TBH after reading that it still sounds like JP Morgan or Roosevelt is a safe attribution choice there. The particular structure of the sentence combined with "commonly used by" or "made popular by", etc is sufficient IMO. Quote sourcing is always a bit vague.
Or maybe just saying "as the commonly used phrase goes" is better.
I don't entirely disagree, but I feel like quotations are so often used in discourse without any context, and with a problematic sort of "pure" attribution to the genius of the person quoted. Quotations from Einstein or Lincoln are frequent examples of this, even where the quote is not misattributed.
Of course, blatant misattribution is also so dang common that it seems better to me in general to cite some kind of context or whatever. Plus (for me, a prior editor) use of quote marks typically implies verbatim, citable quotation, so that's a factor whether the attribution is "safe", as you suggest.
Not to criticize anything here at all; I just wanted to throw in some of that sweet sweet context!
This is the correct assessment. It is on those making claims that require the burden of proof.
The claim is that "sacrificing liberty is providing us more safety" __not__ "our sacrifice of liberty has been ineffective at providing more safety." The latter statement comes from the lack of proof from those that carry the requisite burden. The former claims were made when liberty was initially eroded. Now that we have had time and calmed down people are asking "was it worth it?" and no one has provided a compelling "yes, here's (with evidence) why".
We can look at the types of things that have been caught during this period and how. Using that we can get an idea of what kind of threat are out there and it's mostly a) successful lone wolves who don't get caught and b) troubled people who get into a plot made entirely of FBI informants/agents from start to finish.
I agree - the article does a horrible job of proving this case, it merely mentions a mysterious 'panel' and an 'independant' commission's study.
The problem is that this article, and the resopnses to it, are focusing on the wrong thing: The efficacy of violating ones consitiutional rights should have no bearing on wether or not that violation is legal.
Now go through them and weed out the plots that were actually sting operations where all the motivation, allies, funding and training came from three letter agencies in a million dollar operation to trick an angry young Muslim man into building a bomb instead of just graffitiing walls with ACAB.
How can you prove that clandestine operations do or do not help? If it goes well, no one will ever know. If it fails, it's either covered up or is a huge scandal. It seems contrary to the entire idea of cover intelligence to claim success or failure.
This article links to a report that gives a number for terror incidents and how many were foiled.
You can see a map here: https://www.typeinvestigations.org/domesticterror/ which talks about the incident, and in the case of foiled incidents, links to something like court proceedings. This doesn't necessarily show clandestine operations led to foiling them vs regular police work, though...
> Most of the Islamist incidents are thwarted plots, indicating a significant investment of law enforcement resources. Most of the others are successful acts in which attackers damaged property or inflicted human casualties.
Seems to say that surveillance does work, but that we're perhaps surveilling the wrong people/in the wrong proportions. It could be consequence of homegrown terrorism being, errr, homegrown, which therefore entails the much more legally tricky surveillance of American citizens. Islamic terrorism tends to be funded/trained/orchestrated abroad, where collaborators don't enjoy the same freedoms from surveillance.
Those are publicly known cases and just normal counter terrorism investigations. This isn't applicable to clandestine US surveillance as seen in the FISA courts. FISA courts very much fall into "US surveillance" law but are kept secret.
I'm not sure what the alternative is. Without some form of surveillance, you're never going to catch terrorists or other bad actors. You do, however, need to make sure there are strong checks and balances in place to ensure that people don't use it for nefarious purposes or for personal gain.
Yes, the point of the article is that there are very few if any checks and balances.
If you support anything but paying lip service to checks and balances then you would support restricting US government's surveillance powers and requiring a warrant in many more instances than it is required today (almost never when it comes to the NSA, and now the FBI and other agencies can warrantless look at your data before going to court, too, thanks to the latest FISA extension).
Reasons behind the kind of terrorism for which mass surveillance is enforced (e.g., Muslim fundamentalists against American interests) have deep historical roots, too messy to be addressed.
Britain and France had geopolitical and business interests in the Middle East since the 18-19th century. America since the 20th, when oil suddenly had all the spotlight.
Fundamentalists are convinced that "the West" is the Devil on Earth. No political force can pacify fundamentalists nor avoid future generations.
You're conveniently ignoring the fact that the US has historically ruined entire countries for multiple generations just to benefit itself. Maybe if we'd stop carpet bombing other countries we'd have fewer people that hate us.
Most of the problems in the Middle East, at least with regards to them hating the US, are because the US did something to directly make them hate the US. Iran, Iraq, and Afghanistan - at least in their current iterations - are all problems the US created. This is barely even beginning to describe the list of atrocities the US has committed against other countries.
The US has terrorists because the US creates terrorists, sometimes from us terrorizing other countries that are too insignificant for the world to take notice.
If you think I'm being hyperbolic, look into the history of US drone strikes just for a very recent example of the US leveraging its military superiority to decimate other countries. What's interesting is it gets worse regardless of the president.
I'm not ignoring those facts about the destructive role of America in the Middle East. What I'm alluding to is that fundamentalists hating the West have way more "historical ammo" for their arguments than just pointing at the US. It's just that the current biggest offender is America (which makes it the main target for terrorism). Before that, it was Britain.
On a grand historical scale, the Powers That May at any given point in time become the main offender against those having something of value. Next time it'll probably be China (beginning with the "Security Theater" [1] in Xinjiang).
Some people think terrorists will always exist (despite them very clearly growing in numbers) when it's actually governments and the US in particular that radicalise most of them by bombing their countries.
After September 11, the typical number of deaths from terrorism in a given year was...0, give or take a few, with a disconcerting uptick since 2013. Great, our efforts to curb terrorism are working!
From 1975-2001, the typical number of deaths from terrorism in a given year was...2. Wait, the massive surveillance state has saved 2 lives a year? What? We saved more lives by posting a guard at the Caltrain tracks in Palo Alto to keep people from killing themselves.
By the numbers, terrorism just wasn't a problem, because rational people don't blow themselves up to make a point. Mentally ill people do, and a significant number of mass shootings are not counted in the terrorism statistics but actually kill far more people. But by making terrorism into a big bogeyman that's going to kill you, it feeds into the interests of the media, of the state, and of the military-industrial complex, and so there are a lot of powerful forces shaping the discourse around terrorism that aren't necessarily reflective of reality.
The structure of your statement has problems not related to the topic at all. When you take something away that never (or rarely) happens, how do you establish causality?
Suppose I told you that taking bazookas away from people that live in the city prevents bear attacks? You might say that there aren't bear attacks in the city anyway, which would be true, but you couldn't prove it one way or another. Who knows, maybe there would have been one bear attack if people ran around with bazookas shooting up the nearby forest.
Now add in the complexity that terrorism is more like a rate than a yes/no question. What if I told you that taking away bazookas in the city reduced the crime rate? Well, the crime rate in many cities has decreased, but how are those two related? Once again, we're left with a statement that might sound good to some and bad to others -- and no way to reasonably discuss it.
The only thing we can say with certainty is that no matter what we do, terrorism will continue exist. We can never eliminate it no matter how hard we try. So unless we want each new terrorist act to wreak havoc with massive changes on our societies, we're really talking about trade-offs here. How much stuff do you want to give away for a 50% reduction in terrorism? And once you come up with that answer, how would you know if your giving those things actually was the thing that reduced it?
It's one thing when a pubic discussion has reasonable people talking about the various sides. It's another thing entirely when we start injecting these semantic landmines into our conversations. I'm not saying you're wrong or right; I'm saying there is no way to know.
I agree with your general thesis. The "And once you come up with that answer, how would you know if your giving those things actually was the thing that reduced it?" seems "simple" enough in that it would result in a number of arrests involving the methodology of surveillance in question. You couldn't say they wouldn't have been caught otherwise but you could at least say "X has produced Y for these cases." no?
No. Because 1) X itself may enable Y which might not otherwise have occurred and 2) since resources are finite doing X to yield Y means that you couldn't do Z instead which you might value more than whatever utility you got from Y.
Interestingly, the point of terrorism is to wreak massive changes on societies. The total death toll of all terrorist attacks in the U.S since 1970 is 3781; that compares to 3836 killed in the Iraq War; 36,500 killed annually in car accidents; and 291,557 killed by WW2. In terms of risk to our physical persons, the terrorists suck at it.
When Sept 11 happened the popular meme for why we were attacked was "Because they hate our freedom." On a strategic level, they're doing a dramatically good job at winning: look at how much our freedom has been curtailed since then. And they can do it without touching an American; rather, the fear of what they might do provokes the U.S. government into destroying our freedom for them.
(A secondary goal for Osama bin Laden was to bankrupt America, something they are also winning at: since 2001 the U.S. national debt has grown from $6T to $23T.)
> How much stuff do you want to give away for a 50% reduction in terrorism? And once you come up with that answer, how would you know if your giving those things actually was the thing that reduced it?
You are totally right of course, but the public "debate" around these kind of issues is so emotion-driven that this line of questioning is never explored. Humans generally want someone in power over them that will grant them safety and security, and a sense of certainty that nothing bad will happen to them. Any argument that relies on probability and the idea of trade-offs will never be effective in the public square of a democratic society
You can't catch "terrorists" with surveillance and even generally bad actors, except for some naive desperate people doing stupid things. What you can do with surveillance is catch dissidents, create some chilling effect on dissent and overall use it as a tool to suppress dissent. It's basically a power supporting tool, nothing more.
Assuming that surveillance works (and I'm not really sure it works well) then the alternative is terrorism and crime. I agree we need some level of surveillance, but the question is at what point do the risks of the surveillance (suppression of democracy / dissent, self-censorship, loss of privacy / liberty, concentration of rich data for misuse by bad actors, etc) outweigh the risks of terrorism and crime? Just because we can bring terrorism and crime to zero with max surveillance, doesn't mean that it's in the best interest of society to enable such a system.
Personally, I'm willing to accept a level of risk from terrorism and crime if it means that I get to live my life the way I want to without being constantly monitored by government.
Regarding checks and balances, it's extremely hard to have robust authorization when the group calibrating and performing the authorizations is the same group or adjacent to the group who wants to look at the data. To do it well you need true, apolitical, independence between gatekeepers and users, and users can never be in possession of the actual data because access control can be easily bypassed if this is the case. We have never had that in this country, countermeasures against misuse always seem to be non-transparent and policy based rather than technical (ie secret courts and warrants that no one can actually audit), and data is repeatedly misused over and over with no consequences (eg parallel reconstruction, people spying on partners, people spying on celebs, etc).
All of this eventually boils down to skin in the game. What price does government and its minions pay for the surveillance ? If it is too low then those powers will be abused, if it is too high then they will be less willing to use it.
NSA is combing through voice phone data, and that's totally useless. As depicted in Jack Ryan (communication via an online game), the bad actors will find rather elegant ways to bypass at.
I can embed standard EXIF metadata into an image and send it to someone's facebook wall. You think NSA is looking at that?
For the most part, surveillance is irrelevant to catching terrorists or other bad actors. The track record of catching terrorists using surveillance is pitiful.
The reason is simple: terrorists and bad actors assume they're being surveiled, and take countermeasures, and those countermeasures are far more effective than the surveillance. Anyone with moderate technical knowledge can use GPG and Tor. It's not rocket surgery.
The people caught by surveillance are for the most part uneducated young men of color who are driven into low-level drug dealing by poverty, and anyone who thinks that putting these people in jail is an effective measure against drug addiction is willfully ignoring the evidence.
> They stipulate that any evidence of an American committing a crime that is found incidentally in the course of foreign intelligence operations must be shared with the Justice Department. Furthermore, they permit analysts to use metadata (logs revealing who contacted whom and when they did so) to investigate unknown associates of targeted suspects.
And I thought FISA section 702 was bad. I don't think long-time surveillance laws fighter Senator Ron Wyden has ever mentioned in public that EO 12333 was also capable of backdoor searches on Americans, just that FISA 702 would enable that. But it sounds to me like both of them enable backdoor searches on Americans and fishing expeditions.
Seriously, how is the NSA dragnet finding crimes Americans are committing and then alerting law enforcement about it not a fishing expedition? Isn't that supposed to be unconstitutional?
> The Privacy Issue is brought to you by the team behind IVPN. Get to know IVPN’s mission and download the app to browse privately and securely.
Ugh. It's a fine article, but I worry the VPN industry's constant mis-selling of services under the banner of privacy will eventually taint the message.
What is the mis-selling exactly? Doesn't seem to me that they're saying using their VPN will make you impenetrable to dedicated actors with nation-state resources. VPNs do help maintain one small level of privacy (namely from your ISP), and if you're using one it's a good bet you'll be interested in other privacy concerns too.
There are a lot of VPNs with really bogus claims on their websites but I didn't notice anything appalling about this.
Between TLS and DNS over HTTPS, the number of things an ISP can reliably discern from your traffic is becoming vanishingly small. Once the TLS SNI plaintext hole is closed, it becomes smaller still.
One can argue that IPs and ports matter, but if all the IPs you visit are in AWS (and their ilk) over 443 (including real time communication protocols), it becomes meaningless.
I apologize for a somewhat snippy comment, but the idea that VPNS don't really protect against bad ISPs comes up all the time, and it drives me bonkers.
> Between TLS and DNS over HTTPS, the number of things an ISP can reliably discern from your traffic is becoming vanishingly small.
A) While encryption is commonplace, not everything on the web is encrypted. The most recent stats I can find[0] say that about 3-10% of common web traffic is still not encrypted. If you're browsing more interesting parts of the web (ie, old forums and independent sites, and not just Facebook/CNN) your stats are probably worse.
B) Even if all of the websites you visit are fine, a nontrivial portion of native apps also don't use encrypted endpoints, because unlike on the web there were never native warnings or lock icons in a URL bar to force them to make the change.
C) Even if the server is using TLS, there are numerous attacks based around measuring packet delivery times and request sizes to figure out exactly which static pages of a domain you're visiting. This is why Linux package managers have widely dismissed HTTPS -- it provides no privacy for their specific use-case, because anyone can figure out what you're downloading just by counting how many bytes get sent to you.
D) So you just turn on DNS over HTTPS, right? Sounds good, except pretty much none of your native apps or dedicated devices like game consoles, e-readers, and smart-home appliances support it unless you're handling it on the network level. Even if you are doing DOH on your router, it's not uncommon for dedicated devices to bypass your DNS settings entirely. Even Google is guilty of this, for a long time you could not set a Chromecast to use a custom DNS server.
E) Even if you have DNS over HTTPS, you still need to worry about SNI, and encrypted SNI still has relatively low adoption on the web outside of industry-leaders like Cloudflare.
----
But let's assume that none of the above applies to you. You're connecting to a site that's using TLS 1.3 and supports encrypted SNI. You're using DNS over HTTPS. In that scenario, knowing the IP/port of the server you're connecting to can still be good enough to unmask the domain.
You do bring up this point, but then you kind of just skip over it.
> One can argue that IPs and ports matter, but if all the IPs you visit are in AWS (and their ilk)
But they're not. Yes, if every single site I visited had the same IP, I'd be fine leaking that information. But they don't all have the same IP. I visit plenty of sites that are being hosted on independent hardware, on Linode servers, and so on. Servers with unique, static IPs are not uncommon.
Not only is this bad advice in the sense that it just isn't true, it's also bad advice because it's tying security/privacy to centralization. We want people to host their own stuff online, we don't want everyone to be on AWS and Google Cloud. We want diversity of hosting.
----
Finally, although I understand you're only talking about ISPs above, it's also worth noting that the point of a VPN is not just to obscure your traffic from your ISP, it's also to obscure your IP address from the sites you visit. That's also an idea that gets regularly dismissed by a vocal subgroup on HN, who are apparently of the opinion that the entire TOR project is just a waste of time because IP addresses don't actually matter.
VPNs are not a perfect solution. They're arguably not a even a good solution. But the problem that they're trying to solve does exist. There are reasonable, strong arguments to make against VPNs: that they aren't magic, that they're deceptively marketed, that shifting trust can be problematic. "IP addresses aren't worth protecting", or "DNS is fine already", are not reasonable arguments.
> but if all the IPs you visit are in AWS (and their ilk) over 443 (including real time communication protocols), it becomes meaningless.
Perhaps, but what about all the traffic that doesn't go to AWS or use port 443? The vast majority of my traffic doesn't do those things, and very probably won't within my lifetime.
I don’t have the time right now to do this, but someone with it (and probably more technical experience than me in that field) should write up a no BS guise to what these popular VPN services really are offering. It’s been hard, over the last couple months especially it seems, to wade through all the new products these companies are constantly dropping in this space.
My naive understanding of these common service VPNs is they provide privacy (when properly configured) from a physical network. Otherwise they aren't much different than an IPS. Once on the other end, everyone still know who you are. They don't provide privacy on the internet.
> VPNs do help maintain one small level of privacy (namely from your ISP)
So you've transferred the lack of privacy from one company (your ISP) to another (your VPN vendor). Heck - look what happened to Onavo - facebook bought them and reaped a treasure trove of private browsing habits.
That hasn't proved to be the case. Nor does it appear so anyways, they have a commercial interest to appear as though they are interested in keeping your browsing private.
A VPN hiding your traffic from the websites you visit relies on substituting the VPNs IP for your own. If you're your own VPN, your VPN's IP is your IP.
I've used self-hosted VPNs running on AWS LightSail to have privacy from wifi operators I didn't trust, but it doesn't work for higher levels of surveillance than that.
For example, if your VPN runs on a server with a dedicated or at least relatively persistent IP and you're the only one using it an upsteam of the server like an ISP or a network of sites could track you cross-site and use that data to deanonymize.
I use DuckDuckGo for web searches. Technically, I've just transferred my lack of search privacy from one company (Google) to another (DuckDuckGo).
I would of course prefer a zero-trust solution, but absent that, can I at least avoid giving my data the companies that are openly spying on me right now? At least until we figure out how to make Tor scale better for normal usage like streaming/games?
Transferring trust is definitely problematic, but it's also a thing that we do basically every single day all the time, and it's only in the context of VPNs where I see people suddenly advocating that anything less than a zero-trust solution is useless. Zero-trust solutions are the exception when we deal with companies. Most of the time we're just moving/centralizing trust.
> VPNs do help maintain one small level of privacy (namely from your ISP)
I never really saw that as a VPN's main purpose. Far from cutting out the ISP, you now have 2 ISPs. One that can see "everything" and another that can make inferences about your habits by analyzing your encrypted traffic.
The job a VPN actually does really well is hide your IP from sites and services that you visit which reduces the information they have available with which to track you.
Most terrorists in the US happen to be white (and really just because it's the majority race), but the media and government fail to use the term "terrorist" if they are white. That in turn results in them being busy racially profiling against colored people and foreign nationals and overlooking a lot of culprits.
Also, nobody is born a terrorist. They're overly fixated on catching terrorists instead of preventing terrorism altogether. Domestic crime, including terrorism, is the result of a broken education system. If you want to fix domestic terrorism, fix education, fix mental health, fix life in general for US citizens, and a lot of problems will quite literally magically disappear.
- Number of gun deaths in the US in 2019: 15381
- Number of mass shooting incidents in the US in 2019: 434
- Number of deaths actually reported as being due to "terrorists" in the US in 2019: 0
That's probably true. However the US government should really be putting more effort into protecting its own residents at home, in terms of the most likely actual threats. Calling all forms of terror "terror", regardless of the color of the culprit, is probably a good first step.
The City of San Francisco designated the NRA of all groups as a terrorist organization. There are plenty of institutional actors itching to label white terrorism, even past the point of sanity.
The threat of terror gives power to the State. Power seeks more power. The State does not erode freedoms in support of safety. The State erodes freedoms to achieve more power. Terror is the excuse. It is the State's greatest tool.
People say these types of things, but they don't revolt. Have we reached a point where we are okay with a corrupt government as long as amazon prime ships us our toys within two days? Convenience and comfort seems like it's worth more to people than liberty and a good conscience.
> It is a quotation that defends the authority of a legislature to govern in the interests of collective security. It means, in context, not quite the opposite of what it's almost always quoted as saying but much closer to the opposite than to the thing that people think it means.
> And maybe it doesn't matter so much what Franklin was actually trying to say because the quotation means so much to us in terms of the tension between government power and individual liberties. But I do think it is worth remembering what he was actually trying to say because the actual context is much more sensitive to the problems of real governance than the flip quotation's use is, often.
I think the second quote is important, because sayings change over time and the meaning they hold changes too. That is the progression of language.
The state, much like corporations, are operated by individuals but are not really "made up of" individuals in the way that your statement implies. They are machines that have their own goals, interests, and methods that are distinct from those of any of the individuals who help operate them.
Individuals may only be seeking more power to better do their jibs and serve to the benefit of the people.
But bureaucracy is just so evolves that it perpetuates the problem it was created to solve. Trivially, those agencies which reliably have achieved their goal get disbanded as no more needed, the only remaining in the long term are such whose goals are elusive.
This is how well-intentioned, honest people try to grab more power for their agency, because it seems to help achieve that elusive goal.
(To say nothing of people with less integrity in a position of power.)
Are you saying the state is effective? That there is no terrorism to counter act. The title seems to suggest the state needs more power or different tatics because there is terrorism that is not beong effectively acted againts.
Great informative article, but at times the posing is naive or supporting a certain narrative.
For instance: The government goes after Islamic terrorists and Mexican illegal immigrants. So what to complain about? Mix cause and effect to pose the illegal immigrants as targeting based on race. Or pose the extremist religious as vulnerable Muslims, targeted on religion. Remove their status as far away from the cold-hard reality, so you can claim racism and prejudice and use that to cripple surveillance. But the suspect is a "citizen"! All weasel words to stay away from the real dirt. Let's go after the atheists for counter terrorism, so we don't discriminate in the eyes of the ACLU...
Then the "ineffective against terrorism"-claim. This can't be supported, because no clear numbers/cases are known. Then conflate laws against terrorism with actual actions against terrorism: Sure, no law directly contributed against countering terrorists, but the surveillance certainly did. Thanks NSA for passing along information to my country many times, so we could capture really dangerous people before they could strike.
Anti-terrorism is also a red herring for surveillance efficiency. Surveillance predominantly used for other national security purposes, such as counter intelligence, foreign intelligence, border safety, crime fighting, and even economic espionage.
Sure, posing any immigrant as a bad hombre, potential MS-13 gang member, selling your children fentanyl-laced drugs, is ridiculous. But the other side of that same coin is posing bad people as vulnerable undocumented citizens who are being targeted on race. It does not do justice to the situation on the ground.
The cold-hard reality is that states who have established a system of domestic surveillance have sent millions of their own citizens to crematoriums.
Sane nations have destroyed your political faction back in sixties.
Pro-communist, race chauvinists who look up to Mao for inspiration were thrown in the garbage bin of history, and thank god for that.
Very fortunately, America of today is not Cambodia, nor Laos, and you all have to thank Rockefeller commission for grinding the legacy of Allen Dullest to dust
You are using the same tactic I described: State surveillance has the potential to turn us all into Nazi's, so state surveillance is inherently bad. How can I ever hope to support the good of state surveillance for national security when I have to defend the Stasi? I can't. You (God)win.
It is intellectually dishonest to pose the effort of governments to combat illegal immigration as a targeting of people based on race. It is a sensitivity trap that shuts down our rational faculties. Yes... all religious extremists are also religious. Most immigrants have a different race. Yes, being an undocumented immigrant makes you vulnerable. But deserving of coddling, because they happen to also share a protected variable? No.
The only measure that needed to be done after 9/11, and it's surprising why this very effective measure wasn't implemented before - securing access to the pilot's cabin. Everything else is overreaction cause by power grabbing by "security agencies" and politicians trying to score. The whole security system of today's world (especially in flying) is one pointless thing after another, holding on the a fear of "what if".
Nor when we give licences and large vans/trucks to people who want to crash them. It's about managing risk and historically most hijackings have been by passengers and there is no significant loss to securing it with passenger jets having two pilots (ie, if one passes out), its win-win.
Meanwhile the vast majority of what the TSA and a significant-enough chunk of what security agencies do is pure theater, in exchange for a significant headaches and loss of privacy/dignity/time/etc of citizens who fund and technically support such organizations - and everyone else visiting the country as it deters plenty of tourism and business travel.
The FAA still systematically pulls medicals for mental health issues rather than allowing treatment. If your livelihood and a couple hundred thousand dollars of debt depend on it, you'll conceal extreme depression just fine. Pilots are terrified of getting help and an absurd proportion of the community is suffering from depression as a result.
what are you saying here? you would argue that cabin should not be secure, so as to guard against a hypothetical attacker who completes professional pilot certification and gets a job as a copilot for the sake of (hopefully) overcoming the captain 1 versus 1 and brings down the plane?
Well, no, actually it was impossible to get into the cabin from outside long before 9/11 (in fact, I think since the 70’s). The hijackers smuggled box-cutters on board and used the box cutters to kill stewardesses until the pilot agreed to open the door - after which they had full access to the plane.
That's the problem -- that there was a door that could be opened. It seems to me that there shouldn't be. The pilots should have their own separate entrance from the exterior of the aircraft.
> the pilots occasionally need to be able to get back to the cabin for troubleshooting in emergencies and to use the toilet/crew rest.
Toilet, crew rest, and meals can be provided in the pilot's cabin. Troubleshooting may be a good point, but perhaps it would suffice to have a tech in the non-cabin portion of the plane.
In any case, it was just a thought. This is not an issue that I actually have a strong opinion about either way.
Is that actually the problem though? Or is it that you are still here discussing of ways to prevent airplane hijacking in a world where cows still kill more people that airplane hijacking terrorists?
I don't mean to come across as condescending, I believe that as long as we spend our time talking about possible "solutions" to what-if, abstract problems, without addressing the real issues, we are just going to waste our time.
This is a pretty absurd thing to say. Natural or accidental deaths are different than planned attacks. There is no shortage of murderous, suicidal people. If you made it easier for them, more of them would go for it. The 3 successful attacks on 9/11 contributed something like an extra 20% to the US murder rate. That’s not insignificant.
Also, we do spend an enormous amount of money on safety in the US. Why do you think the absolute cheapest new cars in the US are two to four times as expensive as new cars in countries that don’t have the same kind of safety standards (e.g. Mexico or India)? And because of the tort system, businesses spend untold amounts of money making their facilities and products safer in general.
Lot of people in the world and the commenters in this thread are not the worlds reduce death task force. Speculating on how to secure planes here has zero impact on others speculating about how to make cows less dangerous.
No but IMO the motivation to speak in these matters probably owes more to reducing death than specifically securing an airplane. Similarly, if someone is talking about chemical X in food, they are likely concerned with their health in general as opposed to a specific cause of chemical X.
It would be a bit distracted to worry about chemical X when there are way more pressing issues on where to shine the limited spotlight of attention. Let those who are concerned with health speak to the spending of precious attention, and let those who are concerned with X discuss the loss of focus on X. Somewhere people will switch sides and a meta conversation will form in terms of resource allocation and framing.
Which you can still totally do with zero effort? Razor blades/utility blades don't really show up well on the xray machines. If you know how the machines work you can get one through 100% of the time.
Also, they don't forbid you from bringing an abrasive stone through with which you can make a shiv out of LITERALLY ANYTHING.
What's changed is twofold. Physical access to the cabin, and the knowledge that no pilot will ever let another soul onto the flight deck no matter how many people they can shiv to death.
The flight attendants union is also lobbying for all the extra security. They're well aware that thanks to their corporate overlords, flying is paramount Chinese water torture and they'd rather everyone be safely disarmed for when someone inevitably loses it.
The most significant security response to the novel parts of the 9/11 attacks was done by the passengers on flight 93. It took an hour and seventeen minutes for them to get the news and adapt the strategy to hijackings.
Germany seems to be moving in the other direction. I assume they can do this because unlike the US, Germans can point to their own history with secret police and authoritarian states as cautionary tales.
Not that other countries couldn't also look to Germany's example, but that would require trans-national empathy so LOLno.
Law enforcement, tasked with catching the baddies, always wants more ability to complete their task: more surveillance, more laws, and more firepower. That's as it should be.
The problem is the lack of heavy-weight counter-balance, always demanding more privacy, fewer laws, and less firepower. The best we've got is "the status quo" and a few non-profits (that thankfully are punching way above their weight class).
Without such a counterbalancing agency, each small gain by law enforcement rarely reverts, so rather than oscillating between a bit too much freedom and a bit too much policing we have an arrow moving us steadily toward a police state.
134 comments
[ 3.2 ms ] story [ 193 ms ] threadOr maybe just saying "as the commonly used phrase goes" is better.
Of course, blatant misattribution is also so dang common that it seems better to me in general to cite some kind of context or whatever. Plus (for me, a prior editor) use of quote marks typically implies verbatim, citable quotation, so that's a factor whether the attribution is "safe", as you suggest.
Not to criticize anything here at all; I just wanted to throw in some of that sweet sweet context!
> "The patchwork of U.S. surveillance laws has proven ineffective at countering terrorism"
Where is the proof? I can not find it in the article.
The claim is that "sacrificing liberty is providing us more safety" __not__ "our sacrifice of liberty has been ineffective at providing more safety." The latter statement comes from the lack of proof from those that carry the requisite burden. The former claims were made when liberty was initially eroded. Now that we have had time and calmed down people are asking "was it worth it?" and no one has provided a compelling "yes, here's (with evidence) why".
The problem is that this article, and the resopnses to it, are focusing on the wrong thing: The efficacy of violating ones consitiutional rights should have no bearing on wether or not that violation is legal.
This article links to a report that gives a number for terror incidents and how many were foiled.
You can see a map here: https://www.typeinvestigations.org/domesticterror/ which talks about the incident, and in the case of foiled incidents, links to something like court proceedings. This doesn't necessarily show clandestine operations led to foiling them vs regular police work, though...
Seems to say that surveillance does work, but that we're perhaps surveilling the wrong people/in the wrong proportions. It could be consequence of homegrown terrorism being, errr, homegrown, which therefore entails the much more legally tricky surveillance of American citizens. Islamic terrorism tends to be funded/trained/orchestrated abroad, where collaborators don't enjoy the same freedoms from surveillance.
If you support anything but paying lip service to checks and balances then you would support restricting US government's surveillance powers and requiring a warrant in many more instances than it is required today (almost never when it comes to the NSA, and now the FBI and other agencies can warrantless look at your data before going to court, too, thanks to the latest FISA extension).
Britain and France had geopolitical and business interests in the Middle East since the 18-19th century. America since the 20th, when oil suddenly had all the spotlight.
Fundamentalists are convinced that "the West" is the Devil on Earth. No political force can pacify fundamentalists nor avoid future generations.
Most of the problems in the Middle East, at least with regards to them hating the US, are because the US did something to directly make them hate the US. Iran, Iraq, and Afghanistan - at least in their current iterations - are all problems the US created. This is barely even beginning to describe the list of atrocities the US has committed against other countries.
The US has terrorists because the US creates terrorists, sometimes from us terrorizing other countries that are too insignificant for the world to take notice.
If you think I'm being hyperbolic, look into the history of US drone strikes just for a very recent example of the US leveraging its military superiority to decimate other countries. What's interesting is it gets worse regardless of the president.
On a grand historical scale, the Powers That May at any given point in time become the main offender against those having something of value. Next time it'll probably be China (beginning with the "Security Theater" [1] in Xinjiang).
[1] https://www.schneier.com/essays/archives/2009/11/beyond_secu...
What change? Why don't you let them effect those changes?
The article: Surveillance fails to catch terrorist.
Your argument: Without surveillance we cannot catch terrorist.
My question: How are we catching them now? How did we catch bad actors and saboteurs before surveillance?
https://en.wikipedia.org/wiki/Terrorism_in_the_United_States...
After September 11, the typical number of deaths from terrorism in a given year was...0, give or take a few, with a disconcerting uptick since 2013. Great, our efforts to curb terrorism are working!
From 1975-2001, the typical number of deaths from terrorism in a given year was...2. Wait, the massive surveillance state has saved 2 lives a year? What? We saved more lives by posting a guard at the Caltrain tracks in Palo Alto to keep people from killing themselves.
By the numbers, terrorism just wasn't a problem, because rational people don't blow themselves up to make a point. Mentally ill people do, and a significant number of mass shootings are not counted in the terrorism statistics but actually kill far more people. But by making terrorism into a big bogeyman that's going to kill you, it feeds into the interests of the media, of the state, and of the military-industrial complex, and so there are a lot of powerful forces shaping the discourse around terrorism that aren't necessarily reflective of reality.
Suppose I told you that taking bazookas away from people that live in the city prevents bear attacks? You might say that there aren't bear attacks in the city anyway, which would be true, but you couldn't prove it one way or another. Who knows, maybe there would have been one bear attack if people ran around with bazookas shooting up the nearby forest.
Now add in the complexity that terrorism is more like a rate than a yes/no question. What if I told you that taking away bazookas in the city reduced the crime rate? Well, the crime rate in many cities has decreased, but how are those two related? Once again, we're left with a statement that might sound good to some and bad to others -- and no way to reasonably discuss it.
The only thing we can say with certainty is that no matter what we do, terrorism will continue exist. We can never eliminate it no matter how hard we try. So unless we want each new terrorist act to wreak havoc with massive changes on our societies, we're really talking about trade-offs here. How much stuff do you want to give away for a 50% reduction in terrorism? And once you come up with that answer, how would you know if your giving those things actually was the thing that reduced it?
It's one thing when a pubic discussion has reasonable people talking about the various sides. It's another thing entirely when we start injecting these semantic landmines into our conversations. I'm not saying you're wrong or right; I'm saying there is no way to know.
When Sept 11 happened the popular meme for why we were attacked was "Because they hate our freedom." On a strategic level, they're doing a dramatically good job at winning: look at how much our freedom has been curtailed since then. And they can do it without touching an American; rather, the fear of what they might do provokes the U.S. government into destroying our freedom for them.
(A secondary goal for Osama bin Laden was to bankrupt America, something they are also winning at: since 2001 the U.S. national debt has grown from $6T to $23T.)
You are totally right of course, but the public "debate" around these kind of issues is so emotion-driven that this line of questioning is never explored. Humans generally want someone in power over them that will grant them safety and security, and a sense of certainty that nothing bad will happen to them. Any argument that relies on probability and the idea of trade-offs will never be effective in the public square of a democratic society
Personally, I'm willing to accept a level of risk from terrorism and crime if it means that I get to live my life the way I want to without being constantly monitored by government.
Regarding checks and balances, it's extremely hard to have robust authorization when the group calibrating and performing the authorizations is the same group or adjacent to the group who wants to look at the data. To do it well you need true, apolitical, independence between gatekeepers and users, and users can never be in possession of the actual data because access control can be easily bypassed if this is the case. We have never had that in this country, countermeasures against misuse always seem to be non-transparent and policy based rather than technical (ie secret courts and warrants that no one can actually audit), and data is repeatedly misused over and over with no consequences (eg parallel reconstruction, people spying on partners, people spying on celebs, etc).
I can embed standard EXIF metadata into an image and send it to someone's facebook wall. You think NSA is looking at that?
It's not that hard.
The reason is simple: terrorists and bad actors assume they're being surveiled, and take countermeasures, and those countermeasures are far more effective than the surveillance. Anyone with moderate technical knowledge can use GPG and Tor. It's not rocket surgery.
The people caught by surveillance are for the most part uneducated young men of color who are driven into low-level drug dealing by poverty, and anyone who thinks that putting these people in jail is an effective measure against drug addiction is willfully ignoring the evidence.
There are alternatives:
https://www.youtube.com/watch?v=LufSe8-50-s&
> They stipulate that any evidence of an American committing a crime that is found incidentally in the course of foreign intelligence operations must be shared with the Justice Department. Furthermore, they permit analysts to use metadata (logs revealing who contacted whom and when they did so) to investigate unknown associates of targeted suspects.
And I thought FISA section 702 was bad. I don't think long-time surveillance laws fighter Senator Ron Wyden has ever mentioned in public that EO 12333 was also capable of backdoor searches on Americans, just that FISA 702 would enable that. But it sounds to me like both of them enable backdoor searches on Americans and fishing expeditions.
Seriously, how is the NSA dragnet finding crimes Americans are committing and then alerting law enforcement about it not a fishing expedition? Isn't that supposed to be unconstitutional?
Ugh. It's a fine article, but I worry the VPN industry's constant mis-selling of services under the banner of privacy will eventually taint the message.
There are a lot of VPNs with really bogus claims on their websites but I didn't notice anything appalling about this.
One can argue that IPs and ports matter, but if all the IPs you visit are in AWS (and their ilk) over 443 (including real time communication protocols), it becomes meaningless.
> Between TLS and DNS over HTTPS, the number of things an ISP can reliably discern from your traffic is becoming vanishingly small.
A) While encryption is commonplace, not everything on the web is encrypted. The most recent stats I can find[0] say that about 3-10% of common web traffic is still not encrypted. If you're browsing more interesting parts of the web (ie, old forums and independent sites, and not just Facebook/CNN) your stats are probably worse.
B) Even if all of the websites you visit are fine, a nontrivial portion of native apps also don't use encrypted endpoints, because unlike on the web there were never native warnings or lock icons in a URL bar to force them to make the change.
C) Even if the server is using TLS, there are numerous attacks based around measuring packet delivery times and request sizes to figure out exactly which static pages of a domain you're visiting. This is why Linux package managers have widely dismissed HTTPS -- it provides no privacy for their specific use-case, because anyone can figure out what you're downloading just by counting how many bytes get sent to you.
D) So you just turn on DNS over HTTPS, right? Sounds good, except pretty much none of your native apps or dedicated devices like game consoles, e-readers, and smart-home appliances support it unless you're handling it on the network level. Even if you are doing DOH on your router, it's not uncommon for dedicated devices to bypass your DNS settings entirely. Even Google is guilty of this, for a long time you could not set a Chromecast to use a custom DNS server.
E) Even if you have DNS over HTTPS, you still need to worry about SNI, and encrypted SNI still has relatively low adoption on the web outside of industry-leaders like Cloudflare.
----
But let's assume that none of the above applies to you. You're connecting to a site that's using TLS 1.3 and supports encrypted SNI. You're using DNS over HTTPS. In that scenario, knowing the IP/port of the server you're connecting to can still be good enough to unmask the domain.
You do bring up this point, but then you kind of just skip over it.
> One can argue that IPs and ports matter, but if all the IPs you visit are in AWS (and their ilk)
But they're not. Yes, if every single site I visited had the same IP, I'd be fine leaking that information. But they don't all have the same IP. I visit plenty of sites that are being hosted on independent hardware, on Linode servers, and so on. Servers with unique, static IPs are not uncommon.
Not only is this bad advice in the sense that it just isn't true, it's also bad advice because it's tying security/privacy to centralization. We want people to host their own stuff online, we don't want everyone to be on AWS and Google Cloud. We want diversity of hosting.
----
Finally, although I understand you're only talking about ISPs above, it's also worth noting that the point of a VPN is not just to obscure your traffic from your ISP, it's also to obscure your IP address from the sites you visit. That's also an idea that gets regularly dismissed by a vocal subgroup on HN, who are apparently of the opinion that the entire TOR project is just a waste of time because IP addresses don't actually matter.
VPNs are not a perfect solution. They're arguably not a even a good solution. But the problem that they're trying to solve does exist. There are reasonable, strong arguments to make against VPNs: that they aren't magic, that they're deceptively marketed, that shifting trust can be problematic. "IP addresses aren't worth protecting", or "DNS is fine already", are not reasonable arguments.
[0]: JohnFen ↗ > but if all the IPs you visit are in AWS (and their ilk) over 443 (including real time communication protocols), it becomes meaningless. pixl97 ↗ What exactly are you doing that isnt using TLS? That's not most peoples usage on the web.
Perhaps, but what about all the traffic that doesn't go to AWS or use port 443? The vast majority of my traffic doesn't do those things, and very probably won't within my lifetime.
> I tried to write a more honest VPN commercial. The sponsor wasn't happy about it.
[0]: https://www.youtube.com/watch?v=WVDQEoe6ZWY
So you've transferred the lack of privacy from one company (your ISP) to another (your VPN vendor). Heck - look what happened to Onavo - facebook bought them and reaped a treasure trove of private browsing habits.
I've used self-hosted VPNs running on AWS LightSail to have privacy from wifi operators I didn't trust, but it doesn't work for higher levels of surveillance than that.
For example, if your VPN runs on a server with a dedicated or at least relatively persistent IP and you're the only one using it an upsteam of the server like an ISP or a network of sites could track you cross-site and use that data to deanonymize.
I would of course prefer a zero-trust solution, but absent that, can I at least avoid giving my data the companies that are openly spying on me right now? At least until we figure out how to make Tor scale better for normal usage like streaming/games?
Transferring trust is definitely problematic, but it's also a thing that we do basically every single day all the time, and it's only in the context of VPNs where I see people suddenly advocating that anything less than a zero-trust solution is useless. Zero-trust solutions are the exception when we deal with companies. Most of the time we're just moving/centralizing trust.
I never really saw that as a VPN's main purpose. Far from cutting out the ISP, you now have 2 ISPs. One that can see "everything" and another that can make inferences about your habits by analyzing your encrypted traffic.
The job a VPN actually does really well is hide your IP from sites and services that you visit which reduces the information they have available with which to track you.
Also, nobody is born a terrorist. They're overly fixated on catching terrorists instead of preventing terrorism altogether. Domestic crime, including terrorism, is the result of a broken education system. If you want to fix domestic terrorism, fix education, fix mental health, fix life in general for US citizens, and a lot of problems will quite literally magically disappear.
- Number of gun deaths in the US in 2019: 15381
- Number of mass shooting incidents in the US in 2019: 434
- Number of deaths actually reported as being due to "terrorists" in the US in 2019: 0
tl;dr; Franklin was defending government spending on defense
I'll update the tldr with two quotes
> It is a quotation that defends the authority of a legislature to govern in the interests of collective security. It means, in context, not quite the opposite of what it's almost always quoted as saying but much closer to the opposite than to the thing that people think it means.
> And maybe it doesn't matter so much what Franklin was actually trying to say because the quotation means so much to us in terms of the tension between government power and individual liberties. But I do think it is worth remembering what he was actually trying to say because the actual context is much more sensitive to the problems of real governance than the flip quotation's use is, often.
I think the second quote is important, because sayings change over time and the meaning they hold changes too. That is the progression of language.
Franklin was actually supporting the authority of government to act/govern in the interest of collective security. [1]
[1] https://www.npr.org/2015/03/02/390245038/ben-franklins-famou...
But bureaucracy is just so evolves that it perpetuates the problem it was created to solve. Trivially, those agencies which reliably have achieved their goal get disbanded as no more needed, the only remaining in the long term are such whose goals are elusive.
This is how well-intentioned, honest people try to grab more power for their agency, because it seems to help achieve that elusive goal.
(To say nothing of people with less integrity in a position of power.)
For instance: The government goes after Islamic terrorists and Mexican illegal immigrants. So what to complain about? Mix cause and effect to pose the illegal immigrants as targeting based on race. Or pose the extremist religious as vulnerable Muslims, targeted on religion. Remove their status as far away from the cold-hard reality, so you can claim racism and prejudice and use that to cripple surveillance. But the suspect is a "citizen"! All weasel words to stay away from the real dirt. Let's go after the atheists for counter terrorism, so we don't discriminate in the eyes of the ACLU...
Then the "ineffective against terrorism"-claim. This can't be supported, because no clear numbers/cases are known. Then conflate laws against terrorism with actual actions against terrorism: Sure, no law directly contributed against countering terrorists, but the surveillance certainly did. Thanks NSA for passing along information to my country many times, so we could capture really dangerous people before they could strike.
Anti-terrorism is also a red herring for surveillance efficiency. Surveillance predominantly used for other national security purposes, such as counter intelligence, foreign intelligence, border safety, crime fighting, and even economic espionage.
Sure, posing any immigrant as a bad hombre, potential MS-13 gang member, selling your children fentanyl-laced drugs, is ridiculous. But the other side of that same coin is posing bad people as vulnerable undocumented citizens who are being targeted on race. It does not do justice to the situation on the ground.
The cold-hard reality is that states who have established a system of domestic surveillance have sent millions of their own citizens to crematoriums.
Sane nations have destroyed your political faction back in sixties.
Pro-communist, race chauvinists who look up to Mao for inspiration were thrown in the garbage bin of history, and thank god for that.
Very fortunately, America of today is not Cambodia, nor Laos, and you all have to thank Rockefeller commission for grinding the legacy of Allen Dullest to dust
It is intellectually dishonest to pose the effort of governments to combat illegal immigration as a targeting of people based on race. It is a sensitivity trap that shuts down our rational faculties. Yes... all religious extremists are also religious. Most immigrants have a different race. Yes, being an undocumented immigrant makes you vulnerable. But deserving of coddling, because they happen to also share a protected variable? No.
Meanwhile the vast majority of what the TSA and a significant-enough chunk of what security agencies do is pure theater, in exchange for a significant headaches and loss of privacy/dignity/time/etc of citizens who fund and technically support such organizations - and everyone else visiting the country as it deters plenty of tourism and business travel.
The FAA still systematically pulls medicals for mental health issues rather than allowing treatment. If your livelihood and a couple hundred thousand dollars of debt depend on it, you'll conceal extreme depression just fine. Pilots are terrified of getting help and an absurd proportion of the community is suffering from depression as a result.
because that seems ridiculous
Well, no, actually it was impossible to get into the cabin from outside long before 9/11 (in fact, I think since the 70’s). The hijackers smuggled box-cutters on board and used the box cutters to kill stewardesses until the pilot agreed to open the door - after which they had full access to the plane.
That's the problem -- that there was a door that could be opened. It seems to me that there shouldn't be. The pilots should have their own separate entrance from the exterior of the aircraft.
Also, the pilots occasionally need to be able to get back to the cabin for troubleshooting in emergencies and to use the toilet/crew rest.
Toilet, crew rest, and meals can be provided in the pilot's cabin. Troubleshooting may be a good point, but perhaps it would suffice to have a tech in the non-cabin portion of the plane.
In any case, it was just a thought. This is not an issue that I actually have a strong opinion about either way.
I don't mean to come across as condescending, I believe that as long as we spend our time talking about possible "solutions" to what-if, abstract problems, without addressing the real issues, we are just going to waste our time.
Also, we do spend an enormous amount of money on safety in the US. Why do you think the absolute cheapest new cars in the US are two to four times as expensive as new cars in countries that don’t have the same kind of safety standards (e.g. Mexico or India)? And because of the tort system, businesses spend untold amounts of money making their facilities and products safer in general.
It would be a bit distracted to worry about chemical X when there are way more pressing issues on where to shine the limited spotlight of attention. Let those who are concerned with health speak to the spending of precious attention, and let those who are concerned with X discuss the loss of focus on X. Somewhere people will switch sides and a meta conversation will form in terms of resource allocation and framing.
I think they have to be able to get in and out to use the bathroom, though. And get some food.
Also, they don't forbid you from bringing an abrasive stone through with which you can make a shiv out of LITERALLY ANYTHING.
What's changed is twofold. Physical access to the cabin, and the knowledge that no pilot will ever let another soul onto the flight deck no matter how many people they can shiv to death.
Not that other countries couldn't also look to Germany's example, but that would require trans-national empathy so LOLno.
The problem is the lack of heavy-weight counter-balance, always demanding more privacy, fewer laws, and less firepower. The best we've got is "the status quo" and a few non-profits (that thankfully are punching way above their weight class).
Without such a counterbalancing agency, each small gain by law enforcement rarely reverts, so rather than oscillating between a bit too much freedom and a bit too much policing we have an arrow moving us steadily toward a police state.
It's about control.
Security is just how it's sold to the public, the politicians, etc.