Very nice. Nothing new here, but this is a great summary to share with people who are less familiar with internet architecture and want to get up to speed with this particular facet of (seemingly illegal) surveillance.
However, I want to quickly point out one omission in the discussion of the risks of allowing this kind of activity to continue:
If the NSA is effectively spying on everybody who communicates with a server outside the US, it is trivial for them (or another government agency) to fabricate traffic (presumably child pornography) in order to target someone.
The ACLU (and others similarly positioned to criticize this conduct) always rightly point to the risks to journalists and human rights activists of having their communications intercepted and accurately portrayed, but what about the ease of lying about it in order to target dissidents?
This seems like an obvious vector and deserves more attention and discussion.
Hey buddy. You never responded to me in the other thread. :-)
Strictly speaking, it's not a requirement. But it gives incredible cover. It makes everyone think, "well, it's possible - they know everything that goes on."
In other words, absent this sort of mass vacuuming, the individual targeting of a dissident might seem much more suspicious.
Conversely, even the myth that the NSA reads all traffic also lends credibility to that theory. They don't need to read all traffic, they just need HN commenters to say they do.
Don't normal people already sort of assume that? What's in doubt isn't the potential for the USG to learn these things, but the credibility of their unverified claims that they actually have learned them. I seriously don't see the connection between global surveillance and the USG's ability to lie convincingly: they can already lie convincingly.
Later
BTW: I felt like I responded to what you asked in other comments on the thread, and by the time I saw your comment, many other people had already responded. Nothing personal!
If it were legal you could call it unconstitutional. The point is do not want. But really Google is so much worse than the NSA. We can't do anything about Google though. He's like an uninvited guest to every party. And now we have Microsoft to contend with as well.
Yes, we can! Don't use Google, or use certain settings in the applications which enhance your privacy. The default settings are not always the best settings for the user.
Don't use Google Search. Use a search engine which respects your privacy such as the scraper DuckDuckGo (DDG).
Don't use Gmail. Use an e-mail provider which doesn't scan through your e-mail. Where you got IMAP access. Use a device where you can use GPG. Or use alternative methods of communication.
Don't use Google Maps. Use a maps application which respects your privacy such as OpenStreetMap or (arguably) Apple Maps.
Don't use Google Fit. [...]
And so on, so forth. Ask yourself the following: do I really need this? The answer is often: "not really."
You have the option to use neither. If the choice is Android or iOS you pay more for iOS devices but your privacy generally suffers less. [Ignoring the option of dumbphones] there's a third option: don't take your phone with you. It is a choice to take your Android or iOS device with you. Among others, Bruce Schneier wrote about this in his book Data And Goliath.
That's the easiest to avoid. Ghostery, or a simple edit to your /etc/hosts file.
The problem is that tracking is much more pervasive, and there are many more ways you can be tracked that are much harder to block than Google Analytics.
What about for iOS? Sure there's more pervasive methods, but I doubt any are as ubiquitous as GA. My ghostery plugin shows GA for nearly every website I visit.
Try Privacy Badger, made by the Electronic Frontier Foundation. It protects you from many trackers, not only Google's, for example it disables the tracking capabilities of Facebook like buttons. https://www.eff.org/privacybadger
Commercial surveillance is a problem, no doubt, but the problem isn't just Google - any held commercial data is susceptible to government snooping. Which is why people just blindly throwing their data into The Cloud annoys me.
We implicity permit Google to have our info. We have not given informed consent to allow our government to take this data. Therefore it is an unreasonable search and seizure of our property.
This is incorrect. Most people don't realize this. Do you consent your car to store all your location information in the cloud? What if TV started storing all things you watch in the cloud? Tomorrow, if all the car/tv manufacturers started doing this, what choice do you have? No, the option is not "do not use cars/tv". And tbh, I don't even think 80% of the population is cognizant about what is being collected and what it's used for. This is the reality and they have "accepted" it as-is. This is the situation we find ourselves with email (all email providers mark any other email as spam).
> Tomorrow, if all the car/tv manufacturers started doing this, what choice do you have? No, the option is not "do not use cars/tv"
Supply & demand. If there is demand for dumb TVs and dumb cars, this supply will (eventually) be met. Vote with your wallet.
Also, do not forget the second hand market for cars. This one's huge. There's still TVs and cars available which are dumb. There's still laptops available without Intel ME.
> This is the situation we find ourselves with email (all email providers mark any other email as spam).
> If there is demand for dumb TVs and dumb cars, this supply will (eventually) be met.
I keep hearing that, I just never see it. There are a lot of things nobody wants which corporations push in unison because they want them. And that's not even accounting for the meddling of the marketing department, which does matter.
If you run your own mail server, it's hard to get email deliverability to the inboxes of people who use the Big 3 (Gmail, yahoo mail, Outlook.com). This makes using these privacy-invasive email services a much easier decision
> If there is demand for dumb TVs and dumb cars, this supply will (eventually) be met.
Such demand will never rise to substantial levels. The moment your solution to a problem requires the general public to (change their behavior/become educated about something), your solution is unworkable.
If the general public regularly changed their habits out of principle, Windows would have been displaced by Linux in the 90s and the banana and diamond industries would be dead or dying.
It doesn't work that way, and it's unrealistic to assume it ever can.
Yeah, I hate it when this starts out with Trump bashing. Obama is much more guilty. I am not an american, so I don't exactly understand what the term 'liberal' means. Spying on your own people without warrant?
Ideology is basically meaningless. American politics is entirely tribalism.
The Democrats spent 8 years decrying the myriad ways the executive branch violated the Constitution under George W. Then Obama takes power and basically continues or expands nearly all of them, and with only a small handful of exceptions, the Democrats stop caring and forget entirely.
The Republicans spend 8 years decrying overspending and the national debt under Obama, even organizing an enormous 'Tea Party' movement predicated around resistance to it. Then, as Trump is taking power, they rally around a budget that will increase the national debt by 50%.
Ideology is an extremely loose set of guidelines that are only really adhered to in a coherent way by a tiny handful of true believers (folks like Bernie Sanders or Justin Amash). By and large, politics is purely about power -- once you win, all that matters is erasing any past victories claimed by the other party and then doing whatever will please your donors so you can win the next time.
American politics is good cop - bad cop, which one is good or bad depends on political affiliations. Both have the exact same goals with minimal deviation besides what words are being read from the teleprompter. Political hardliners cancel each other out and solidify the power of the base.
Have you considered that Obama's regulating the distribution before Trump comes in and the main issue is that the FBI is both an intelligence and law enforcement agency?
I mean, if the FBI, Drug Enforcement Administration and Department of Homeland Security weren't in this group of 16, wouldn't the discussion be completely different?
Lastly, who says the minimization that the NSA had been doing itself so far didn't just consist of removing noise? The requests have been and will continue to be confidential after all.
Obama is a proponent of very strong intelligence agencies which certainly must be criticized, but the hysteria and fear-mongering that's happening right now completely misses the issues that have to be solved first, imho.
Obama is ultimately responsible for trying to ram an international Internet surveillance mechanism into law (https://www.eff.org/issues/tpp) and giving the NSA a free pass to conduct mass surveillance against American citizens without a warrant. (New rules issued by the Obama administration under Executive Order 12333 will let the NSA—which collects information under that authority with little oversight, transparency, or concern for privacy—share the raw streams of communications it intercepts directly with agencies including the FBI, the DEA, and the Department of Homeland Security, according to a report today by the New York Times. https://www.documentcloud.org/documents/3283349-Raw-12333-su...)
>"To use a non-digital analogy: It’s as if the NSA sent agents to the U.S. Postal Service’s major processing centers to conduct continuous searches of everyone’s international mail."
It's worth noting that U.S. Post Office also records meta data of all snail mail:
> and even invited Russia to hack the emails of his political opponent
For the 1000th time. He didn't (and it's amazing how often this gets repeated) 'invite' them. He said they should release the documents if they already had them.
Note the story line and then the exact quote here:
>For the 1000th time. He didn't (and it's amazing how often this gets repeated) 'invite' them. He said they should release the documents if they already had them.
The direct quote is as follows:
“I will tell you this, Russia: If you’re listening, I hope you’re able to find the 30,000 emails that are missing,”
It's hardly a stretch to read this as an invitation, despite the later claims of his handlers.
> It's hardly a stretch to read this as an invitation
It's an interesting Rorschach test.
What would be fascinating is to do an experiment where someone didn't have an emotional attachment to the issue and see how this is interpreted by different parties.
For that matter do the same with this issue merely see what people who fell on either side (or in the middle) thought.
I think a reasonable person could interprete that quote both ways. I'd note that the politico headline you linked says "Trump urges Russia to hack Clinton's email", and it is only a campaign spokesperson who said the opposite.
I'm curious to what HN crowd thinks about a question related to all this.
People are now under the assumption that US agencies are collecting all calls, emails, anything electronic for all citizens as it's technically possible and confirmation is slowly being revealed.
If a crime was committed to a citizen, how would said citizen legally make a request for information the NSA or any agency has that would be useful as evidence. Shouldn't all citizens be able to use what is being collected in court as the government is for the people? How would a person in court go about requesting anything if the possibility exists.
I know some people have already tried that and obviously failed. they just pull the "security" card and say any information they have cannot be disclosed in court because its a threat to national security. then they'd say those matters can only be conducted in a secret court where everyone has "security clearance", and oops - sorry plaintiff - you don't, so you're excluded from your own trial.
This was part of what happened to Ladar Levison, owner of Lavabit which was served with an NSL. He couldn't easily shop for a lawyer because he could only contact lawyers that were authorized to handle top secret material. And he had to appear at one specific court venue in Virginia even though he was from Texas.
If it will "just get worse" then there will be no "again".
Frankly, elsewhere people get jailed for speaking their mind, and you know what some of them do? Speak their mind. We face pretty much no repercussions other than it not being so fun to discuss it, some people pouting because it holds up the mirror to their cowardice, so we.. don't? Nah. This is the only way worms can get power, by giants lying down and falling asleep. So maybe just don't.
Warrantless? Thats really splitting hairs. Warrants arent a problem for national governments. The goal must remain protection against all surveillance ... full stop. There is no room for backdoors, even for those with warrants.
However, I want to quickly point out one omission in the discussion of the risks of allowing this kind of activity to continue:
If the NSA is effectively spying on everybody who communicates with a server outside the US, it is trivial for them (or another government agency) to fabricate traffic (presumably child pornography) in order to target someone.
The ACLU (and others similarly positioned to criticize this conduct) always rightly point to the risks to journalists and human rights activists of having their communications intercepted and accurately portrayed, but what about the ease of lying about it in order to target dissidents?
This seems like an obvious vector and deserves more attention and discussion.