[DigitalTerminal]

ROFL. Actually click through and read this document: https://www.aclu.org/legal-document/nsa-foia-documents-quart.... The title is super misleading. It has the NSA being the subject of the sentence, the entity doing the verb. If you read the document, it's clear that the NSA followed the law in how they sent requests over to the phone companies, and a couple companies made errors in what they sent back. When NSA discovered this, they reported it through the proper channels. This is like, the opposite of nefarious action, guys. A better title would have the phone companies as the subject of the sentence. "Phone companies improperly sent data to the NSA for a second time, documents reveal." Of course, being honest in the title wouldn't misinform and scare people...

[windexh8er]

While the document clearly states they received information they didn't request it also states they used said information. While it may be added time and labor NSA should be validating the information as a check and balance as this is a unique position for the carrier to be in. NSA trusts whatever they give them. Or... NSA has influence over individual(s) with carrier X to, whoops, accidentally send you everything. To be clear I'm not saying that is what happened, but it's a broken process on both sides of the coin.

The document also states they acknowledged that they have ingested data they shouldn't and don't have a timeline on when, if ever, they'll purge it. Apparently the purge process has begun, but the not having a timeline to remove seems to read "best effort, if we don't get it all oh well". The real response should be: we received tainted data and are required to remove it all for that timeframe and rerequest all of it within N days. If you're Equifax and accidentally send out everyone's SSN to someone requesting their credit history you don't just use an excuse that you don't know how to remove it. You're obliged to remove it all. There doesn't seem to be a process in place for this. Convenient oversight.

[SkyBelow]

The NSA outsourcing its work, be it by contract or by 'request' (given the power differences involved I wouldn't consider it a normal request) does not absolve that there is a a systematic problem with domestic spying going on here.

Taking into consideration how historical evidence has shown just how toothless proper channels are when improper behavior aligns with leadership goals and taking into account that the government has a long history of trying to use technicalities to outsource work that wouldn't be legal if done in house, I think we are beyond any benefit of the doubt.

I do agree we should be sure to inform people correctly. "NSA spying on Americans continues to function in a way that breaks legal limits while giving plausible deniability" does seem a bit better a title.

But the ACLU is a better spokesman than I:

>"These documents provide further evidence that the NSA has consistently been unable to operate the call detail record program within the bounds of the law," the ACLU said in a letter to Congress this week lobbying for an end to the program.

[eqbridges]

The majority of that document you link to is blacked out. Which part of it exactly are you referring to when you say it's clear that the NSA was in the clear on this?

[OrgNet]

of course the NSA would not hide something that makes them look bad and show us what makes them look good... /s

[setr]

That doesn’t mean you fill in the blanks yourself and go around pretending that was actually said..

[jessaustin]

No, by now we know what they do. Every time classified material is released through outside channels, it looks worse for them. At this time we'd have to be chumps to give them the benefit of the doubt.

[setr]

>At this time we'd have to be chumps to give them the benefit of the doubt.

That’s fine and well but I’m going to have to repeat myself.

That doesn’t mean you fill in the blanks yourself and go around pretending that was actually said..

[jessaustin]

Yeah, keep repeating yourself (I guess you have to?), despite all experience to the contrary, preferably with eyes closed and fingers in ears...

[OrgNet]

> we'd have to be chumps to give them the benefit of the doubt

yet, that's what the HN majority appears to do...

[cabaalis]

I agree with you. But I also see the possibility of a little bit of wink, wink, nod, nod. Someone makes a phone call and says "can you change that where clause a little bit?" Should be serious repercussions whenever data like this is shared improperly, and we should expect nothing less from NSA than we do others.

[atoav]

I am not a US citizen but doesn’t this “second time” refer to some kind of promise the NSA made not to spy on US citizen?

[jonathanstrange]

Not an expert on it, but I don't think so. They are and always have been allowed to collect information on US citizens that are in contact with foreigners. Many consider this a problem, because ultimately every US citizen is in contact with a foreigner at one time or another, but AFAIK the general rule has never changed.

For me and the vast majority of the world population the distinction doesn't matter, because according to US law the NSA is allowed to spy on us as they please. Of course, this practice is illegal were we live, but that's not going to bother them.

[sureaboutthis]

Contact with foreign entities when that person is under investigation for illegal activities. The NSA does not investigate your communication just because you call a foreign entity.

[sneak]

This is a false statement. The NSA does bulk collection of the data you describe.

[sureaboutthis]

Bulk collection of data has nothing to do with what I said.

[sneak]

Correct me if I am wrong, but is your argument “they aren’t investigating you, they are just collecting all of your call data and other traffic and storing it in case they want to investigate you later”?

[Zenst]

Laughs indeed, my initial thoughts when I read the title was that somebody had forgot to do the paperwork correctly and only filled the forms in twice instead of triplicate. I thought against posting that as it's sassy and not NH calabre.

Who knew that was along the lines of what happened.

Take away from this is, an external party from the NSA can make a mistake and the media will still blame the NSA.

But then security has always been one of those area's in which you are damned if you do and damned if you don't. Turns out it is also susceptible to being dammed for others mistakes. Mistakes which end up exposing security operations even.

[slips]

More like damned if do commit a bunch of civil violations, damned if you don't because you're still an untrustworthy agency.

[sneak]

Why do we believe that human beings have a right not to be spied on based on where they were born?

Why do we think mass surveillance is ok as long as it is constrained to the 96%+ of people who aren’t American?

What the NSA does is terrible. You should be scared of them and their actions even when they are operating within the “legal” bounds of section 215. This is never what the author of section 215 intended. This is why the DNI lied under oath to congress to cover up the program.

[denom]

How thin is the barrier between lawful collection and "accidentally" sucking up all the communication in the USA?

Seems like a major screwup like this is pretty normal for the NSA. Or at least they execute it with aplomb.

[Nasrudith]

Personally with spooks - known serial liars I find it best to assume malice in every case - they knew exactly what they were doing and they are trying to use stupid human tricks involving holding authorities to lesser standards.

One doesn't just oopsie into the Statsi's wet dream and it should be regarded with the incredulity of someome claiming they "accidentally" molested an entire elementary school.

[nerdponx]

Maybe HN should hide the "comment" button until you've clicked on the link.

[lmm]

HN was pretty good at self-policing until dang introduced a rule against accusing other users of not reading the article.

[wil421]

I used to police until I called out a new account that was literally copying and pasting the same stuff from a FB doc about privacy settings.

Then other hours old accounts staring commenting I should be banned for calling someone out.

[nerdponx]

You're still allowed to reply to their post quotes from the article that make it clear that they didn't read the article. I've also just done the "I know it's against the rules but did you read the article?" thing in the past. Haven't gotten banned yet.

I do wonder what the point of that rule is.

[dang]

"Did you even read the article" is a cheap shot that commenters routinely take at each other. It has nothing to do with the topic at hand, so it adds noise, not signal. Since it's a putdown, it provokes others and degrades discussion. If you take out the cheap shot and preserve the correcting information, the comment becomes better in every way.

You can think of it as a special case of this rule: When disagreeing, please reply to the argument instead of calling names. "That is idiotic; 1 + 1 is 2, not 3" can be shortened to "1 + 1 is 2, not 3." But it's a special case worth singling out, because it's so common, and it's bad for HN in two ways: mean and predictable.

[stronglikedan]

I think that's fair, as some people miss key quotes while scanning the article.

[de_watcher]

The whole point of HN is that you don't need to read the article.

[nerdponx]

Right, but the idea here is that you shouldn't be allowed to comment until you've at least apprised yourself of the subject.

Of course, hiding a button with JavaScript is trivially defeated by your typical HN user, but I want to assume at least to some degree of good faith... this would be more of a "commitment device" than anything.

[hsnewman]

Love this idea (but I didn't click the link yet) :)

[soup10]

The news has reported that the NSA gets court orders to install their black box hardware in datacenters and taps fiber cables. What reason is there to believe they've stopped their dragnet operations?