The headline is so non-descript that it makes it sound like the Microsoft executive is shrugging this off, but the testimony says otherwise:
> Tom Burt, Microsoft’s corporate vice president for customer security and trust, told members of the House Judiciary Committee that federal law enforcement in recent years has been presenting the company with between 2,400 to 3,500 secrecy orders a year, or about seven to 10 a day.
> “Most shocking is just how routine secrecy orders have become when law enforcement targets an American’s email, text messages or other sensitive data stored in the cloud,” said Burt, describing the widespread clandestine surveillance as a major shift from historical norms.
If these are from out of state what is to prevent them from just saying no? I'd imagine there is some interstate process that they have to follow in order to make it valid where Microsoft is headquartered.
So that means if I sue someone in federal court I can just pick a random state? No, of course not. What makes this any different? There is still federal jurisdiction requirement.
What it's time for is a change to the laws so that informing the public about what their public servants have been up to can be accomplished without fleeing the country afterwards.
Only in the sense that any person has unlimited power and the ability to trump the constitution, insofar as they're not caught or not stopped if caught.
> The United States does not have a British-style Official Secrets Act; instead, several laws protect classified information, including the Espionage Act of 1917, the Atomic Energy Act of 1954 and the Intelligence Identities Protection Act of 1982.[1]
The ALCU has a bunch of work[2] on this if you want to dig deeper.
Once the security apparatuses and their methods are entrenched it's hard for them to go back.
Congress was spied on, a US presidential candidate that we know of was spied on... So imagine plain old American citizens... what can we expect?
If congress isn't willing to take back what they allowed, they aren't going to stop all by themselves. If congress tried, they'd get a lot of pushback. Just like the Armed forces would push back on a spending cut back even though the cold war ended over 30 years ago and our budget dwarfs any one else's.
But you see that same phenomenon in run of the mill operations like homelessness non-profits. Their heft and momentum keeps them going and if you wanted to dismantle them they'd put up a big fight and tell you that while homelessness has gotten worse without them it would be doubly worse even though they never made it better to begin with but their directors live well.
NATO are supposed to spend ~2% of GDP on their militaries. We're at least 2x that. That doesn't align with peacetime spending. We should be about half the spending we do now.
> ...~2% of GDP on their militaries. We're at least 2x that.
US defense spending was 3.4% of GDP in 2019. Quite possibly it jumped in 2020 as GDP dropped, but over 4% seems unlikely. (Still, in the ballpark and good context, I think your comment added to the discussion.)
Why would I care about spending as percent of GDP? The absolute spending still went up. This is like saying your rent didn’t go up because now you are making more money so you can afford it more easily. This might be true, but it still went up. Moreover, after end of Cold War, it should have went down a lot not just in percentage terms, but also in absolute ones.
Absolute military spending is a ridiculous metric because inflation is a thing. Spending by percent of GDP is much more reasonable. For example, the US spent something like $75 billion in 1943, but no one would argue were putting 10xs as much effort in the military in 2019 when we spent ~750 billion. Looking at absolute values instead of either ones adjusted for inflation or by percent of GDP is cherrypicking to support your argument and is a bad thing.
There's a nuanced point here that looking at GDP % vs inflation adjusted yields different results depending on the range. For example, from 1982-1990, military spending was up, even after adjusting for inflation. It was actually 1990-2000 where military spending actually decreased, both before and after adjusting for inflation.
Compare that to GDP % which would indicate a steady decline in spending. So now we very much do have to examine GDP here in order to look at the argument specifics if we care about 1982-1990. With that said, the cold war ended around 1991, so the military stagnation is more or less in line with the cold war ending. The context missing on the original claim is simply that spending shot right back up once American mucked up and got itself stuck in the middle east, being involved in the deaths of hundreds of thousands of people.
But hey, none of this relates to the original post at all really - that claim was not actually doing any lifting in the original argument other than to serve as a light illustration of how the military spending is never cut in a significant way, and that is generally true save a small exception from 2011-2015. The best that can happen is an effective slow cut through stagnation. And all of THAT is just to say that the government gets pushback when trying to walk back policies.
So did it ever really matter how the cold war affected spending here? What's the point of calling this super nuance out?
This is the only data point the poster had which supported their argument and it was factually incorrect, whether you look at inflation adjusted or as a percentage of GDP. Now, whether to use inflation adjusted or as a percentage of GDP is a valid argument, but doesn't change the fact the poster is wrong, and I don't think this is the forum where it really is going to get resolved.
Again, I think you're missing the point. The very specific, non relevant way you interpreted the claim is factually wrong.
To me, the claim read as:
> the military spending is never cut in a significant way
Which again, at an absolute level, is generally true when looking at inflation adjusted spending. Within context, absolute is relevant here though as this is about government process. The whole context makes this claim incredibly tangential to the whole point, which more or less boils down to "government has a lot of inertia".
> doesn't change the fact the poster is wrong
Again, did it ever really matter how the cold war affected spending here? What's the point of calling this super nuance out? My point is not to argue about 1990-2000 military spending and the measures of it.
I'm calling this out to say "arguing over small irrelevant details to an argument is not very productive if you care about the real topic at hand".
Are you trying to make this case because you believe that the government does not have a lot of inertia when it comes to these things? Great, then make that case instead of this rabbit hole. Or is this rabbit hole just about the non relevant fact itself?
Your missing why I'm making my comment. I'm not arguing for anything. I'm arguing against making any conclusions based on what the original poster said, because the only factual evidence they present is at the very least questionable. I'm not making a positive assertion that government inertia is not a problem, simply that the above post does not provide sufficient evidence that it is a problem.
The military budget listed there is lower than the military budget, as it does not count veteran's benefits as military budget. It does not count interest paid this year on military spending debt accumulated last year (or in any previous year) as military spending. It has to strictly limit the definition of what military spending is to get as low as the cited number.
Totally unrelated to the discussion. VA budget and the DoD budget are different line items and this is not what the OP was talking about, so does not matter in this context.
Downvotes are likely by people who read the article:
> “Most shocking is just how routine secrecy orders have become when law enforcement targets an American’s email, text messages or other sensitive data stored in the cloud,” said Burt, describing the widespread clandestine surveillance as a major shift from historical norms.
So it's mostly communications data stored in the cloud. We know Apple and Google receive similar requests because they also release data:
Let me see... Microsoft wants me to have a Microsoft account to use a computer that I bought. They nag me every time I log in because I gave them a bogus email address.
And then you read something like this. All those abstract privacy concerns just got a bit more concrete...
There was a story just the other day about how Microsoft has been signing rootkits. The new "security measures" don't do crap for malware and just make legitimate uses of the machine (installing software that respects your freedom) harder.
>Burt said that while Microsoft Corp. does cooperate with law enforcement on a broad range of criminal and national security investigations, it often challenges surveillance that it sees as unnecessary, resulting at times in advance notice to the account being targeted
I wonder what requests Microsoft considers too far, considering they seem to have been willing to give up politician and journalist data. I wonder of they received a request for information on Gates and if so how they replied to it.
Is there a law that prevents companies from completely encrypting their data at rest? Data should only be decrypted if the person(s) have the private keys. Government entities can request the information all they want but all they will get is an encrypted dump. You will need to ask the person that owns the private keys to decrypt or just pound sand (there are laws preventing self incrimination, so private keys should fall in the same domain)
Actually, you can do that already in M365 with Double Key Encryption [1]. The obvious trade-off though is that none of the cloud services will be able to work with your data. For example you won't be able to search or open the document inside the browser which basically renders your SaaS environment (partially) just a plain cloud storage.
DKE should not be confused with any other BYOK service, where you only manage the key, but host it on Azure so MS still has access to you private key.
I think there could be middle ground where customers could select a set of metadata that they are willing to share with the cloud provider or even better, select only the sensitive parts of the document that must be encrypted with their own key.
At least Microsoft releases a transparency report. A lot of subprocessors, and services that everyone uses, like Fastly and Akamai, don't, so I bet LEOs just go to them instead.
“… Justice Department prosecutors obtained as part of leak investigations phone records belonging not only to journalists but also to members of Congress and their staffers.“
Eek! These illegal violations of privacy must stop now that congressman and their staffers are being surveilled too!
Who's to stop them when the watchers now have blackmail information on the entirety of the legislature and judiciary?
Have you considered for a moment that NSA and CIA have the phone numbers and location track logs of every mistress, hooker, and drug dealer used by every member of congress?
Why should the outrage only matter when someone “important” has their rights violated? Have you considered that the NSA/CIA have been monitoring Congress for longer than they have been monitoring average citizens?
55 comments
[ 3.0 ms ] story [ 107 ms ] thread> Tom Burt, Microsoft’s corporate vice president for customer security and trust, told members of the House Judiciary Committee that federal law enforcement in recent years has been presenting the company with between 2,400 to 3,500 secrecy orders a year, or about seven to 10 a day.
> “Most shocking is just how routine secrecy orders have become when law enforcement targets an American’s email, text messages or other sensitive data stored in the cloud,” said Burt, describing the widespread clandestine surveillance as a major shift from historical norms.
> The United States does not have a British-style Official Secrets Act; instead, several laws protect classified information, including the Espionage Act of 1917, the Atomic Energy Act of 1954 and the Intelligence Identities Protection Act of 1982.[1]
The ALCU has a bunch of work[2] on this if you want to dig deeper.
[1] https://en.wikipedia.org/wiki/Classified_information_in_the_...
[2] https://www.aclu.org/issues/national-security/secrecy
Congress was spied on, a US presidential candidate that we know of was spied on... So imagine plain old American citizens... what can we expect?
If congress isn't willing to take back what they allowed, they aren't going to stop all by themselves. If congress tried, they'd get a lot of pushback. Just like the Armed forces would push back on a spending cut back even though the cold war ended over 30 years ago and our budget dwarfs any one else's.
But you see that same phenomenon in run of the mill operations like homelessness non-profits. Their heft and momentum keeps them going and if you wanted to dismantle them they'd put up a big fight and tell you that while homelessness has gotten worse without them it would be doubly worse even though they never made it better to begin with but their directors live well.
US defense spending was 3.4% of GDP in 2019. Quite possibly it jumped in 2020 as GDP dropped, but over 4% seems unlikely. (Still, in the ballpark and good context, I think your comment added to the discussion.)
Compare that to GDP % which would indicate a steady decline in spending. So now we very much do have to examine GDP here in order to look at the argument specifics if we care about 1982-1990. With that said, the cold war ended around 1991, so the military stagnation is more or less in line with the cold war ending. The context missing on the original claim is simply that spending shot right back up once American mucked up and got itself stuck in the middle east, being involved in the deaths of hundreds of thousands of people.
But hey, none of this relates to the original post at all really - that claim was not actually doing any lifting in the original argument other than to serve as a light illustration of how the military spending is never cut in a significant way, and that is generally true save a small exception from 2011-2015. The best that can happen is an effective slow cut through stagnation. And all of THAT is just to say that the government gets pushback when trying to walk back policies.
So did it ever really matter how the cold war affected spending here? What's the point of calling this super nuance out?
Again, I think you're missing the point. The very specific, non relevant way you interpreted the claim is factually wrong.
To me, the claim read as:
> the military spending is never cut in a significant way
Which again, at an absolute level, is generally true when looking at inflation adjusted spending. Within context, absolute is relevant here though as this is about government process. The whole context makes this claim incredibly tangential to the whole point, which more or less boils down to "government has a lot of inertia".
> doesn't change the fact the poster is wrong
Again, did it ever really matter how the cold war affected spending here? What's the point of calling this super nuance out? My point is not to argue about 1990-2000 military spending and the measures of it.
I'm calling this out to say "arguing over small irrelevant details to an argument is not very productive if you care about the real topic at hand".
Are you trying to make this case because you believe that the government does not have a lot of inertia when it comes to these things? Great, then make that case instead of this rabbit hole. Or is this rabbit hole just about the non relevant fact itself?
Nice for one stop shopping
https://www.apple.com/legal/transparency/
https://transparencyreport.google.com/user-data/overview?hl=...
https://www.microsoft.com/en-us/corporate-responsibility/law...
https://transparency.fb.com/data/government-data-requests
> “Most shocking is just how routine secrecy orders have become when law enforcement targets an American’s email, text messages or other sensitive data stored in the cloud,” said Burt, describing the widespread clandestine surveillance as a major shift from historical norms.
So it's mostly communications data stored in the cloud. We know Apple and Google receive similar requests because they also release data:
https://www.apple.com/legal/transparency/us.html (US: 4600 devices in Jan-Jul 2021)
https://transparencyreport.google.com/user-data/overview?hl=... (US: about 60,000 in 2019)
No probable cause is required.
And then you read something like this. All those abstract privacy concerns just got a bit more concrete...
...maybe they know that people are installing root kits... because they see first hand what the "good" guys are doing routinely.
And jail cells are just very secure apartments. There's always going to be a guard around to let you out, why is everyone freaking out?
It is solving the problem of unauthorised rootkits.
I wonder what requests Microsoft considers too far, considering they seem to have been willing to give up politician and journalist data. I wonder of they received a request for information on Gates and if so how they replied to it.
DKE should not be confused with any other BYOK service, where you only manage the key, but host it on Azure so MS still has access to you private key.
I think there could be middle ground where customers could select a set of metadata that they are willing to share with the cloud provider or even better, select only the sensitive parts of the document that must be encrypted with their own key.
[1] https://docs.microsoft.com/en-us/microsoft-365/compliance/do...
Eek! These illegal violations of privacy must stop now that congressman and their staffers are being surveilled too!
Have you considered for a moment that NSA and CIA have the phone numbers and location track logs of every mistress, hooker, and drug dealer used by every member of congress?