65 comments

[ 4.9 ms ] story [ 117 ms ] thread
You might not want to do this without good reason, it can get you put on some kind of list.
I wondered about this, but I didn't know if it would really happen. Do we have any evidence for it?
When a police officer asks "do you know why I pulled you over?"

And you answer "I pled the fifth" instead of "no"

You did nothing wrong, but their spidy senses go wild. It's like that, but with more government paperwork and database updates.

Exactly. Rational (on the police/government's part), but perverse (in that it punishes exercising your rights by taking them away.)
> it can get you put on some kind of list.

Could you please elaborate?

GP probably meant that if you collect data, you may as well collect the “they actually wanted to see what we have on them” field.
The request some info list. lol
or, exercise your rights or else you will have none?
Is the list the people who check up on the government? Could be a good thing.
If they have data on you, then you are already on a list. Circular logic. It just so happens everybody is on the list. There's no special treatment.
There are probably more than one list.
We're all on more than one list. Local, state, federal. Airlines have lists. Stores have lists. Websites have lists. At this point, I was wondering if the govt or facebook has more info one you, then I remembered that if FB has it, so does Big Brother.
it'll just increase your "Potential Threat Level" on the one list that does exist. And they might SELECT * from homies_in_the_USA where threat_level > 5 or something, and you'd be on that list
If nothing changes, humanity, being human, is basically done for. To me being well fed by virtue of being harmless would be like throwing away the core of what makes my life meaningful, just to extend it a bit. I lived too long in an upright position to be remotely tempted by that. All of us will be dead for an eternity, the one real difference we can make for ourselves is what kind of person we were. Compared to that the difference between living 5 minutes and 500 years doesn't even register, at least not to me.

And hey, as faint as that hope may be: if things do change in a positive manner, people might scramble to fake proof they (or their parents) weren't just idle or even complicit. The same list of persecuted dissidents today might tomorrow serve as a whitelist for voting rights, among other things.

It will definitely put you on more than one list.
The title is actually, "How I requested my photographs from the Department of Homeland Security" with a byline "You can make a request to see your own document."
It's also from 2015, which usually merits a mention in the title round here.
The mods can fix that much more rapidly if you email them, using the footer contact link.
(comment deleted)
Is there a way to see what information Apple and Google has given to the US government through PRISM?

I'm not radical anymore, I'm just curious what boring topics they had to listen to over the years to ensure I'm not a threat.

Not knowledge, just random thoughts: Could they return "We can not give you that information because it is a matter of national security." (Although that's still a sign that they have info on you that they gathered from Big Tech). Or they could give you pages and pages covered with black rectangles from margin to margin.

The scary thing is, they wouldn't have done any manual listening/monitoring, all the data can just be fed into some big data computer[1] and it spits out your "threat index".

For a Black Mirror episode plot, the main character hangs out every Friday at a pizza place that Google Maps has mislabeled as a mosque. The "AI" misclassifies his watch on a recent Instagram photo as the Casio F-91W, he gets detained as he tries to reenter the country, with the FBI agents not knowing why he's a baddie other than the fact that the computer flagged him after his threat index jumped over a threshold.

[1] e.g. from the NSA whisteblower: https://en.wikipedia.org/wiki/ThinThread: "Hayden admitted that the analysis technology is the underlying basis of current NSA analysis techniques"

(comment deleted)
If they can deny you access to the info because of national security, then "still a sign that they have info" is a solved problem. They "can neither confirm nor deny any the existence of any information matching your request."

This is known as the "Glomar response" and dates back to the 1970s. I believe it hinges on "if the information existed it would be classified," otherwise they would be required to provide the info.

https://en.wikipedia.org/wiki/Glomar_response

Why would there be? You can't expect them to illegally surveil the whole population and then give you an easy procedural way to see what they have on you
> I'm not radical anymore

Nice try;)

As someone who isn't involved in any illegal activity, I would welcome knowing why it feels I am overtly watched and tracked more so than others, especially in real-life.
How do you know you are being tracked more than others?
PRISM is simply the NSA’s internal designation for data that is sourced from FISA warrants. So, probably not.
Unless they're breaking the law, the NSA still needs a warrant to request data if you're an American citizen. If you're the subject of an active investigation, law enforcement and spy agencies alike tend not to tell you that and are under no obligation to disclose anything. If the investigation is closed, then you can request data under a general FOIA request, but you'd have to know there was an investigation about you at some point. If nothing else, you'd find out upon being charged and your attorney would get all the data during discovery.

Obviously, a broad sweep program can collect unrelated data, which presumably was part of the concern with PRISM. This has sort of always been the case, i.e. if you put a bug in someone's house, you hear everything said in the house, whether by the subject of your investigation or their kids or a housekeeper or whatever. But whoever is listening is supposed to immediately throw away data as soon as they can determine it isn't needed for their investigation.

So theoretically, if they ever collected anything that came from you, and you were never the subject of an investigation that resulted in a warrant to collect on you, the data should have been discarded and could not be given to you.

You may or may not believe the NSA actually complies with the law, but if they don't, they're probably not going to tell you.

Do they need a warrant if the company sells the data? Mobile carriers were selling location dats on specific customers to private companies. Banks are selling credit card purchase data.
> You may or may not believe the NSA actually complies with the law

If you believe that they do, I've got a bridge to sell you. Congress is entirely derelict in their duties of holding them accountable, and has been for a very long time.

It is also the wrong question. In practise (as shown by the snowden revalations) the actual question is not if the secret services comply with the law — it is whether the law complies with the secret services.

In most nations where illegal practises came to light these illegal practises have been legalized after the fact. The breaches of fundamental laws that happened before have gone unpunished.

So to say secret services comply with the law is really a bit rich, given that when they don't law is usually adjusted to fit their behaviour with no punishments for any wrongdoing.

I recall hearing that the NSA was able to get permission to collect/access certain data by having private 'hearings', and in one of these private hearings they ruled that these hearings don't need to be disclosed to the public.

I'm very fuzzy on the details, but basically the idea is that they can get permission to do things that we think are illegal, and make these things legal. The law is basically just a formality they have to go through to do what they wanted to do in the first place

Derelict? Perhaps. Complicit? Probable.

>FISA specifies two documents for the authorization of surveillance. First, FISA allows the Justice Department to obtain warrants from the Foreign Intelligence Surveillance Court (FISC) before or up to 72 hours after the beginning of the surveillance. FISA authorizes a FISC judge to issue a warrant if "there is probable cause to believe that ... the target of the electronic surveillance is a foreign power or an agent of a foreign power." 50 U.S.C. § 1805(a)(3).

Emphasis mine.

So if surveillance doesn’t last 72 hours (one and done), does this verbiage leave any wiggle room for not needing a FISA warrant?
I’m actually kinda interested if the “surveillance” is retroactive. Meaning, do they have 72 hours to go through everything that’s already out there in the ether about you or is it more “you can only look at active communications for 72 hours and after that you need a court order”.
"72 hours after the beginning of surveillance" is pretty clear cut, isn't it? You need a warrant even if you surveille someone for 30 seconds. You just have the ability to get it after the fact.
There is never supposed to be a guarantee that you can get the warrant. So you can show up in court and not bother to make a case and then you’ll not get the warrant but have your data.
You don't need a warrant if one of your partner countries has already spied on your citizens and will share the data.
Or just buy the data from companies like ISPs, Google, and Facebook.
"I'm not radical anymore, I'm just curious"

That's what the all say... now you're really screwed lol

That very statement just confirms their suspicions. ;)
What really worries me about this is that anyone can effectively request anyone else's data because there is no identity verification.
It is a crime under 5 USC 552a(i)(3) https://www.law.cornell.edu/uscode/text/5/552a:

> Any person who knowingly and willfully requests or obtains any record concerning an individual from an agency under false pretenses shall be guilty of a misdemeanor and fined not more than $5,000.

5,000$ USD might be worth it for a paparazzo or other neerdewel.
I am not a lawyer but I would assume that in a case like that, the court would bring additional penalties equivalent to the profit made using the stolen property.
The criminal record is probably more of a threat than the money in such cases.

I'm more worried that if there is no way to get caught, people won't care about the criminal penalties no matter how heavy.

That's if they are even caught.

Since no one verifies anything it's a worst case scenario.

The standard spelling of that last term is 'Ne'er do well'.

From https://www.phrases.org.uk/meanings/neer-do-well.html

"The term 'ne'er do well' is of course a contraction of 'never do well'. Ne'er has been used in that shortened form since the 13th century, notably in the North of England and in Scotland. 'Ne'er do well' itself originated in Scotland and an early citation of it in print is found in the Scottish poet and playwright Allan Ramsay's A collection of Scots proverbs, 1737:

Some ha'e a hantla fauts [have many faults] , ye are only a ne'er-do-well."

So is stealing and yet it happens all the time.
Since pretty every ID and all passports are leaked, it's almost impossible to verifie a person online.
Just require it to be sent as registered mail and verify signatures.

At least it's something.

What do you think would happen if an european citizen were to request a GDPR data deletion of the US Department of Homeland Security? Is there any chance that they would comply?
I doubt GDPR enforceable in the US
No, they wouldn't comply.
(comment deleted)
From GDPR article 2:

> This Regulation does not apply to the processing of personal data:

> (d) by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.

How is that relevant to the US’s mass (warrantless) collection of surveillance data?
My reply was in response to a comment about the DHS.