congress to serve their ends) is corrupt and will exhibit little or no remorse even when caught red-handed, and will spread astroturf and refuse to acknowledge that their behavior crosses lines that should have never been crossed by a US agency.

I'm getting close to believing that starting any online service in the United States is unethical, because of what it will do to its users.


> I'm getting close to believing that starting any online service in the United States is unethical, because of what it will do to its users.

Let me know what country you can start an online service in that doesn't also have a foreign intelligence agency if that's your ethical standard.


While I do not agree with much of the sentiment, I enjoyed the article.

My question to the OP: even if you believe that at the moment abuses are rare and that your colleagues are trustworthy and law-abiding, does the capability and level of information concern you in terms of the potential for future abuse it enables?


Potential future abuse, whether due to laws becoming more permissive or a radical in-agency culture change that led to more people ignoring the law, is certainly concerning. As are current abuses. I just believe that the capabilities provided under the powers currently given to the agency are worth the abuses and potential future abuse. If I thought there was much chance that in the future, law enforcement and intelligence would not remain separate, my decision would change. I would prefer to live in a free unsafe state than a police state.


How do you answer questions of the NSA's known past involvement in targeting political figures such as Martin Luther King[1], US journalists, and US antiwar activists? The NSA was known to pass this intelligence to LE.

http://en.wikipedia.org/wiki/Project_MINARET#Domestic_target...


MINARET was used in the 60's and 70's. It led to the passing of FISA, which made it illegal to look at or pass on US citizen data unless a judge suspected them of being a foreign agent.


The NSA did these things both pre-FISA and post-FISA. For example:

* 1980-present. MAIN CORE, which is shared between CIA, FBI, NSA, Contains data on 8 million Americans and is used by LE. http://en.wikipedia.org/wiki/Main_Core

* ?-Present the DEA SOD program which uses NSA intelligence for drug cases. http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/05...

And these are just the cases we know about, they are likely only the tip of the iceberg.

Lorendsr, given this evidence and your previous statements that, "If I thought there was much chance that in the future, law enforcement and intelligence would not remain separate, my decision would change.", are you considering changing your decision?


I don't believe the NSA should be giving data (or even just "tips") on citizens to LE. It's either illegal or done under a law I don't know about. Do you know what this is talking about?

>FISA surveillance was originally supposed to be used only in certain specific, authorized national security investigations, but information sharing rules implemented after 9/11 allows the NSA to hand over information to traditional domestic law-enforcement agencies, without any connection to terrorism or national security investigations.

https://www.eff.org/deeplinks/2013/08/dea-and-nsa-team-intel...


No, and I had not read that article, thank you. I do not know the law, if any exists, that allows that, although it violates most readings of the 4th Amendment.


The legal principle is that once the government legitimately comes into possession of evidence, it doesn't have to "pretend to have not seen it".

What this means is that if a given surveillance transcript is obtained legally (which is easy to do for foreign communications, even if a U.S. person is a party to the conversation), that it can be legally passed to LE. Once LE knows about it, they don't have to "close their eyes" to any U.S. nationals on the transcript, similar to how the police are not required to ignore evidence in plain sight (even if it wasn't listed specifically on the warrant).

By this route it is possible to pass incriminating evidence to LE about U.S. nationals even without a warrant, as long as one of the parties to the communication in question is actually a foreigner.


"But I digress – the rare cases of unauthorized data retrieval were not polygraph-trained foreign spies trying to infiltrate the Agency, but rather regular employees illicitly viewing communications for personal gain."

There are articles suggesting this is happening many thousands of times per year - shouldn't each of these 'regular employees' be put on trial? They have committed serious crimes.


Yeah, a little real punishment could go a long way towards preventing future abuse.


> Even if you are not a citizen of the Five Eyes, you shouldn't be worried about your data being viewed unless you're involved with a group of interest, such as a foreign government or violent organization.

Is the US Tea Party considered a "violent organization"? (It's not, but that's a separate issue.) If not, can you guarantee that it won't be labeled as such under some future administration? The IRS is already targeting the Tea Party, so we have reason to believe that certain US political actors are not interested in abiding by objective laws.

If not, why do you defend the NSA?

Though I'm a US citizen, I'm sure one of the other Five Eyes countries can be employed to spy on me.


TLDR: Don't worry. We have civil liberties orientation. You can trust us.

The author understands their is a misconception at play, but it's not that the public thinks NSA agents aren't upstanding or law-abiding, it's that NSA agents think their idea idea of patriotism is broad enough. It's telling that he dismissed an examination of patriotism, because that's the root of so much discord over civil liberties and national security.

There are two major currents of patriotism in this country. The first is that we take pride in our accomplishments, and we must defend our borders, protect our treasure and lives, and maintain the status quo. The second is more idealistic, that we take pride in having an open (vulnerable, ever-changing) society, and we must defend our democratic identity, promote participation, protect individual freedom, and be skeptical of concentrations of power. The first is practical, easy to quantify (and therefore appealing to a data-thirsty culture). The second is strategic, asks more from the average citizen, and rests on an understanding of alternative forms of society (what is lost when we prioritize security and order over those "inalienable" rights).

Ideally, the NSA would be staffed by patriots of the second type. They'd embrace 'public service' as having deep reverence for the public (not just their physical safety, but their liberties as well), that appreciates the philosophical underpinning of democracy (including it's necessitation of vulnerability and cultural evolution), and that prides itself in taking on their intelligence goals while ardently building checks and balances. They'd never just ask how they can get the information, but how it can be done in a way that proudly upholds American values. With bureaucracy you'll always have some amount of inefficiency and misalignment with top-level goals, but a pervasive culture can go along way.


Well looking at the end it says that its declassified/published with the NSA's blessing.

If an employee had a contrarian opinion to the NSA would it be declassified like this one?

Its hard to read it and feel that it is balanced or even truthful.


Humorously the answer to that is most likely itself classified.


I believe so.


The key thing that worries me about it is even if no-one reads all those emails that are stored, what if they are mined for data and used to make predictions?

Last.fm can guess the type of music I like about 25% of the time, Google can guess the type of information I'm interested in around 70% of the time (figure based upon potentially ambiguous web searches I do). Neither of those services have very much metadata from me about their respective subject areas.

If the NSA/GCHQ/5 eyes are hoovering up all this metadata about pretty much everything I do online, that's a ton of information to start mining for patterns - whilst legitimately say that no employees are reading it.

What sort of predictions can they make? What's the accuracy of it? When do they start acting on the predictions thrown up by the system? And who polices that?


Thanks for sharing your POV. Do you think Snowdon's revelations had any beneficial impact, or is your view of them entirely negative?


I think it was important for the citizens to know what powers they have given the NSA. They did not have an accurate sense of that before Snowden. But he released a lot more than that, much of which will hurt the NSA's capabilities.


Thanks for your response. I'd question whether the American people having given the NSA those powers - it's more like:

Lawyers working for the NSA have deemed certain methods of data collection as being in accordance with US law, as voted for by elected officials within the context of a not great two-party democracy.


One of the most concerning things about the selection process for who gets into the NSA, is that it all but guarantees a lack of diversity of thought within the NSA. There are probably very few people with opposing viewpoints so most projects that would be considered dubious by the diverse population in the US can go completely unchecked within the agency.

For example, the author mentions the following:

    They examine your 127-page Standard Form 86, in which you 
    include lists of your illegal activities, foreigners you 
    have worked with or befriended, and where you have lived 
    and traveled in your life and with whom.
The fact that someone is capable of truthfully filling out such a form is a huge flag that the person has had remarkably little exposure to the rest of the world. They are probably poorly traveled and grew up and lived in places with few if any immigrants. I don't know how someone who grew up in NYC, San Francisco, Washington DC or Los Angeles could possibly ever fill out such a form truthfully or completely. Anyone from such cities would have come in contact with and befriended so many people from other countries over the course of 18-22 years of living in such a diverse metropolis that any attempt to fill out such a form would be incomplete and could contribute to being rejected.


Don't fight it. Just let it take over. Stop struggling. Once you'll have stopped struggling, it won't hurt anymore. You won't feel any difference anymore. And it will be like it was never different.


Bend over and shut up we are good peeps and the others that will rape you if we "pull-out" would be much worse.

Sad to see a programmer be so lost. Kudos for the post but if the NSA was squashing terrorist attacks daily with evidence of their efficacy they would be screaming it from the roof tops.

Snowden proved the implicit insecurity of information aggregation on such a massive scale and if he had access so will nation states... the one that I fear most is my own county.

I am a patriot too, just sad.


:-) Sorry, it was sarcasm.

It's what psychopaths usually say to their victims. If you hear it (or think you're hearing it), the person/organization you have in front of you is of psychopathic nature (it should be stopped at all costs).

Other translation: If we let them rape us, then we deserve it.


"We do not merely destroy our enemies; we change them."


"...everything was all right, the struggle was finished. He had won the victory over himself. He loved Big Brother."


>in 2007 the US suffered an "espionage Pearl Harbor" in which entities "broke into all of the high tech agencies, all of the military agencies, and downloaded terabytes of information."

Man, I would hate if an entity downloaded my information! Poor agencies. But it's probably fine, I mean, those "entities" couldn't look at terabytes of information. It's probably just sitting in a database somewhere. So, nothing to worry about.


Some trendy buzzwords in the title, no relevant information in the post, just opinions,... Imho it's just a disguised advertisement for his kickstarter campaign.


It smells like some Terry Gilliam inspired fascist utopia where a mid level tech in the security apparatus shills for the state/employer while hocking their caveman mayonnaise.

It must indeed have all of the electrolytes. Big brother would put THAT on his bun!

The unexamined life isn't worth living or watching. Those with nothing to hide offer nothing of interest.


Enjoyed the read, edited by NSA.

On the other note. If you want good mayo: http://www.eff.ca/featured_products.html order from these guys. I am sure they can ship to your door, they do distribute in the USA as well, however, not sure to which cities.


I found the polygraph stuff disturbing. The fact that the NSA takes polygraphs seriously (despite presumably knowing there's little scientific evidence supporting their use and knowing that lots of spies have had no trouble passing them) makes me think the NSA must be full of gullible morons.

Does the NSA weed out polygraph non-believers during their hiring process? So far as I know, the main "valid" use of polygraphs is (a) to trick/intimidate people who believe in them into telling you a more thorough story, (b) to acquire a "scientific" seeming reason to do or believe what you already wanted to do or believe going in.

I don't feel very reassured.


Note that this blog post has been vetted by the NSA PR office, and so should be taken with the same grain of salt that one takes with all NSA-approved communications, recalling that the NSA has admitted they will lie to Congress and the Supreme Court if it suits their mission.

"This essay was deemed UNCLASSIFIED and approved for public release by the NSA's office of Pre-Publication Review on 11/21/2013 (PP 14-0081)."


This article is transparent propaganda.

Author is not a patriot. Author is an enemy of the people.


If the author is indeed the patriot he claims he is, would he be so kind to explain why the Bill of Rights thought it necessary to have this:

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

What makes the NSA different from the police or other law enforcement agencies? And why should we trust them? There is a reason restrictions exist on the power they have. This article is nothing more than propaganda.


If the NSA was engaged in hacking people's personal computers then the Fourth Amendment would definitely apply. Anything else is fair game and has been fair game (even the postal mail, which is protected by statute law and not the Fourth Amendment).


This is interesting to read, but I have one very important question:

Why is a distinction made between US and non-US people? Why do some systems automatically ignore all US IP addresses?

What makes me a potential criminal, and Mr. Smith not? Why can he read my email without a court order, but not from someone from Nebraska? Why does my physical location, or proxy server for that matter, matter?

I think the only reason is because it's simply in the US law, so it doesn't really say much. It's just one of those things that are the way they are. But then...

why does he keep bringing it up as "you shouldn't be worried because we don't look at data from the US"... if I'm not from the US? Does this mean I should be worried that he is really reading my email if it has certain keywords? I could become an intelligence target because of keywords or activism in certain groups, merely because I'm not using a US-based proxy server?


This is trivial - the whole purpose of foreign intelligence is to help the interests of your country while disregarding or actively harming the interests of everyone else. They have no obligation whatsoever to protect (or even refrain from murdering) others, but they do have an obligation to protect their own citizens, so they have restrictions for that.

The only two valid reasons for NSA not to capture all the foreigners email is if (1) it's too costly (and it probably isn't); and (2) the goverment decides that the PR harm is greater than whatever they gain from having all the email (and it probably isn't either).


> I use the term "look" deliberately: the Agency makes the distinction that looking at data is surveillance, while gathering it from locations outside the US is not. We gathered everything, and only looked at a tiny percentage of it. I am okay with this distinction both because I don't mind if my emails are copied to an Agency database and likely never read and because from a technical standpoint it would seriously impair our ability to spy if we couldn't gather everything.

I'm not mad at NSA they're just playing their role, they're grabbing everything they can. But, it should serve as a reminder of the goals we should all (civilians) strive for: encrypting everything. I think lot of individuals are working on these problems right now and I'm confident great tools and protocols will soon be created/improved.

edit: downvoted for proning mass encryption, great.


It is interesting as a view into the naive and uninformed [1] view of those inside.

I suspect the screening selects for compliance and maybe against questioning authority plus the people applying May self select in that way.

Note that this was approved by the agency and therefore may have been through a filter process that removes other reports with more critical views before publication. (I am not suggesting that this author is anything other than genuine but if it was a critical view could it have been published).

I don't doubt that storing everything helps find threats but the price is far too high, whatever difference it makes.

[1] he hadn't heard of parallel construction - https://news.ycombinator.com/item?id=6910972 (he may have deep particular knowledge in some areas but his understanding of the overall agency appears poor.


Got your point son. I am a Pakistani and I know what it means to me. fuck you with love.


Hey, I backed that guy's Kickstarter! And now that I read his post I just cancelled my pledge.


I spent four years in (2 years longer than the OP), but worked on a substantially broader swath of intelligence areas and in much more policy-oriented positions, and I can tell you that the vitriol that's been displayed on HackerNews is incredibly tiresome to see, because you are all missing a very key point about how the NSA conducts business (which I've pointed out in previous posts).

The key point is this: the NSA does not create policy for its operations. Those are written into law through executive, legislative, and judicial processes, and the three should theoretically balance each other out, which the public currently deems as not doing a sufficient job of balancing. The NSA acts as an instrument -- the employees (to include the director) are directed through a system of reporting and feedback, and determine how best to act in order to obtain more positive feedback from customers of the reports.

This isn't some theoretical system I'm talking about -- it's a database of reporting with attached feedback. The feedback shows who consumed the report, whether or not the party found it useful, any enclosed comments about the report, and how high up the report went. If my report made it into the president's daily brief and more information about the reporting subject is desired, that will show up in the feedback, and thus I have my "direction".

How does this translate into real world operations? Here is a theoretical conversation between Mr. Policy and Mr. NSA:

-----------------------------------

Mr. NSA: Here is some information I found about country X, which might indicate that they're conducting operation Y.

Mr. Policy: I would like to learn more about operation Y, and country X's intentions to expand it.

Mr. NSA: I don't currently have the capability to expound upon operation Y, unless you grant me the authority to access datastore Z.

Mr. Policy: We took a vote, and you have access to datastore Z on a thirty day trial basis, but then must shut down operations if nothing of value is found.

Mr. NSA: Here is the information you requested about operation Y and country X's intentions.

Mr. Policy: This information was not useful in directing policy, therefore datastore Z is to no longer be accessed.

-----------------------------------

From this, I think you can extrapolate my point. Do you blame the scalpel for being too sharp, or the surgeon for handling it incorrectly?


> Do you blame the scalpel for being too sharp, or the surgeon for handling it incorrectly?

None of the above, if anything I'd blame people for being mere tools.


So 'only following orders' is the defense here? And these orders (e.g. hacking Google's SSL endpoints, big data mining) originate from politicians? (And to call scrutiny 'tiresome' when the director baldly lies to congress frankly just compounds the general air of unchecked arrogance.)


> unless you grant me the authority to access datastore Z

NSA analysts accessing datastore Z is not the problem, and never was.

Datastore Z is the problem. According to the leaked documents those datastores contain data of U.S. citizens which the NSA couldn't have legally intercepted and stored without a court order.

E.g. the NSA cannot legally acquire copies of John Smith's email header fields and store them into datastore Z without a warrant defined by the 4th amendment.


You forgot:

Mr. Policy: I would like to learn more about Citizen A, but Mr. NSA is strongly prohibited from accessing data specific to citizens of this country. Unlike many rules this prohibition actually is taken seriously, with major consequences for anyone caught violating it.

Mr. GCHQ: Bob's your uncle. Would you like that in .zip or .tar format?


It reminds me of that sketch of the nazis where they realise they are on the baddies side, except op isn't there yet.

http://www.youtube.com/watch?v=JEle_DLDg9Y

People need to realise it's more "All that is necessary for the triumph of evil is that good men do nothing."

And less terrorists and other cliches.


Interestingly enough, 60 minutes will have an "Inside View" of the NSA tonight. This just keeps getting better… I'll be sure to absorb this message and the probable similar message that will be broadcasted to the masses tonight.

Yeah, buddy, I'll believe you… just keep telling me over and over and it will sink in eventually. ;)


"People who build security tools" are in the set of people under active monitoring and exploitation by governments. I'm personally far more concerned about China and Russia and others than I am about NSA, but if I were Nadim (who I believe is personally not a target of NSA, but by virtue of Cryptocat most definitely is), I'd be quite concerned.

I was actually waiting for the big reveal in this ... "x, y are good, but Z is not, and is why we have the problems we have now." I guess not having that is why it went through publication review.


Yeah, I suspect that if he named any actual members of Red Team that it would have been squelched almost instantly.


The gist is that you should not value your privacy if you have nothing to hide.

This principle is absolutely forbidden to be reversed, the secret workings of government agencies are protected by the highest secrecy.

What do they have to hide?


I'm always surprised about how posts like this bring out the real nutjob part of HN that sort of sits there and lurks dormant waiting to pull out unprovable conspiracies any time something like this gets posted. I'm not talking about the folks who disagree with the OP, or what the NSA does... I'm specifically talking about the rather uncomfortable level of crazy that squirrels out in these "discussions".

There are some posts here so outright loony that I actually feel a bit uncomfortable having an account here.


The Agency is an intelligence organization, not a law enforcement agency.

Monstrously disingenuous. The term "parallel construction" apparently means nothing to him.

In 1991 the USSR dissolved and the Cold War ended. The world let out a sigh of relief, safe in the the knowledge that humanity wasn’t crazy enough to destroy itself. That security we had is gone. North Korea has nuclear weapons and is threatening to fire them at the US.

I'm missing the part where collecting my email and phone records will help with this problem.


> I am an American patriot.

The author may believe he or she’s a patriot. I disagree. I don’t believe someone who acts to subvert the Bill of Rights which states

“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

is even remotely close to being a patriot.

> Many are concerned about the NSA listening to their phone calls and reading their email messages. I believe that most should not be very concerned because most are not sending email to intelligence targets.

> Email that isn’t related to intelligence is rarely viewed, and it’s even less often viewed if it’s from a US citizen.

“Rarely” is pretty meaningless. The NSA has repeatedly tried to compare the number looked at with the number of intercepts. Of course they’re only looking at a tiny percentage. But if I were to only steal one-in-a-billion dollars in the US or only kill one-in-a-million people, I’d still be doing something immoral.

> Every Agency employee goes through orientation, in which we are taught about the federal laws that govern NSA/US Cyber Command: Title 10 and Title 50.

Yet evidence seems to show that they've willfully found ways to interpret the laws in ways that the authors of the laws think is illegal.

> We all know that it's illegal to look at a US citizen's data without a court order.

But the NSA has a special non-adversarial court that rubber-stamps whatever it wants. (And it still happened)

> I use the term "look" deliberately: the Agency makes the distinction that looking at data is surveillance, while gathering it from locations outside the US is not. We gathered everything, and only looked at a tiny percentage of it.

The problem is that the 4th Ammendment makes no such distinction. They were wrong in collecting it in the first place.

> I am okay with this distinction both because I don't mind if my emails are copied to an Agency database and likely never read and because from a technical standpoint it would seriously impair our ability to spy if we couldn't gather everything.*

He may not mind, but many other people do. I respectfully ask that he, Mr. Clapper, and Gen Alexander give us all their data in case we later do find what they were doing was illegal.

> The Agency is an intelligence organization, not a law enforcement agency.

> The NSA copy of my emails won't be viewed by police or FBI investigating me about marijuana use, for instance.

And yet, per Reuters

http://www.reuters.com/article/2013/08/05/us-dea-sod-idUSBRE...

   “A secretive U.S. Drug Enforcement Administration unit is funneling information from intelligence intercepts, wiretaps, informants and a massive database of telephone records to authorities across the nation to help them launch criminal investigations of Americans.
   “Although these cases rarely involve national security issues, documents reviewed by Reuters show that law enforcement agents have been directed to conceal how such investigations truly begin - not only from defense lawyers but also sometimes from prosecutors and judges.”
> The NSA copy of my emails will only be viewed if the Agency can convince a judge that I might be a foreign agent. And the judges aren't pushovers.

http://en.wikipedia.org/wiki/United_States_Foreign_Intellige...

During the 25 years from 1979 to 2004, 18,742 warrants were granted, while just four were rejected. Fewer than 200 requests had to be modified before being accepted, almost all of them in 2003 and 2004. The four rejected requests were all from 2003, and all four were partially granted after being submitted for reconsideration by the government. Of the requests that had to be modified, few if any were before the year 2000. During the next eight years, from 2004 to 2012, there were over 15,100 additional warrants granted, with an additional seven being rejected. In all, over the entire 33-year period, the FISA court has granted 33,942 warrants, with only 11 denials – a rejection rate of 0.03 percent of the total requests.

> They won’t spent time on my private love letters.

http://news.cnet.com/8301-13578_3-57605051-38/nsa-offers-det...

> That security we had is gone. North Korea has nuclear weapons and is threatening to fire them at the US.

How does spying on Americans help?

> Reality should enter your cost-benefit analyses.

I totally agree.

> This essay was deemed UNCLASSIFIED and approved for public release by the NSA's office of Pre-Publication Review on 11/21/2013 (PP 14-0081).

Somehow, I have a feeling that opposing points of view wouldn’t find much an easy clearance.


It's quite interesting to me that someone who has worked for the NSA can write such an article and not have heard of William Binney and Thomas Drake's experience with the NSA. Ethical, upstanding people my ass.


The surveillance's purpose is not to catch criminals or terrorists, as evidenced by the recent confiscation of some NZ citizen's electronics at the airport. He had attended a meeting on mass surveillance, and is therefore considered a troublesome, unharmonious little peasant, and must be kept in check or made an example of. That is the point here. It's about power, and maintaining it through whatever means possible.

The US is showing clear and abundant signs of being a police state - there's simply no denying that anymore. So what does it matter what their rule books say about spying on people, when even the Constitution has been calmly disregarded for years?

"Here are the official guidelines for spying on people! Remember that spying on US citizens is restricted because that would be kind of naughty, but foreigners are fair game."

It's just ridiculous. But again, it's certainly not about catching terrorists. This level of surveillance would make Stalin just shit himself with joy.


Nice that you are a patriot and that you are all law abiding types. We need more people that do not ask questions in those positions...


It is really nice to get a coherent, human view from inside the security and intelligence community. To the best of my knowledge, the article reads as an honest and true account of security service culture of integrity and professionalism. Kudos to him, and kudos to his colleagues as well for their restraint and their service.

I am pleased to see him hint at the exposure and vulnerability of the general public to surveillance by third parties, when he describes of the ongoing battle to dominate electronic systems, being waged by various nation-states and criminal gangs around the world. (I refuse to use that horribly juvenile construction "cyber-war").

However, we still have some way to go before we fully confront the magnitude of the problem, and are able to formulate a sensible and coherent response.

Our military forces and security services are rightly part of our response to this vulnerability, but they cannot be the only tool that we deploy. Societies that lean to heavily on their armed forces and security services quickly feel the negative effects of their reliance, no matter how well-intentioned, well-disciplined and professional the servicemen and servicewomen may be.

Civil society needs to step up to the plate also. The problem is difficult, and the response needs to be multifaceted and broad. As engineers, we need to make our systems more secure and more trustworthy - and we need to make tools for the creation of secure and trustworthy systems ubiquitous.

For example, I am writing software for advanced driver assistance systems & autonomous vehicles -- I need to think very very carefully about how I can make my software secure and robust from attack; I need to educate my colleagues about the risky environment that we will be operating in, and together, we need to come up with standards and processes to help us ensure that the software we create minimises the risk posed by malicious actors.


This is something that bothers me:

  Email that isn’t related to intelligence is rarely viewed, 
  and it’s even less often viewed if it’s from a US citizen. 
  Every Agency employee goes through orientation, in which we 
  are taught about the federal laws that govern NSA/US Cyber 
  Command: Title 10 and Title 50. We all know that it's illegal 
  to look at a US citizen's data without a court order.
I can rewrite this to:

  We are indoctrinated to believe that we shouldn't really
  invade the privacy of US citizens, and it is highly unlikely
  that we might mistakenly or otherwise read your private emails,
  however, if you aren't a US citizen then fuck you, you are our 
  enemy, you have no right to privacy because you weren't born 
  in the land of the free. Oh yeah, fuck you twice, cos we can.

  Ha ha
You know what, fuck you too.


Did this line bother anyone else?

> If you are a citizen of the UK, Canada, New Zealand, or Australia, you may also be glad, because everything the NSA collects is by default shared with your government

He spends the whole post telling us its okay to trust the US and then completely throws that out the window by saying 4 other countries have all of our data too.


Note that this is either an imposter account, or the author themself is mostly unaware of the publicly-divulged NSA abuses -- let alone any non-divulged abuses.

https://news.ycombinator.com/item?id=6910972


TL;DR

1. The NSA only hires earnest, ethical people

2. There are real threats we need to protect you from

3. So everything's OK

Commentary:

I believe the first two of those statements. And if the people at the top were also ethical and earnest, I'd believe all three. But, as Angela Merkel can attest, the people at the top do not respect boundaries.


Important voice in the whole discussion around NSA, but forgive me being suspicious - it comes around the time his Kickstarter campaign is to end...


True enough, but wouldn't you probably do the same? :)


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: