> I didn't test it, but I'm sure there was automated analysis that prevented or flagged use of US selectors.
The mental leap here is subtle, but substantial. Since I have been told I can't use US selectors , I assume the system enforces this. As such, US citizens have nothing to worry about. However, in the immediately previous paragraph, he noted:
> one employee spied on a spouse
So much for automated analysis, besides not being able to filter out US citizens' data it can't even filter out an employee's direct family. But there's no need to worry citizen, the NSA has a very high-quality workforce.
In the NY Times this morning was a piece noting that the government has concluded they don't know what files Snowden took with him (http://www.nytimes.com/2013/12/15/us/officials-say-us-may-ne...). The most technologically advanced intelligence agency in the history of the world and they have no idea what files were electronically taken by one of their own. One of their own who passed the background check by the way--I don't know why the OP is so enamored with the polygraph.
"The NSA copy of my emails won't be viewed by police or FBI investigating me about marijuana use, for instance. Law enforcement might get a search warrant and retrieve a copy from Google, but not from the NSA."
In fact, it's been known for months that the DEA receives intercepts from the NSA in such volume that they have an office devoted to handling them (the DEA's "Special Operations Division"). And as for search warrants, the manuals for that office describe a practice of "parallel construction" which involves, not to put to fine a point on it, lying about the ultimate source of the information they're using, with the clear intent of evading judicial scrutiny.
Details here: http://www.reuters.com/article/2013/08/07/us-dea-irs-idUSBRE...
However, the article actually says: "...two dozen arms of the government working with the Special Operations Division, including the Federal Bureau of Investigation, the National Security Agency and the Central Intelligence Agency.", and later that "the Special Operations Division of the DEA funnels information from overseas NSA intercepts, domestic wiretaps, informants and a large DEA database of telephone records to authorities nationwide to help them launch criminal investigations of Americans. The DEA phone database is distinct from a NSA database disclosed by former NSA contractor Edward Snowden." [emphasis mine]
It's quite possible that the NSA passed only occasional information about non-US citizens - it's impossible to tell from that article - if that's the case, then to many people they're acting within their mandate.
I'm not trying to defend the NSA, and I'm deeply troubled by the implications of mass surveillance. But it's important I think to be clear about the claims we're making since otherwise it's easy for people to dismiss us.
To start with the scope of what's available: it almost certainly includes data on US persons "incidentally" acquired in taps on an authorized target. I'm not aware of anything on DEA procedures there specifically, but as for the general rules, see here: http://www.emptywheel.net/2013/11/08/the-intelligence-commun...
Of course, even if NSA analysts know that they have DEA "customers" (as they apparently call the recipients of their intelligence), it might be a breach of the rules to select overseas targets which would be likely to have domestic contacts of interest to the DEA. But given that knowingly breaking the rules in pursuit of an authorized goal seems to count in NSA audits as mere "lack of due diligence", and not classed as "abuse", I'm not sure how much comfort to take from that.
Analysis of NSA audit data from Marcy Wheeler here: http://www.emptywheel.net/2013/08/16/lack-of-due-diligence-t...
... with further notes on the audit process, and narrow definitions of "abuse" here: http://www.emptywheel.net/2013/08/20/if-nsa-commits-database...
Aren't those things, a spy shouldn't have? Is the working strategy, filling the web with disinformation about NSA employees, or is it to never use the web with a real identity for the period of contractual employment?
I mean, from a technological standpoint, every single HN member would love to work for the NSA. Because they have an extremely sophisticated set of technology that people would like to get their hands on. (Well, that's at least what we think they have). Keep in mind though, that in reality only a very small percentage of HN would actually like to work for the NSA! This is not because of the recent revelations, but because the government in general has not a positive image for most hackers.
It's been rumored that Dread Pirate Of SilkRoad case was figured out that way.
I think the technical term is either "perjury" or "fraud on the court".
The euphemism, though, is "parallel construction".
That's just a really long scraping / pattern-matching exercise of publicly available data, and the reminder that even particularly clever people won't be on point 100% of the time.
We cannot know.
I've talked to this before but this denial and self delusion is an important defense mechanism. Sometimes people write blogs and get into apologetic because they feel an internal dull pain of an inconsistency. "Hmm it looks we NSA did all these pretty bad things. I worked for them NSA. Surely I couldn't have worked for the bad guys." and then <proceed rationalizing and defending NSA, might as well put it in blog form>.
That cognitive dissonance, I believe, is pretty powerful. A lot of dark secrets and past transgressions can be filtered so well throw it.
Some know-nothing armchair psychologist who read the NYT is telling this guy -- who has made an honest effort to be utterly transparent -- that he's cognitively dissonant and that comment is going to receive a hundred votes because it makes people feel good about the things they think they know. It's not truth, just an exercise in mass delusion.
And this should make us scared. A guy like Snowden was extremely improbable, and yet he happened. So, what to think about the far more likely case of NSA employees taking extremely sensitive information and selling it privately? How many of those have there been already?
There have already been about a dozen cases in the NSA of 'LOVEINT' where employees were spying illicitly on love interests. From what I recall, all of those people volunteered that they were spying illegally on their own, none of them were caught by any internal review process.
Almost all of those points (except maybe the very last one) are echoed by the OP.
Except that this hand-out is straight-out propaganda and the OP sort of tried to veil that.
(I personally loved the bizarre mix between cyber war, nukes and North Korea. He seems to have the mindset of a paranoid Stalin, always wary of others when he's the one terrorizing.)
They tell you about North Korea and your radioactive future. You like big problems and give it your best effort, perhaps thinking that you had a small part in saving the world. Then one day you read in the New York Times that your well intended project doesn't just scoop up communications from North Korean thugs, but what you helped make is collecting communications on everyone. It's helping the DEA illegally bust people. It's helping diplomats illegally snoop on our allies. It's helping keep US companies aware of what non-US companies are doing. Etc etc.
tl;dr Anyone could be a terrorist, everyone must be monitored.
What would your collection proposal be then?
You can't determine data of interest until you have sufficient data to determine if it's of interest in the first place. Even the NSA doesn't have an Oracle computer that can look into the future and figure out what vanishingly small percentage of communications are just the ones they should be interested in. If they did, they could also solve the halting problem and rewrite the history of computer science and time-travel.
Remember, the standard the NSA is held up to is that it should not only be following known bad people who are/might be doing bad things, but to ferret out the unknown bad people. Every time there's a Boston or similar, everybody goes and climbs all over the NSA for "not knowing about these guys"
You can't do that until you have a sufficiently large enough collection of unevaluated data to start looking through.
I'm not saying it's right or wrong, only that it's the reality of the task spy agencies have before them.
He didn't say you had an arbitrary number of opportunities to pass, simply that the screening (of which polygraph was one of many he mentioned) is such that it's not as if NSA analysts are able to simply wander their way into the NSA so that they can then spy on the people.
That doesn't mean people can't make it through all the screenings (just ask Snowden), simply that it's one of many safeguards that are put in place to make it so difficult to land an NSA job for nefarious reasons that the many other layers of oversight and controls should be adequate to prevent gross abuses.
I think it's fair to say most rank and file NSA employees are honest and actually do believe in their mission. The far scarier thought is how things may work at an extremely senior level (contractors included), where there's literally nobody there to watch the watchers, or at least challenge them without being fired and blackballed.
That said, "US selectors" shouldn't return the results that they do in the first place. Obviously there's incidental collection, which is unavoidable. But the notion of incidental collection, as with metadata collection, was hijacked and used in public relations messaging as a cover for actual domestic collection programs that intentionally capture the full contents of nearly all domestic communications within the United States.
Despite exceptions such as the article above, this messaging has largely been successful. Even The Guardian and The Washington Post---organizations who publish stories directly sourced from documents leaked by Snowden---routinely fail to underscore the critical difference between actual collection, and "collection" in the sense of mere authorized access to data that's already intercepted and stored. The two have been intentionally conflated as part of a semantics game, and it's working beautifully to mislead the American public about what's actually happening.
Determining if a "selector" is tied to a U.S. person is actually a very subtle and very hard problem.
Let's take a phone number +1 (212) 555-1234
Is this a US selector? It's a selector for a phone in the US, but that's not the same thing as a phone number tied to a US citizen. Let's say I'm following a senior North African pirate with a Maltese mobile +356 2010-1234 and he calls/is called by my number above?
- Should I follow it? Or is it absolutely off limits for me because it happens to be a U.S. number?
- How do I determine if it's tied to a U.S. person?
- What if it's a shared number between a group of associates, all of whom are not U.S. persons except for one?
- Is that number off limits now?
- If it is a U.S. person what should I do with it?
- Pretend it doesn't exist? Turn it over to U.S. Federal law enforcement? Who should I turn it over to? DEA? FBI? ATF? DHS? The Coast Guard? U.S. Customs and Border Patrol?
It's actually a significant intelligence task to figure this out.
However, my statement was not intended to be read in isolation, but in context of "domestic collection programs that intentionally capture the full contents of nearly all domestic communications within the United States." I was referring to the bulk interception and subsequent long-term retention of data on US persons.
The implication of my statement was: assuming this type of collection didn't exist, selectors related to potential US persons (for whatever reason) would simply return intercept data beginning from the time said selector was invoked.
Contrast that to the present, where selectors are capable of retroactively returning the sum total of a US person's digital (and by some extension physical) life for the past 5+ years.
It's commendable that the procedures for accessing the data of potential US persons are so stringent, but at the end of the day there is still an incredibly intimate and detailed picture of almost every single US citizen's private life being retained on a long-term basis.
For the life of me I cannot figure out why people refuse to accept the concept of training and policy as being relevant to proper civil liberties safeguards in addition to technical ones.
Imagine applying that idea to any other field, and keep in mind the unintended consequences.
For instance consider from a soldier's perspective "Since I've been told I can't shoot citizens or non-combatants, I assume the system enforces this. As such, US citizens and non-combatants have nothing to worry about." And yet our troops do have issued firearms (at least during things like field exercises and training), and the republic has not fallen to a coup. There are missile siloes dotted throughout the Midwest, yet no rogue junior officers or missileers have launched ICBMs at people.
You're missing his greater point, which seems to be that it didn't even occur to him to "test the interlock" since he knew that by law and by policy, it was wrong to even try. He also made quite clear (if you'd bother to read to the end instead of cherry-picking quotes to declaim) that this doesn't mean such technical controls can't or shouldn't be strengthed, merely that there is indeed a "culture of compliance" among the analysts instead of a bunch of voyeurs.
> > one employee spied on a spouse
> So much for automated analysis, besides not being able to filter out US citizens' data it can't even filter out an employee's direct family. But there's no need to worry citizen, the NSA has a very high-quality workforce.
Is it really your claim that a workforce must be 100% perfect in every way for an organization to be legitimate? Even the anarchists don't try to claim that there won't eventually be murderers amongst them, nor is there anywhere else in the real world where spouses are always exceptionally nice to each other in everything they do. Just ask Ashley Madison.
> The most technologically advanced intelligence agency in the history of the world and they have no idea what files were electronically taken by one of their own.
They also haven't solved the Halting Problem.
But anyways I know I'm going to be speaking to an uncooperative crowd but perhaps you all should consider the high-level points of his "peek inside" and then discuss the ramifications of that, instead of always drilling down into the weeds. Many of the same arguments used here could be used with equal logic toward every large civilian IT concern, which would tend to devastate the need for things like YC capital. :P
The difference from other fields, is that the consequences in other fields are public. If a soldier shoots someone, that someone is dead and can prompt an investigation.
If someone in the NSA abuses his powers, it is very likely that nobody will ever know. Or be able to know. No investigation will be triggered, and even if one is, it cannot possibly gather any evidence.
But this claim is only a concern if an analyst can unilaterally abuse his power and never be caught. Are you saying this type of surveillance capability would then be acceptable if proper accountability and oversight safeguards can be emplaced?
If anything this should be one of the easier things in the world to do, putting audit trails on computerized systems is hardly "pro league" stuff.
But either way, you say that the consequences will at least be public in other scenarios. But that's not really true either. People get shot every day in this country; how do you know that any given shooting wasn't from a soldier? How do you know when the government lets a contract that they actually fully complied with the Federal Acquisition Regulations? How do you know that when a Congressman votes against his normal voting habits, whether that vote was due to his conscience or due to someone else's wallet? How do you know that when the NSF gives one scientist a grant and refuses another, that it was done in the public interest?
You don't know any of this, as a rule, and yet many of those are much more impactful on the average citizen, even if we assume the existence of lapses in oversight.
As far as I can tell with government IT, your data will always be at more risk of being leaked to cybercriminals via hacking or stupidity (the latter has happened to me already!), than be at risk of being looked at by a rogue NSA agent.
1) Write down the law
2) Break it
3) Retroactively make the violation legal
Wrt to what oversight exists, well... the fact that they have no idea what material Snowden took with him is telling. But that's not what I'd be the most worried about. How hard would it be for the White House to ask information about a specific individual for "national security" reasons?
> But either way, you say that the consequences will at least be public in other scenarios. But that's not really true either. People get shot every day in this country; how do you know that any given shooting wasn't from a soldier?
I'm not a US citizen, but I would think murders are investigated by the police. It's usually difficult to hide.
> How do you know when the government lets a contract that they actually fully complied with the Federal Acquisition Regulations?
I suppose there are audits? Not to suggest that abuse does not exist, but I assume there is some oversight.
> How do you know that when a Congressman votes against his normal voting habits, whether that vote was due to his conscience or due to someone else's wallet?
You certainly don't, but you can make an educated guess.
I'm not sure what you're trying to say here. That the NSA doesn't need any form of oversight, and can be 100% trusted with the power to snoop on everybody belonging to any country (knowing - in case you thought "I don't care about these dirty foreigners as long as they promise not to look at US data" - that nothing prevents them from asking another Five Eyes member about your whereabouts without breaking the rules)? From the same government which gave you Guantanamo, extraordinary rendition, warrantless wiretapping and extrajudicial executions-by-drone? Their definition of legality is terribly elastic.
That's not at all what I'm trying to say. In fact I would argue very strong oversight is needed, but I'd also argue that very strong oversight is possible in the first place, which means that oversight (or not) is not the proper reason to argue about the very existence of the program in the first place.
In other words, the program(s) are either required or not. If they are required, determine the needed level of oversight and install it. If it's not required, then it's not required and discussions about oversight are simply redundant.
You mean, besides his family, friends, and loved ones when he loses his job and potentially ends up in prison. You're underestimating the amount of training and internal oversight that occurs.
The cases of caught individuals seem to have gone under-punished, as they sound worthy of prison time.
Also, even if the NSA polices against personal abuses, why would it police against systematic abuse for government's purposes against the constitution?
Self-policing does not work well, especially without elaborate mechanisms to enable it to work, and especially with a combination of secrecy and lack of oversight.
Now, systemic problems are a different issue. But the article we're all talking about here is written by an analyst from his own perspective.
The problems that the HN crowd (speaking broadly) has with the NSA and related entities, are systemic problems. They are not about, "is act X legal or not," they are not about "was this particular incident harmful or not." They are about root of the thing: about the high-level agenda, about the strategies, about the ideas. It does not in the least address these concerns to say "oh, my coworkers are fine folks, we work hard to obey the law, there are scary people out there!" This says nothing to the counterarguments of "we shouldn't have to trust you" (really, you could say that the field of cryptography is about replacing situations where you have to trust a human with situations where you only have to trust math), "the law itself is a problem," and "you haven't proven that you are doing more or better compared to other ways we could push back against scary people."
As with any government agency, the more they insist that they must not be held accountable, the more accountability we should jam down their collective throats. The first sign of someone who can't be trusted with power is that they ask for more of it.
That is exactly right. Employees of intelligence agencies are selected primarily for loyalty, not critical thinking. Most people find that hard to believe, especially those inside who tend to have a very high opinion of themselves. In intelligence, recruiting independent minds is a mistake.
Without Turing and the Bombe where would we all be?
The main job of NSA isn't to support short-term military operations in whatever location they're fighting today, they have to ensure that if they suddenly need to focus on country X, then they already have years/decades worth of collected intelligence.
I have heard intelligence and law enforcement agencies like Mormons for things like being bilingual (many have learned a second language while serving a two-year mission full-time) and being drug- and alcohol -free.
Disclosure: I'm a Mormon. I can't blame people too much for thinking we are all unquestioningly loyal zombies, but I think we all know it's not really a fair point if you're trying to make a logical argument.
I'm on mobile - but I have posted the article here before. If I remember later Ill find it and provide you the link
See why it's offensive? at least without well-cited statistics demonstrating that many Mormons are more loyal than average and will not think critically if following an authority figure? It's like someone said banks value greed, and you answered "Yeah, because I read an article that they prefer to hire Jews." I don't know, maybe I'm reading too much into your post.
In context, you were taking it as read that Mormons are known "primarily for loyalty, not critical thinking" (not your quote, but from grandparent post) and assuming that is the only conceivable reason a government agency could want to have them. I doubt that a well-written article you read used that kind of presumptuous, circular logic. It probably just said intelligence agencies like to hire Mormons.
The apparent incorruptibility of Mormons' moral righteousness make them ideal candidates for the nation's law enforcement and intelligence agencies.
Mormons are disproportionately represented in the CIA. A recruiter told the Salt Lake Tribune that returned Mormon missionaries are valued for their foreign language skills, abstinence from drugs and alcohol, and respect for authority.
>See why it's offensive?
Why should I be so sensitive to what offends you when I am simply referring to something someone else wrote?
I can think of far better ways to offend you.
Either I am completely crazy here, looking for offense, or you can't empathize very well. I feel that I really don't care or get offended if individuals think I or any other Mormons are just loyal robots or gullible fools, or NSA et al. like hiring us for it, but it's totally illogical (and offensive to the spirit of healthy, honest discourse) for you to cite either as if they're a proof that the NSA only wants loyal robots. And maybe that is a completely misunderstood characterization of your original comment, but all your replies have been doing are re-emphasizing the parts I don't disagree with and seemingly ignoring the real issue. I'm not even demanding an apology or anything, but some sort of recognition of my real point or a nuanced rebuttal would be nice.
But after hardworking experts try and fail for years to break a crypto method, you can somewhat trust that attackers won't find it either.
Did you read the same essay I did? He didn't argue for less accountability (indeed, he argued for more). He did argue that the capability had to remain in order for the U.S. to maintain its ability to survive in the ongoing shadow cyber battles.
I agree with you that the high-level concerns are the real key, but you seem to working at it in the opposite direction. You have a specific end in mind, seemingly independent of any high-level examination of the effects of achieving that end. Then you say that the high-level things (law, trust, comparisons, etc.) should be arranged to meet the specific end.
Rather I'd argue it from the other direction, just as I have from day 1 of all of this: Does a country need to have the ability to monitor the goings-on of electronic communications (including the Internet) for its welfare & national security purposes? If so, what capabilities are needed? Is "pre-emptive self defense" needed (or even allowed)?
Do the totality of these capabilities introduce a risk towards civil liberties, or otherwise conflict with law? If so, can they be mitigated, must the law be changed, or should the state simply abdicate its security/welfare reponsibility (noting that it would be only the US doing the "abdicating" here)? Can the state employ other capabilities that can achieve the same essential effect with less risk on civil liberties?
Some of these questions you touch on, e.g. "you haven't proven that you are doing more or better compared to other ways we could push back against scary people.", but many are ignored completely as it is simply assumed that absolute privacy on the Internet is sacred (but only for the NSA; criminal organizations, other nation's intelligence agencies, and the local cypherpunk wardriving around are obviously not a threat), even while absolute privacy on the old landline phones was never a reality.
The best argument I've heard so far has been that the sheer scale of this type of network surveillance, along with its near-undetectable nature, makes it different in kind. I actually agree with that viewpoint, but I also think that this matter of scale makes it possible to install good oversight and accountability if the capability is actually needed. It would take probably at least 10 people just from a "command + control" sense to launch a U.S. nuclear missile; there's no reason even better accountability, oversight, and specific legal guidance and safeguards can't be baked-in to a one-and-only central monitoring system.
But the question is whether we need the capability, and no one seems to want to take a specific answer as to why the U.S. (and the U.S. alone) can survive without it.
- My best friend's dad was a spy in the CIA
- During the 70s and 80s my dad worked with Russian scientists (also ones from Poland and other Communist Bloc countries). Ecology stuff, mostly.
- I've been in "interesting" circles in the crypto arena, and know people who are almost certainly under surveillance.
So, how likely is it that my email is read, that my phone records are looked at, and so on? What are the chances that I'll have trouble the next time I cross a border or try to board a plane? One percent? Fifty percent?
Am I going to get my Name on a List because I've said that we need to stop allowing the NSA to build more data centers? That I think that Dianne Feinstein needs to be removed from office?
I don't do anything that interesting and my life is quite frankly pretty boring; my personal concern about any damage from someone looking at my emails to Mom is small. But I'd still like the government to get a lot smaller in this area because I'm afraid of what things will look like ten years from now, when data mining the innocuous stuff you did fifteen years earlier gets you Special Treatment at those DUI stops.
The "developed capacity equals intent" bullshit works both ways.
Which is the slimmest argument I ever hear in favor of these pervasive civil rights violations.
I've never been a terrorist, never given any information to a foreign enemy, hell, I've barely ever even broken the law. But I do have a personal interest in Russia, speak Russian, and have been to Russia 14 times.
Am I on a list somewhere? Maybe I have done "something wrong" in the eyes of some automated, arbitrary algorithm that's connecting the dots of US citizens around the globe?
A nice comeback is to ask the accuser to apply similar standards as a universal principle. I mean if NSA didn't do anything wrong why worry about Snowden leaks. Or why doesn't Google show us their search algorithms?
If you're going to assume that level of malice on the part of government then the game is already over.
Recall that Russian sleeper agents were arrested in the US as recently as 2010.
This really is a key quote. Even if OP's assertions about the NSA are totally correct, even if all security protocols are followed to the letter, the problem still remains that they have a tremendous amount of power that can be used to target anyone deemed an enemy of the state.
I think a lot of contention on this issue revolves around how much you trust the government to appropriately designate enemies of the state. Many people believe the government is responsible about this, and that it will only go after people who a reasonable person would consider "dangerous." The problem, of course, is that the United States doesn't exactly have the cleanest track record of appropriately focusing its wrath:
(And yes, I know COINTELPRO was FBI, not NSA... I believe it's still an instructive example of government overreach.)
Anyone who defends the NSA on the grounds that it only targets those who are worthy of targeting needs to convince me that another COINTELPRO will never happen. I would actually welcome such an argument, since it would make me feel a whole lot better about this.
> The history of the FBI Lab hasn't been without controversy. Dr. Frederic Whitehurst, who joined the FBI in 1982 and served as a Supervisory Special Agent at the Lab from 1986 to 1998, blew the whistle on scientific misconduct at the Lab. In a subsequent investigation, it was found that evidence had been falsified, altered, or suppressed, or that FBI agents had testified falsely, in as many as 10,000 cases, resulting in many false convictions. More than a decade later, cases were still being overturned because of this massive fraud.
Beyond the monitoring, the deeper point of Big Brother in the book "1984" was the worry about whether what you were doing made you subject to punishment. Foucault also covers this in his discussions of the panopticon, where it is one thing to have a mechanism for constant and pervasive surveillance, and quite another when the windows of surveillance are tinted so you can never know whether the collection is being aimed at you.
He spends a lot of time denying pervasive surveillance puts us in a panopticon where the FBI and other LEAs can observe everything we do. And never mentions parallel construction once.
He tries to justify a Cold War sized, and then some, security state by invoking North Korea.
This is a big bowl of very weak sauce.
The director's standard of candor is "least untruthful."
I really don't care what a mid ranking employee says about what the NSA will and won't do. EVERY revelation where people in this forum have given the NSA benefit of a doubt in the form of "they could, but they wouldn't" has max'ed out at "would do, did do, and trying hard to do it more" once more revelations have emerged.
The NSA can't be trusted with what it has.
The NSA has a history of sharing intelligence with LE, to state that the NSA is not a LE agency is extremely misleading, if not an outright lie. Not only did the NSA do this in the past but the Snowden revelations show that they continue to do this.
I foresee a day when every American has a dossier, a smear campaign, and a law enforcement attack plan on file, in case they decide to "make trouble" for the powerful. It's highly probable we're there already. Look at the history of harassment against MLK if you don't believe me. Even if they're not doing it now, sweeping up all the data in perpetuity guarantees that they'll do it later.
(I may disagree with this guy fervently about the NSA, but I'm extremely psyched to try his mayo. Good for him for transitioning into something useful.)
$8,000: General fear, uncertainty, and doubt (duration: 2 months)
$15,000: Complete discrediting (duration: 6 months -- best value!)
$50,000: Overturn their life with "Anonymous"-style harassment (e.g. triggered by c pornography "revelations" -- duration: two years)
Why. The only (vaguely) scientific argument the paleo diet has against legumes falls apart when you're just extracting the oils (which is not where the "toxins" are). Apart from that it'd just be an organic no-preservatives mayonnaise, and that's already widely available.
It's just another example that this guy will swallow anything you tell him with sufficient amount of authority.
On the other hand, you're right on the money about parallel construction. In my book, that's the one thing that sent the NSA "over the line." It's good to hear that many NSA employees take the police/military distinction seriously, but we know for a fact that some higher-ups don't and he didn't mention the most egregious case of this, not even once. Also, he invoked the "it only happened if they get caught" assumption while commenting on the frequency of abuses, which is highly suspicious.
You're right, abuses probably have happened more often than those caught.
They painted fascism with an American flag, and you ran it up the pole.
In a way its' embarrassing for the NSA to get a defence that is written by such a rube. But at the same time, the general public doesn't seem to be concerned, so perhaps it was unnecessary in the first place.
I could be wrong, but I think there is a bit of cognitive dissonance in your statement. I think you are slowly coming to realize that your actions were wrong; that you do need to defend them. The bad news is that you you fucked up, and you owe the Americans you pretend to care about an apology.
I think it is reasonable to say that he is slightly more informed to speak on these issues than a secretary.
It's really not surprising he hasn't heard of parallel reconstruction, considering:
Also, there's no need to be so hostile. It's simply his point of view, and by the very nature of the restricted work environment at intelligence agencies, it's not reasonable to expect him to have a complete picture.
To quote the very post of his that you're replying to:
"You're right, abuses probably have happened more often than those caught."
He's hardly saying nothing bad ever happened, or that all abuses are known for that matter.
How is that different from "he lacks credibility" ?
His character is secondary to his veracity.
> His claims can have limited scope and still be credible.
His claims were about the NSA. That is the scope over which we all agree he is not a credible source on.
He never claimed to have more than anecdotal evidence regarding the NSA. He never asked to be taken more seriously than, as you so derisively put it, a well-placed secretary (actually, I suspect a secretary would have a much better high-level picture of what was going on, but I don't think you intended an actual comparison).
I'd like to thank him for adding his perspective to the discussion. Even though I'll be keeping my opinion, it is good to know that in some (most?) parts of the NSA, the culture of taking jurisdiction seriously still pervades. It could be a lot worse, and absent this admittedly anecdotal evidence it's difficult to know what to believe.
You should have heard of it. It was brought up the last time you posted your blog post to HN:
Quiz, where did the FISA court come from?
Seriously? Have you - as far as the NSA's activities goes - been living under a rock?
But it plausibly is just what a purports to be - a portrait of the mentality of a rank and file NSA employee (I don't see any evidence that he's even "mid-ranking" if "mid" means middle management). That mentality seems to be a fusion of "surveillance doesn't matter if you have nothing to hide" and "America is under siege".
The thing is, it is good that the NSA has a lot of sincere employees are not now simply there for the power. It seems like this means instances of surveillance abuse are only period rather than constant. This puts them above the level of local police, who tend to have a fair of "ex-high school bullies and wanna be bullies". Yes, that's good but given the NSA's unchecked power, if an "institutional drift" towards the cynical use of power began in earnest, there isn't much people could do legally to stop that. And that is very bad.
EVERY revelation where people in this forum have given the
NSA benefit of a doubt in the form of "they could, but they
wouldn't" has max'ed out at "would do, did do, and trying
hard to do it more" once more revelations have emerged.
This blog post does nothing to answer the fundamental questions that the Snowden leaks have raised. This man basically argues that, with few exceptions, everyone that works for the NSA is a true American and a patriot who only has your interests at heart and what is a little spying amongst friends anyway. Follow that with some scary hints about cyber war with nuclear responses to further raise the stakes (and the fear) to justify their dragnet surveillance police state. This man is a moron if he can't see that constitutional protections were not created to protect us from good people but bad people who can gain control of such a system in the future.
Moreover, if what he says is true that we are facing real dangers then the government has the obligation, in a free society, to reveal these threats and explain what they are doing about it. The method of using such secret threats as a basis for increase police powers and (implicit) suspension of constitutional rights is not proper for a free society.
If the result of the so called "war on terror" is a gutted and shredded constitution then I'd say the terrorists have won.
Edit: Apparently Loren is a man, Sorry.
Could not agree more. To make good decisions as a nation, we need good information. When everything's classified TS/SCI or above, most Americans are denied an accurate description of reality on which to base their decisions and their votes.
Bad guys may do bad things to us regardless of whether their conduct and methods are revealed to all or classified into invisibility. If the NSA revealed everything it knows and does, it would in the near term, wreak embarrassment and economic damage on some parties, but in the longer term would help us craft a better country.
By analogy, nobody would keep money at a bank that couldn't be audited. Why would you entrust your society's core values of privacy to a completely opaque government entity having no independent oversight?
There is no such thing as 'terrorists'. It is wrong to imagine that there is a group of evil doers [I am an ESL and this expression always cracks me open:)] that is (1) organized and (2) focused on an agenda to harm United States. If you think so then you fell victim of the greatest fallacy pulled by the government.
The deterioration of your way of life is not due to some struggle with imaginary bad people, but due to the evolution of your government, which is becoming more fat, arrogant, detached from reality and self-centric. NSA is a natural spin in such evolution, where you transform from Huxley's Brave New World to an outright 1984.
This is more perverse NSA interpretations of the law.
Collection is the crime.
It does bother me that the NSA asserts a right to hold copies of my GPG-encrypted messages indefinitely. It bothers me more that my web traffic, address book, or phone metadata ends up in a government database even if only temporarily.
I don't care if Google's computers were abroad or not, but they belonged to an American company.
The United States government penetrated the network and intercepted the communications of an American company. That's one of the most egregious violations of the 4th Amendment that the American government has ever committed. Don't pretend this is something that is right.
The NSA had no legal right to spy on me, and they did -- even if you say it's likely no one looked at the data. I don't care. Collection is the crime.
However, I can't disagree more with your views. You don't mind if [your] emails are copied to an Agency database and likely never read and because from a technical standpoint it would seriously impair our ability to spy if we couldn't gather everything. Really? You may be familiar with a certain Richard Nixon. How would you feel if a similar character came into power tomorrow? Imagine all the wealth of information at hand. All this... without independent oversight. The only thing you need is to make sure a second Snowden comes forward to explain how you're spying on your opponents. And I can't even begin to imagine how much this juicy information means in terms of economic intelligence. Of course, you cannot push this angle too much, because it would mean the end of the cooperation with your partners. This wonderful agreement you have to keep the free world safe. Thanks, but no thanks. I don't want security at this price.
History is littered with examples of power without accountability. And we don't need to go very far... just read any history book about the CIA. I'm sure their personnel is mostly composed of law-abiding patriots. This ends up the same way anyway: coups against democratically-elected governments. Drugs. Assassinations. Torture. And don't tell me that times have changed. The Guantanamo inmates are laughing at you. The Bagram inmates are laughing at you. Even John Yoo is laughing at you.
And that's only looking at it with the eyes of an American citizen, which I'm not. But in the end, what difference does it make? NSA, GHCQ, DGSE... Aren't you all cut in the same mold? You certainly sound like you believe in what you are doing. I'm sure STASI agents did as well, but they were never this successful.
I hate to sound like a tin hat wearing conspiracist. I really do. But I wouldn't be surprised if there was some sort of concerted effort by the NSA to encourage a dialogue with hackers on platforms like HN.
Sorry for the paranoia OP. Glad you enjoyed your time at the NSA.
I expect that the blog post is sincere. If the NSA or another government agency wanted to manipulate the discourse on this or a similar site, however, they would (not could, would) do so by setting up a large number of active accounts over a long period of time. These would promote articles without triggering voting ring algorithms.
For the last couple of years I have been an active participant in a part of the blogosphere that is inspired by Unqualified Reservations, a contrarian ("(neo)reactionary") blog. I recently discovered that many of the (active and quite long-standing) blogs and commenters in this online community are fraudulent. It is the situation described in Wikipedia's article on COINTELPRO: "pseudo movement groups run by government agents". This includes people with whom I've had email and even a Skype conversation.
Since the realisation, I've managed to have a little awkward and plausibly deniable dialogue with these "bloggers" and "commenters". The message seems to be that they view neo-reactionaries as a group of potentially violent dissidents whose memes, if they were to spread, would lead to serious public disorder. So it's a political broken windows theory, in which the NSA or FBI are guardians of public opinion (although I happen to be English). Apparently they have been watching closely and collecting "data" for over a year.
So, mtgentry, I don't think you are too paranoid at all. (Although I would have done until quite recently.)
Realizing the potential awkwardness of this request from a stranger considering your message, is there anything publicly published about this particular situation?
Specifically: how are you so sure about what the NSA is doing? in your article you say that the NSA does not do SI on US citizens without a warrant, but how can you really know that if you are just another worker? I don't think you can... but hey, you seem like a smart person so why are you making that kind of statement?
> I was not asked to write this, nor guided in its contents by the government.
I find this hard to believe, especially coming from someone in your area: if there is no way for us to verify this statement, then how relevant can this comment be for us?
That's a bold claim - do you have any evidence that lorendsr, who is by his own admission no longer employed by the NSA, has been systematically lying again and again? Or that historically, part of his strategy is to try to influence society or specific groups? Or are you claiming that part of the NSA's employment process is the removal of independent thought and plugging into the collective hive mind?
I meant "you" the NSA, not lorendsr... I don't know him.
But yeah, sorry if my distrust of people who say they worked for a government agency that has as its main PR policy lying and manipulating public opinion sounds harsh... I'm just a bit angry because I'm not a US citizen and I know that my use of pgp,otr,tor,i2p,self-signed certs is enough to make some powerful organization start registering every single move I do on the Internet.
That is most likely the reason. Even reddit doesn't jerk this hard.
The OP's submission is a valuable one, even if you disagree with his views.
I flagged it for my to-read list for after work. I'm an idiot and didn't RTFA.
This essay was deemed UNCLASSIFIED and approved for public release by the NSA's office of Pre-Publication Review on 11/21/2013 (PP 14-0081).
Are you sure about this?
The government tells you what is classified and what isn't.
If you have ever been privy to any classified material, you will have made the decision to self-censor that information, to keep the essay unclassified. In other words, you will have removed information that the government told you it didn't want published.
Granted the control wasn't overt, but the government has influenced your writing via your past and the controls that were embedded when you went though your initial security induction.
If it works differently to this, please do explain it to me, as I would be interested to know.
I'm quoting m8urn's post from upthread:
> m8urn https://news.ycombinator.com/item?id=6911796
> It all seems so sincere. Except when you see how closely this matches the talking points the NSA sent home with employees https://s3.amazonaws.com/s3.documentcloud.org/documents/8445...
I don't disbelieve you came up with all those points yourself, btw. Maybe you've never even seen that PDF hand-out. However, you couldn't have reworded this obvious piece of propaganda any better, if you did.
What I'd be more interested in is how much this issue is being discussed internally. If these discussions are allowed, or even surreptitiously encouraged, then I'd take that as a possible internal propaganda push, subtle as it may be. What's in the conscious mind gets written about, hence you'd see these kind of "justification" posts.
If there was very little internal discussion, or it was frowned upon, then I would expect much less of these blog posts, as it would potentially undermine your career...
I want to scream "well maybe someday you will, and then you'll have it collected already."
What a dense mind, and I am not all inclined to insult people in fact I hate it, but in this case it is well deserved.
I'm honestly gobsmacked by this blogpost... that anyone in a democracy thinks that hovering up all the data, will be safe from repercussions down the line, regardless of leadership.
Just about everything we've seen about the insides of the NSA have come from only one source. Snowden was only employed there for 3 months, and has publicly stated that his primary reason for seeking employment there was specifically to gather information on NSA surveillance systems - in order words, his opinions on the NSA were solidified before he joined. To top it off, Snowden is not available for interview.
I'm not even saying you're required to believe him. I do, however, think an insider's perspective has been sadly lacking from most of the conversation that's been going on. I don't expect journalists to have a complete understanding of all of the details regarding these programs and systems that have been leaked - they've never worked with them.
So, lorendsr, thank you for your contribution. Don't let the flat out negative comments get to you. I hope your post encourages others with a background in the NSA to share what parts of their experience that they can. Everyone else, please take advantage of this opportunity to ask questions, gain any insight that you can and don't just dismiss him outright.
I'm far from a routine skeptic but c'mon ... This post sounds like a PR message.
Alternately, maybe this is some giant conspiracy to get us to buy NSA-sponsored mayonnaise.
If the US citizens like to be spied on by its own agencies, fine for me.
As a German citizen I'm not so happy that German citizens, politicians and companies are targets of spying of unprecedented scale and depth. As a consequence we (and others, too) will have to scale back the use of US hardware, software and services. Privacy, data security, confidentially etc. are not provided. A German company would be stupid to store data on servers reachable for US industrial espionage. It's really tough to avoid that - given that the US surveillance and spying is also done directly in Germany in a large scale.
Additionally we should also deny the US the capability to plan their targeted killings from Germany - for example from the US military central command for Africa - which is located in Germany. From there strikes with armed drones are planned and controlled. Unfortunately the German government does not seem to be willing and/or able to prevent that...
Some of the most disturbing passages:
> it would seriously impair our ability to spy if we couldn't gather everything.
It is saddening to hear someone so young say this.
> I am an American patriot. Patriotism to me simply means that I care about the US and its future.
How often is the word "patriot" used internally in the NSA? Who is building up this false hero, blind to his own oppression? A synonym might be a "justifier" or "oppressor" or even more simply "someone who has not yet been oppressed."
The rest speak for themselves:
> The NSA copy of my emails will only be viewed if the Agency can convince a judge that I might be a foreign agent.
> The vast majority of unauthorized retrievals of US-person data are unintentional.
> ...the rare cases of unauthorized data retrieval were ... regular employees illicitly viewing communications for personal gain
> XKeyscore ... was an analyst tool that I had access to.
> NSA employees are the law-abiding type.
I am scared to respond to this article. How easily could I be labeled a "foreign agent"? Does criticizing the system mean I'm working for another country? Did the NSA try to demonize Snowden as working for the Russians? Everything you have written has only increased my fears. To hear the blind loyalty to the system that comes from the NSA's own employees means that nothing is safe.
I hope that later in your life, as you grow as a person and a citizen, you see the evil in the system you colluded with, and experience a deep regret about your actions. The same regret that lay citizens feel when we learn our tax dollars have built a criminal entity. The regret that we did not try harder to stop it, to read up on laws like the Patriot Act and protest more. The regret of our collective ignorance that has built the tool to intrude on everything we do.
On the other hand, when the US spies on me, I am much more threatened, because nobody can protect me from the US. If the US turns against me (for instance, for supporting the Tea Party), declaring me part of a "violent organization", I'm in real trouble.
tl;dr compain about your own country spying on you, not other countries spying on you
> turns "complain about your own country spying on you!" into "Don't do business with an American company if you care for legal protection/are not stupid".
I agree. As a US citizen, I was quite upset when my employer started mandating Gmail use, and this was before the Snowden leaks.
Foreign companies are obliged not to use US cloud services, just as US companies are obliged not to use Chinese ones.
That is all water under the bridge now. There is no going back.
So you are not actually rebutting anything I said.
Until multilateral treaties are passed dictating how one national jurisdiction will handle the data of another then every EU business using a US cloud service has just been using wishful thinking. And again, this was true even before Snowden.
It doesn't really matter if the US spies on you as long as the UK is your defender. The US doesn't have jurisdiction there.
This is all, really, a political issue. Ultimately, it is about political speech. Everything else you can simply encrypt and secure, and you should.
> If you are a citizen of the UK, Canada, New Zealand, or Australia, you may also be glad, because everything the NSA collects is by default shared with your government (the default classification is TS//SI//REL TO FVEY, or "release to five eyes", which are the aforementioned countries and the US).
I would be highly surprised if those agencies are _not_ allowed to "look" at our data, since they won't be breaking any "laws".
Fuck everything about finding loopholes and skating on the edge of what is legal. NSA has repeatedly lied so far, never apologied for it. A lie would come out and bam! exposed by Snowden's docs. It was spectacular to watch.
The bottom line is, I am more scared and afraid of our NSA than of the Chinese bogey men or "cyber warriors" out there. I have not seen anything but lies, trickery and dishonesty come out of their mouth. I think they are traitors and unpatriotic.
They are betraying fundamental principles this country is founded on. I can see how slimey mafia lawyers would want the laws re-interpreted to fit their clients' purposes ("well, it depends what 'is' is, your honor"), I don't want out government doing the same. It technically might be legal it doesn't mean it isn't shitty.
I am not one either. But I still have to obey the law.
Maybe that's not what's implied by that statement? But if not, what on earth is meant (more exactly, what was the author's intent in saying something that seems obvious and irrelevant if taken at face value; what am I expected to infer?)?
>One current federal prosecutor learned how agents were using SOD tips after a drug agent misled him, the prosecutor told Reuters. In a Florida drug case he was handling, the prosecutor said, a DEA agent told him the investigation of a U.S. citizen began with a tip from an informant. When the prosecutor pressed for more information, he said, a DEA supervisor intervened and revealed that the tip had actually come through the SOD and from an NSA intercept.
>Wiretap tips forwarded by the SOD usually come from foreign governments, U.S. intelligence agencies or court-authorized domestic phone recordings. Because warrantless eavesdropping on Americans is illegal, tips from intelligence agencies are generally not forwarded to the SOD until a caller's citizenship can be verified, according to one senior law enforcement official and one former U.S. military intelligence analyst.
"Generally" should be always.
And then to add to the list. "Collect" should mean "obtain" and not "use", and "metadata" is actually a subset of, and not different from "data". And "transcripts" and "summaries" are actually a form "content". "US Citizen" mean's a person who lives in the US, not "51% likely based on this metric", and "direct access" does not depend on who owns the land in which the particular section of cable is buried. And the list goes on. These words mean something, and when 'always' slips to become 'generally' - we have a problem. And when the one doing the slipping is a titanic behemoth of the size of the NSA, with as little accountability as already exists, we have an even bigger problem.
When the words used to assure us are twisted and misused, then the assurance does little. Trust is hard to earn back. Especially when we intelligent owners (US citizens) of the mechanisms and powers are not given access to their actual processes, or even their legal justifications.
How about they stop the illegal collection and then the illegal sharing cannot occur.
Face, meet palm
Same with torture and other unethical activities. Think you can save the city from nuclear destruction by torturing the brown-skinned guy? Sure, go for it. But you'd better hope you're right, because (at least in a just world) that's the only way you're staying out of prison for the rest of your life.
That's an overly narrow construing of the word "information". As you well know, metadata and location bits are considered "information" by anyone except the pen & trap zealots.
What about Americans who are 2, 3 or 4 degrees removed from suspected foreign agents?
Does 'looking' include automated processes that scan for, for lack of a better word, suspicious behavior?
This guy is essentially validating the actions of the NSA because he calls himself a patriot and even admits he doesn't care about other countries other than his own: The United States of America. As an Australian I find this kind of attitude disgusting and I think it highlights a massive problem within the agency itself.
While I am somewhat more lucky than others being in a country that is part of the Five Eyes agreement, what about those not in a country that has signed the agreement? It doesn't make me feel any safer because it seems the concept of borders and rules in the intelligence game do not exist.
There is a lot of downplaying, "but your data is in a big database and nobody will most likely ever look at it", "only the NSA can see this data" — while this might be the case, if for whatever reason I found myself in a position of power, this kind of harvested information could be used to blackmail or destroy me. Just because it's not being used now doesn't mean it won't be used later.
While this is probably the only validation of the NSA's actions I can find that is somewhat backed by someone with experience working for the agency, it honestly sounds a little too safe and doesn't really address any of the concerns people have.
If it takes a 50k strong Federal Corp of Judges to look at every single case, so be it. At least we could decide.
If anything scares me, its that. I know what he has written straight afterwards, but it still makes the hairs on the back of my neck stand up. Its all very well the author trying to define the word to suit their own purpose, but Im afraid its not that easy to get others to accept it. Try using your own definition of the word "Nigr", and see how that flies.
"Patriotism to me simply means that I care about the US and its future."
Yeah, and that is the problem. What is meant buy the "US"? The land on a map? The political system? The people who are also "patriots" and claim to care about this "US", and its future, yet do evil? Do you care about them? Every one uses the word patriot to justify their actions, good or bad.
That the author misses this, but still insists on still using the word suggest a dangerous and blinkered ignorance. TBH, it stinks of years of gentle brain washing. I'll never forget how Bush Jr used the notion of patriotism to garner support.
Im sure the author think he is well meaning, but this honestly reads like loyal, patriotic PR.
Even things like postal mail do not technically fall under the Fourth Amendment. Rather, they fall under separately-passed Congressional law, and USPS regulations.
For instance, did you know that the addressee of a letter may authorize the USPS to open the letter in a sorting facility without a warrant, even if the sender was not asked?
Likewise, did you know that if you send a first-class letter but forget to put a stamp on it, that it is technically "unsealed mail" and a USPS employee may open the letter to inspect it for mailability and postage determination, and also "as expressly permitted by federal statute or postal regulations"?
So certainly the Fourth Amendment was intended to keep the government out of your personal stuff and away from your person, but everything else that people attribute to it is done without much evidence. Even in the real world there's not as much Fourth Amendment protection to communications than most people realize, once they leave your house.
The Fourth Amendment also protects people's papers from warrantless search and the Crown's abuse of the privacy of papers when executing its "general warrants" were a huge driver in the adoption of that Amendment. Private electronic communications are "papers" in that context, a "gift" of a paper from one to another.
But more importantly, the question you ask is phrased too narrowly in context. The First Amendment protects the right to communicate privately, free from government scrutiny. And the Fifth Amendment forbids the government from taking private property without due process and just compensation.
Roll all three of those amendments together and you should begin to comprehend that Congress, in establishing criminal penalties for interception of the U.S. mail --- a topic you curiously omitted --- stood on very firm constitutional ground when it did so.
Your notion that U.S. mail is protected only by federal statute simply blinks past the fact that our federal government is a government of only limited powers, allowed only to do what is permitted by the Constitution, with all other powers and rights reserved to the States and the People; i.e., a "mail" law can not lawfully exist without Constitutional authorization for Congress to enact such a law.
Also missing from your U.S. mail analogy is any analysis of a basis for believing that eMail should have any less protection than the U.S. mail. It is a criminal act for a government official on their own decision to open a letter to read the contents except in narrow common sense situations, such as a letter that is missing or has an invalid address. Why should eMail have any less protection?
Paul E. Merrell, J.D.
Except that would tend to imply that the 1s/0s of a digital communication can in some way represent a physical property of some sort which can warrant legal protection. Normally that viewpoint is completely abrogated by hacktivists since it leads inevitably to DRM and other IP-backed shenanigans.
On the contrary, the "paper" is duplicated and transmitted over third-party infrastructure, and normally to a third-party provider and then from there the "paper" still sitting in the user's computer RAM is finally forgotten by the software or saved to disk as a backup. But the copy sent to Google or FB or the ISP or whoever belongs completely to them, "gifted" or not. While the "intellectual property" and copyright will belong to the user, the "bits" belong to Google or FB or the ISP and so lose Fourth Amendment protection.
And it's better this way! The idea that one can exponentially and magically propagate property on hard disks around the world is almost laughably impossible. My point instead is that whatever protections are required for our electronic communications (either stored or in-flight) need to derive from positive statute law, not by people arguing the nuances of a Constitutional Amendment written while the "discoverer of electricity" still breathed! This is especially true since the interpretation of the Fourth Amendment which somehow corrals the government into getting the intended effect will necessarily require the invention of legal principles which will go against us in the future.
> But more importantly, the question you ask is phrased too narrowly in context. The First Amendment protects the right to communicate privately, free from government scrutiny. And the Fifth Amendment forbids the government from taking private property without due process and just compensation.
The First Amendment gives no such privacy right. Simply stated, your speech itself is protected, not your ability to privately communicate. There is a privacy right inherent in being able to associate (without the advocacy group being forced to make public its membership list), just like there's an privacy right in being able to petition anonymously. But there's no general right to privacy in the First Amendment and I'm surprised you'd make that error with a J.D. If anywhere there's a "right to privacy" against searches of this nature, it is in the Fourth Amendment (consider Katz v. United States, as modified by Smith v. Maryland).
But I'm even more worried by your reading of the Fifth Amendment. Your talk of "government taking private property" by copying 1/0s (not even on the wire necessarily, but even through things like PRISM) is EXACTLY what we've been fighting against with private companies.
A person may have signed an agreement with Google that gives Google the right to make copies of their email for delivery, but each ISP along that route signed no such thing. Are they all liable for transient IP theft then? Should a hacker copy that email unknowingly while cracking an ISP system, should they be charged for Copyright Act violations in addition to CFAA violations?
> Roll all three of those amendments together and you should begin to comprehend that Congress, in establishing criminal penalties for interception of the U.S. mail --- a topic you curiously omitted --- stood on very firm constitutional ground when it did so.
I mentioned it elsewhere, but that wasn't the topic anyways. But even there you've messed up the Constitutional principles. The reason Congress has power to regulate USPS has underpinnings entirely different from any of those 3 Amendments.
For starters, Congress has the power to regulate USPS by 2 specific clauses in Art. I, Section 8, detailing that Congress has the specific power to: "
- establish Post Offices and post Roads;, and
- To make all Laws which shall be necessary and proper for carrying into Execution the foregoing Powers..."
In other words, Congress was specifically granted the power to setup the postal system of the U.S., subject to its other Constitutional constraints. So should Congress choose to further constraint the government as regards the postal service that is always their right. Congress must be at least as restrictive on the Government as the Bill of Rights demands, but they can choose to be more restrictive on their own.
But additionally, even if we weren't talking about the USPS, Congress has the right to regulate the Government in any fashion it wishes (again assuming it stays within the boundaries laid out by the Constitution) because of this clause from the same section:
"... To make Rules for the Government and Regulation of the land and naval Forces".
In fact it's only because of this positive direction from the Constitution that Congress is able to regulate, as the Tenth Amendment quite clearly states that any powers not specifically enumerated as belonging to the federal government are reserved to the states, and to the people.
> Your notion that U.S. mail is protected only by federal statute simply blinks past the fact that our federal government is a government of only limited powers, allowed only to do what is permitted by the Constitution, with all other powers and rights reserved to the States and the People; i.e., a "mail" law can not lawfully exist without Constitutional authorization for Congress to enact such a law.
Holy shit, now we agree again, will wonders never cease. But now you're inconsistent with yourself, which I'll leave you to correct however you choose.
> Also missing from your U.S. mail analogy is any analysis of a basis for believing that eMail should have any less protection than the U.S. mail. It is a criminal act for a government official on their own decision to open a letter to read the contents except in narrow common sense situations, such as a letter that is missing or has an invalid address. Why should eMail have any less protection?
I never once claimed that email should have no protection. All I've ever claimed is that it's not magically inherent in the Fourth Amendment, which speaks (on the whole) to private property and "a man's home is his castle", but not to what happens once you tell a third-party (especially a disinterested/neutral third-party) your little secret. If it were otherwise Congress would not have had to pass laws making it a crime for a government agent to open mail, engage in landline wiretaps, intercept electronic communications unless for foreign surveillance, etc. etc. etc.
> Paul E. Merrell, J.D.
Oh look, an AUTHORITY... should I link in all the opinions I find congruent to my viewpoint from a "real" J.D. or is it possible that your interpretation of the Constitution and the law is not binding simply because you and your J.D. say so?
I'm with Ambrose Bierce on this one.
Or rather, the NSA's perfidy has left us with no other safe default assumption, so we have to ignore on sight. The data is tainted. All of it.
The NSA copy of my emails won't be viewed by police or FBI investigating me about marijuana use, for instance. Law enforcement might get a search warrant and retrieve a copy from Google, but not from the NSA.
I am a foreign national, I and my company uses services provided by a US company (email etc.), and this gives right to you guys to collect and ready my emails?
tldr; of your article is this:
"Oh ! he is a foreigner, fuck him. What he can do? ? He can't vote to get us out of power. So, it's ok and about the persons who can vote to get us out, they can't do anything because we know every little dirty secret of them. Oh ! one more thing, we are so good we promise we don't look at these dirty secrets. Although cases where a employee uses this 'secure' system for personal use, ya that do happen. Trust Us."
What is not in doubt is that the data from a panopticon used by a benevolent organization would be a powerful protection. But that same argument could have been used to subvert the 4th Amendment. Indeed, that argument could be used to subvert every amendment in the Bill of Rights, since a benevolent actor, by construction, would only subvert those rights with good reason.
The lack of thoughtfulness about what the Constitution means, and how it applies in a world where government wishes to piggy back on ubiquitous corporate surveillance (and extend it), is fascinating. One can imagine the creation of a new police robot that knows when you are not in your home, and which lets itself in, reads all your documents and catalogues all of your belongings, disturbing nothing. Would that be okay?
CBS reported that in 2007 the US suffered an "espionage Pearl Harbor" in which entities "broke into all of the high tech agencies, all of the military agencies, and downloaded terabytes of information."
What's to stop this from happening again to the NSA? They couldn't even implement audit trails internally -- there should be huge doubt as to the agency's competence in securing their data.
Also, OP, did you not hear about parallel construction? How do you rationalize your statement that the NSA "is not a law enforcement agency" in light of this?
This is apologia for crimes against the world and the American people. This is saying, "If you don't have anything to hide, you have nothing to worry about." This is demonstrably filled with lies and misrepresentations, whether intentional or through ignorance of what the rest of the NSA beast has been up to (but, if he has followed the Snowden leaks with more than passing interest, he would know he's lying in blatant and obvious ways).
I'm sure this article is meant to quell fears about NSA spying practices, but it only makes me more angry and more fearful. It confirms something I suspected but didn't want to believe: The entire organization from low-level analysts on up to the leadership (who will repeatedly lie to Congress to serve their ends) is corrupt and will exhibit little or no remorse even when caught red-handed, and will spread astroturf and refuse to acknowledge that their behavior crosses lines that should have never been crossed by a US agency.
I'm getting close to believing that starting any online service in the United States is unethical, because of what it will do to its users.
Let me know what country you can start an online service in that doesn't also have a foreign intelligence agency if that's your ethical standard.
My question to the OP: even if you believe that at the moment abuses are rare and that your colleagues are trustworthy and law-abiding, does the capability and level of information concern you in terms of the potential for future abuse it enables?
* 1980-present. MAIN CORE, which is shared between CIA, FBI, NSA, Contains data on 8 million Americans and is used by LE. http://en.wikipedia.org/wiki/Main_Core
* ?-Present the DEA SOD program which uses NSA intelligence for drug cases. http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/05...
And these are just the cases we know about, they are likely only the tip of the iceberg.
Lorendsr, given this evidence and your previous statements that, "If I thought there was much chance that in the future, law enforcement and intelligence would not remain separate, my decision would change.", are you considering changing your decision?
>FISA surveillance was originally supposed to be used only in certain specific, authorized national security investigations, but information sharing rules implemented after 9/11 allows the NSA to hand over information to traditional domestic law-enforcement agencies, without any connection to terrorism or national security investigations.
What this means is that if a given surveillance transcript is obtained legally (which is easy to do for foreign communications, even if a U.S. person is a party to the conversation), that it can be legally passed to LE. Once LE knows about it, they don't have to "close their eyes" to any U.S. nationals on the transcript, similar to how the police are not required to ignore evidence in plain sight (even if it wasn't listed specifically on the warrant).
By this route it is possible to pass incriminating evidence to LE about U.S. nationals even without a warrant, as long as one of the parties to the communication in question is actually a foreigner.
There are articles suggesting this is happening many thousands of times per year - shouldn't each of these 'regular employees' be put on trial? They have committed serious crimes.
Is the US Tea Party considered a "violent organization"? (It's not, but that's a separate issue.) If not, can you guarantee that it won't be labeled as such under some future administration? The IRS is already targeting the Tea Party, so we have reason to believe that certain US political actors are not interested in abiding by objective laws.
If not, why do you defend the NSA?
Though I'm a US citizen, I'm sure one of the other Five Eyes countries can be employed to spy on me.
The author understands their is a misconception at play, but it's not that the public thinks NSA agents aren't upstanding or law-abiding, it's that NSA agents think their idea idea of patriotism is broad enough. It's telling that he dismissed an examination of patriotism, because that's the root of so much discord over civil liberties and national security.
There are two major currents of patriotism in this country. The first is that we take pride in our accomplishments, and we must defend our borders, protect our treasure and lives, and maintain the status quo. The second is more idealistic, that we take pride in having an open (vulnerable, ever-changing) society, and we must defend our democratic identity, promote participation, protect individual freedom, and be skeptical of concentrations of power. The first is practical, easy to quantify (and therefore appealing to a data-thirsty culture). The second is strategic, asks more from the average citizen, and rests on an understanding of alternative forms of society (what is lost when we prioritize security and order over those "inalienable" rights).
Ideally, the NSA would be staffed by patriots of the second type. They'd embrace 'public service' as having deep reverence for the public (not just their physical safety, but their liberties as well), that appreciates the philosophical underpinning of democracy (including it's necessitation of vulnerability and cultural evolution), and that prides itself in taking on their intelligence goals while ardently building checks and balances. They'd never just ask how they can get the information, but how it can be done in a way that proudly upholds American values. With bureaucracy you'll always have some amount of inefficiency and misalignment with top-level goals, but a pervasive culture can go along way.
If an employee had a contrarian opinion to the NSA would it be declassified like this one?
Its hard to read it and feel that it is balanced or even truthful.
Last.fm can guess the type of music I like about 25% of the time, Google can guess the type of information I'm interested in around 70% of the time (figure based upon potentially ambiguous web searches I do). Neither of those services have very much metadata from me about their respective subject areas.
If the NSA/GCHQ/5 eyes are hoovering up all this metadata about pretty much everything I do online, that's a ton of information to start mining for patterns - whilst legitimately say that no employees are reading it.
What sort of predictions can they make? What's the accuracy of it? When do they start acting on the predictions thrown up by the system? And who polices that?
Lawyers working for the NSA have deemed certain methods of data collection as being in accordance with US law, as voted for by elected officials within the context of a not great two-party democracy.
For example, the author mentions the following:
They examine your 127-page Standard Form 86, in which you
include lists of your illegal activities, foreigners you
have worked with or befriended, and where you have lived
and traveled in your life and with whom.
Sad to see a programmer be so lost. Kudos for the post but if the NSA was squashing terrorist attacks daily with evidence of their efficacy they would be screaming it from the roof tops.
Snowden proved the implicit insecurity of information aggregation on such a massive scale and if he had access so will nation states... the one that I fear most is my own county.
I am a patriot too, just sad.
It's what psychopaths usually say to their victims. If you hear it (or think you're hearing it), the person/organization you have in front of you is of psychopathic nature (it should be stopped at all costs).
Other translation: If we let them rape us, then we deserve it.
Man, I would hate if an entity downloaded my information! Poor agencies. But it's probably fine, I mean, those "entities" couldn't look at terabytes of information. It's probably just sitting in a database somewhere. So, nothing to worry about.
It must indeed have all of the electrolytes. Big brother would put THAT on his bun!
The unexamined life isn't worth living or watching. Those with nothing to hide offer nothing of interest.
On the other note. If you want good mayo: http://www.eff.ca/featured_products.html order from these guys. I am sure they can ship to your door, they do distribute in the USA as well, however, not sure to which cities.
Does the NSA weed out polygraph non-believers during their hiring process? So far as I know, the main "valid" use of polygraphs is (a) to trick/intimidate people who believe in them into telling you a more thorough story, (b) to acquire a "scientific" seeming reason to do or believe what you already wanted to do or believe going in.
I don't feel very reassured.
"This essay was deemed UNCLASSIFIED and approved for public release by the NSA's office of Pre-Publication Review on 11/21/2013 (PP 14-0081)."
Author is not a patriot. Author is an enemy of the people.
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
What makes the NSA different from the police or other law enforcement agencies? And why should we trust them? There is a reason restrictions exist on the power they have. This article is nothing more than propaganda.
Why is a distinction made between US and non-US people? Why do some systems automatically ignore all US IP addresses?
What makes me a potential criminal, and Mr. Smith not? Why can he read my email without a court order, but not from someone from Nebraska? Why does my physical location, or proxy server for that matter, matter?
I think the only reason is because it's simply in the US law, so it doesn't really say much. It's just one of those things that are the way they are. But then...
why does he keep bringing it up as "you shouldn't be worried because we don't look at data from the US"... if I'm not from the US? Does this mean I should be worried that he is really reading my email if it has certain keywords? I could become an intelligence target because of keywords or activism in certain groups, merely because I'm not using a US-based proxy server?
The only two valid reasons for NSA not to capture all the foreigners email is if (1) it's too costly (and it probably isn't); and (2) the goverment decides that the PR harm is greater than whatever they gain from having all the email (and it probably isn't either).
I'm not mad at NSA they're just playing their role, they're grabbing everything they can. But, it should serve as a reminder of the goals we should all (civilians) strive for: encrypting everything. I think lot of individuals are working on these problems right now and I'm confident great tools and protocols will soon be created/improved.
edit: downvoted for proning mass encryption, great.
I suspect the screening selects for compliance and maybe against questioning authority plus the people applying May self select in that way.
Note that this was approved by the agency and therefore may have been through a filter process that removes other reports with more critical views before publication. (I am not suggesting that this author is anything other than genuine but if it was a critical view could it have been published).
I don't doubt that storing everything helps find threats but the price is far too high, whatever difference it makes.
 he hadn't heard of parallel construction - https://news.ycombinator.com/item?id=6910972 (he may have deep particular knowledge in some areas but his understanding of the overall agency appears poor.
The key point is this: the NSA does not create policy for its operations. Those are written into law through executive, legislative, and judicial processes, and the three should theoretically balance each other out, which the public currently deems as not doing a sufficient job of balancing. The NSA acts as an instrument -- the employees (to include the director) are directed through a system of reporting and feedback, and determine how best to act in order to obtain more positive feedback from customers of the reports.
This isn't some theoretical system I'm talking about -- it's a database of reporting with attached feedback. The feedback shows who consumed the report, whether or not the party found it useful, any enclosed comments about the report, and how high up the report went. If my report made it into the president's daily brief and more information about the reporting subject is desired, that will show up in the feedback, and thus I have my "direction".
How does this translate into real world operations? Here is a theoretical conversation between Mr. Policy and Mr. NSA:
Mr. NSA: Here is some information I found about country X, which might indicate that they're conducting operation Y.
Mr. Policy: I would like to learn more about operation Y, and country X's intentions to expand it.
Mr. NSA: I don't currently have the capability to expound upon operation Y, unless you grant me the authority to access datastore Z.
Mr. Policy: We took a vote, and you have access to datastore Z on a thirty day trial basis, but then must shut down operations if nothing of value is found.
Mr. NSA: Here is the information you requested about operation Y and country X's intentions.
Mr. Policy: This information was not useful in directing policy, therefore datastore Z is to no longer be accessed.
From this, I think you can extrapolate my point. Do you blame the scalpel for being too sharp, or the surgeon for handling it incorrectly?
None of the above, if anything I'd blame people for being mere tools.
NSA analysts accessing datastore Z is not the problem, and never was.
Datastore Z is the problem. According to the leaked documents those datastores contain data of U.S. citizens which the NSA couldn't have legally intercepted and stored without a court order.
E.g. the NSA cannot legally acquire copies of John Smith's email header fields and store them into datastore Z without a warrant defined by the 4th amendment.
Mr. Policy: I would like to learn more about Citizen A, but Mr. NSA is strongly prohibited from accessing data specific to citizens of this country. Unlike many rules this prohibition actually is taken seriously, with major consequences for anyone caught violating it.
Mr. GCHQ: Bob's your uncle. Would you like that in .zip or .tar format?
People need to realise it's more "All that is necessary for the triumph of evil is that good men do nothing."
And less terrorists and other cliches.
Yeah, buddy, I'll believe you… just keep telling me over and over and it will sink in eventually. ;)
I was actually waiting for the big reveal in this ... "x, y are good, but Z is not, and is why we have the problems we have now." I guess not having that is why it went through publication review.
This principle is absolutely forbidden to be reversed, the secret workings of government agencies are protected by the highest secrecy.
What do they have to hide?
There are some posts here so outright loony that I actually feel a bit uncomfortable having an account here.
Monstrously disingenuous. The term "parallel construction" apparently means nothing to him.
In 1991 the USSR dissolved and the Cold War ended. The world let out a sigh of relief, safe in the the knowledge that humanity wasn’t crazy enough to destroy itself. That security we had is gone. North Korea has nuclear weapons and is threatening to fire them at the US.
I'm missing the part where collecting my email and phone records will help with this problem.
The author may believe he or she’s a patriot. I disagree. I don’t believe someone who acts to subvert the Bill of Rights which states
“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”
is even remotely close to being a patriot.
> Many are concerned about the NSA listening to their phone calls and reading their email messages. I believe that most should not be very concerned because most are not sending email to intelligence targets.
> Email that isn’t related to intelligence is rarely viewed, and it’s even less often viewed if it’s from a US citizen.
“Rarely” is pretty meaningless. The NSA has repeatedly tried to compare the number looked at with the number of intercepts. Of course they’re only looking at a tiny percentage. But if I were to only steal one-in-a-billion dollars in the US or only kill one-in-a-million people, I’d still be doing something immoral.
> Every Agency employee goes through orientation, in which we are taught about the federal laws that govern NSA/US Cyber Command: Title 10 and Title 50.
Yet evidence seems to show that they've willfully found ways to interpret the laws in ways that the authors of the laws think is illegal.
> We all know that it's illegal to look at a US citizen's data without a court order.
But the NSA has a special non-adversarial court that rubber-stamps whatever it wants. (And it still happened)
> I use the term "look" deliberately: the Agency makes the distinction that looking at data is surveillance, while gathering it from locations outside the US is not. We gathered everything, and only looked at a tiny percentage of it.
The problem is that the 4th Ammendment makes no such distinction. They were wrong in collecting it in the first place.
> I am okay with this distinction both because I don't mind if my emails are copied to an Agency database and likely never read and because from a technical standpoint it would seriously impair our ability to spy if we couldn't gather everything.*
He may not mind, but many other people do. I respectfully ask that he, Mr. Clapper, and Gen Alexander give us all their data in case we later do find what they were doing was illegal.
> The Agency is an intelligence organization, not a law enforcement agency.
> The NSA copy of my emails won't be viewed by police or FBI investigating me about marijuana use, for instance.
And yet, per Reuters
“A secretive U.S. Drug Enforcement Administration unit is funneling information from intelligence intercepts, wiretaps, informants and a massive database of telephone records to authorities across the nation to help them launch criminal investigations of Americans.
“Although these cases rarely involve national security issues, documents reviewed by Reuters show that law enforcement agents have been directed to conceal how such investigations truly begin - not only from defense lawyers but also sometimes from prosecutors and judges.”
During the 25 years from 1979 to 2004, 18,742 warrants were granted, while just four were rejected. Fewer than 200 requests had to be modified before being accepted, almost all of them in 2003 and 2004. The four rejected requests were all from 2003, and all four were partially granted after being submitted for reconsideration by the government. Of the requests that had to be modified, few if any were before the year 2000. During the next eight years, from 2004 to 2012, there were over 15,100 additional warrants granted, with an additional seven being rejected. In all, over the entire 33-year period, the FISA court has granted 33,942 warrants, with only 11 denials – a rejection rate of 0.03 percent of the total requests.
> They won’t spent time on my private love letters.
> That security we had is gone. North Korea has nuclear weapons and is threatening to fire them at the US.
How does spying on Americans help?
> Reality should enter your cost-benefit analyses.
I totally agree.
> This essay was deemed UNCLASSIFIED and approved for public release by the NSA's office of Pre-Publication Review on 11/21/2013 (PP 14-0081).
Somehow, I have a feeling that opposing points of view wouldn’t find much an easy clearance.
The US is showing clear and abundant signs of being a police state - there's simply no denying that anymore. So what does it matter what their rule books say about spying on people, when even the Constitution has been calmly disregarded for years?
"Here are the official guidelines for spying on people! Remember that spying on US citizens is restricted because that would be kind of naughty, but foreigners are fair game."
It's just ridiculous. But again, it's certainly not about catching terrorists. This level of surveillance would make Stalin just shit himself with joy.
I am pleased to see him hint at the exposure and vulnerability of the general public to surveillance by third parties, when he describes of the ongoing battle to dominate electronic systems, being waged by various nation-states and criminal gangs around the world. (I refuse to use that horribly juvenile construction "cyber-war").
However, we still have some way to go before we fully confront the magnitude of the problem, and are able to formulate a sensible and coherent response.
Our military forces and security services are rightly part of our response to this vulnerability, but they cannot be the only tool that we deploy. Societies that lean to heavily on their armed forces and security services quickly feel the negative effects of their reliance, no matter how well-intentioned, well-disciplined and professional the servicemen and servicewomen may be.
Civil society needs to step up to the plate also. The problem is difficult, and the response needs to be multifaceted and broad. As engineers, we need to make our systems more secure and more trustworthy - and we need to make tools for the creation of secure and trustworthy systems ubiquitous.
For example, I am writing software for advanced driver assistance systems & autonomous vehicles -- I need to think very very carefully about how I can make my software secure and robust from attack; I need to educate my colleagues about the risky environment that we will be operating in, and together, we need to come up with standards and processes to help us ensure that the software we create minimises the risk posed by malicious actors.
Email that isn’t related to intelligence is rarely viewed,
and it’s even less often viewed if it’s from a US citizen.
Every Agency employee goes through orientation, in which we
are taught about the federal laws that govern NSA/US Cyber
Command: Title 10 and Title 50. We all know that it's illegal
to look at a US citizen's data without a court order.
We are indoctrinated to believe that we shouldn't really
invade the privacy of US citizens, and it is highly unlikely
that we might mistakenly or otherwise read your private emails,
however, if you aren't a US citizen then fuck you, you are our
enemy, you have no right to privacy because you weren't born
in the land of the free. Oh yeah, fuck you twice, cos we can.
> If you are a citizen of the UK, Canada, New Zealand, or Australia, you may also be glad, because everything the NSA collects is by default shared with your government
He spends the whole post telling us its okay to trust the US and then completely throws that out the window by saying 4 other countries have all of our data too.
1. The NSA only hires earnest, ethical people
2. There are real threats we need to protect you from
3. So everything's OK
I believe the first two of those statements. And if the people at the top were also ethical and earnest, I'd believe all three. But, as Angela Merkel can attest, the people at the top do not respect boundaries.