What I don't get is that in the USA, figuring out a password to an email account is a crime punishable with years of jailtime (think of the Sarah Palin case) [1], but somehow, when the NSA does it to everyone in the world it's just "yesterday's news"?
That's a ridiculous comparison. The government has more power to do things than individuals. When people kill people its murder, no matter how guilty that person is. When the government does it pursuant to a legitimate sentencing, its no crime.
I think most people are well aware and in agreement with the fact that the government not only have but should have a much broader scope to work within.
The question is how far that scope should be stretched.
That's a ridiculous comparison. For one, the courts didn't find everyone who was surveilled guilty of something for which surveillance was a sentence, and government actions are justified by law, not fiat. For another, your choice of murder is unnecessarily extreme and emotional. A better comparison would be opening someone's mail. It is illegal for someone to open someone else's USPS mail, but the NSA thinks it's not a big deal to open everyone's mail and construct a big chart of who knows who and what they talk about. Given that no one under surveillance has been convicted of anything, running a program of that audacity and scale is not what a government "Of the People" should be doing. In previous times of war, we have said that governments who do that should be removed.
This is true of all government actions. As an individual, I cannot sentence my neighbor to death because he or she committed a crime, or declare war on the town next door, or wiretap someone I suspect of a crime.
This is one of the major purposes of having a government in society - to delegate tasks to them that the overall group/society does not feel comfortable allowing individuals to take.
Why do we keep talking about the legality of what is being done? Instead, our standards should be what should and should not be done. Just because you can do something, doesn't mean it's a good idea.
Laws are struck down, but we do not frequently free people who were convicted of violating them, nor do we frequently repay fines, nor do we compensate people for the damage done by bad laws.
Because it hugely effects what we should do about it.
If I don't like the actions the NSA is taking, and those actions are legal, then I should push for laws making it illegal.
If I don't like the actions the NSA is taking, and those actions are illegal, then I should push for punishment of those violating the laws, better oversight, &c.
Pushing for laws banning already illegal behavior is a waste of time. Pushing for (criminal) punishment of people who weren't breaking any laws is not appropriate.
You are right that the present illegality or legality should not substantially affect our assessments of what the laws should be (except perhaps through a weak preference for the status quo motivated out of conservative principles - more ways to break things than fix them).
You make a good point, but subjective standards are harder to enforce than objective standards (laws). We subjectively decide what should and shouldn't be done, and then we objectively codify that in law to make prosecution straightforward and fair. The law is a tool.
That's the theory. We're fucked when the govt turns around and subjectively interprets objective law to do whatever the fuck they want.
Sure. But really, I meant why does the NSA or other orgs need to do everything up to the letter of the law (regardless of the suggestion that they went beyond the law)? Just because the speed limit is 70, doesn't mean you have to go 70.
The PRISM revelations are causing people to question using online services such as GMail and Facebook for fear that the NSA could access their information. Some have said they would prefer a model where all their data is stored locally on their phone rather than trusting it to an online company.
However, wouldn't it be easier for the NSA to get data directly off your phone rather than requesting your data from all the online companies individually?
It's probably trivial for the NSA to remotely access the data on your phone or even turn it into a remote listening device when you're not using it. Snowden intimated this when he recommended to all the people he was meeting to put their phones in the icebox because its insulation blocks reception.
The point is about dragnet surveillance. Since info is centralized, it can be copied without too many people being aware that it's being done. E.g., the copying of info from Google etc was done without any "hacking" or backdoors.
Whereas doing the same scale of info copying by individually accessing users' computers/phones would be WAY WAY more detectable.
Typing in a hurry, sorry if the point isn't clear.
As I understand it, the NSA does not have unfettered access to all of Google's/Facebook's data so it makes FISA requests on individual users, which the online companies have not been permitted to include in their transparency reports (http://www.google.com/transparencyreport/userdatarequests/). Dragnet surveillance techniques such as tapping fiber is a different issue.
Regarding detectability, I'm sure they have methods for downloading phone data that are hard to detect and would look like malware if someone happened to detect it.
>As I understand it, the NSA does not have unfettered access to all of Google's/Facebook's data so it makes FISA requests on individual users
You may continue to hold that opinion, but I see no reason to trust denials by either the gov't or by Google/Facebook/et al. "Unfettered access" is easy to deny, but it may be the case that what the gov't has amounts to the same thing, or is effectively unfettered access. The gov't officials involved have little incentive to tell the truth, and a large incentive to conceal their activities. The corporate parties may be compelled to lie, or at least be unable to tell the truth (under duress).
>Dragnet surveillance techniques such as tapping fiber is a different issue.
A single program of many. Don't confuse gov't denials concerning one activity under one program, as proof that the gov't isn't conducting that activity under some other program by another name. Also, gov't officials have been caught in outright lies James Clapper, for example.
>I'm sure they have methods for downloading phone data that are hard to detect and would look like malware if someone happened to detect it.
Phones report their users' every activity, this has been discussed here and on the internet at large, at length, several times over the past few years. Most recently was the disclosure related to Motorola phones which is still on the front page. https://news.ycombinator.com/item?id=5973282
> Don't confuse gov't denials concerning one activity under one program, as proof that the gov't isn't conducting that activity under some other program by another name
I'm not ruling out any scenario -- just pointing out that even if Google/Facebook refuse to comply with the NSA or you decide to stop storing data in the cloud, it may not do much to protect your privacy because your phone is not a safe haven.
It is a terrible disgusting shame that this whole thing is slowly fading into the backdrop. In a few years, it will just be taken for granted that the US government listens to / stores data on everything you do.
I would very much like, now more than ever, for services to build on encryption in a way that allows it to be used by everyone, with little to no barrier to entry.
I've wanted to encrypt all my email for a very long time, but the logistics of doing so when you interact with normal people are... rough, at best.
That's why Greenwald has been releasing the revelations slowly. Don't worry, this has all been thoroughly planned. Another leak coming soon [1] describes an NSA program that records the contents of every single cell phone call being made.
> In a few years, it will just be taken for granted that the US government listens to / stores data on everything you do.
I doubt it. Google/Apple/Facebook/AWS/AWS customers/Microsoft have more non-US customers than US customers, and while the US population might not care, all of those "foreign entities" that Obama explained are targeted without warrants aren't going to put their high-value confidential data into those services now that this is common knowledge.
These companies had better get their asses in gear and get this whole surveillance architecture shut down, or it's curtains for the US internet industry.
If this isn't visibly and loudly fixed, nobody (the 6.5+bn nobodies that don't get 4th amendment protections) will trust US-based companies with high value data ever again. (It may already be too late, if only because if they shut down this one, their track record of dishonesty and evasion suggests they'd just build another and lie about its existence like they did this time 'round.)
There are already European municipalities banning the use of Google Apps on security grounds, for instance. This is just the beginning.
I just hope you're right about the rearguard action which might now get underway. Apparently the US nomenclatura seems to think that privacy is a privilege only for Americans - and then only in a formal sense. Hit them where it hurts, in their pocket. Best part is that not paying to be bugged is something any of us can do as a tiny pathetic action which might turn out not to be so if there are enough of us.
Newsroom NSA storyline was based on earlier leaks that basically said the same things, just without evidence and government admissions to back them up and the stories died out quickly in the news without most people paying attention.
30 comments
[ 3.6 ms ] story [ 90.8 ms ] thread[1] http://en.wikipedia.org/wiki/Sarah_Palin_email_hack
I think most people are well aware and in agreement with the fact that the government not only have but should have a much broader scope to work within.
The question is how far that scope should be stretched.
This is one of the major purposes of having a government in society - to delegate tasks to them that the overall group/society does not feel comfortable allowing individuals to take.
Just because you can do something _legally_, doesn't mean it's a good idea.
Just because you can do something _illegally_, doesn't mean it's a bad idea.
FTFY
Probably because of the widespread belief that laws are handed down from the heavens. The idea that the law could be wrong is nearly heresy.
If I don't like the actions the NSA is taking, and those actions are legal, then I should push for laws making it illegal.
If I don't like the actions the NSA is taking, and those actions are illegal, then I should push for punishment of those violating the laws, better oversight, &c.
Pushing for laws banning already illegal behavior is a waste of time. Pushing for (criminal) punishment of people who weren't breaking any laws is not appropriate.
You are right that the present illegality or legality should not substantially affect our assessments of what the laws should be (except perhaps through a weak preference for the status quo motivated out of conservative principles - more ways to break things than fix them).
That's the theory. We're fucked when the govt turns around and subjectively interprets objective law to do whatever the fuck they want.
However, wouldn't it be easier for the NSA to get data directly off your phone rather than requesting your data from all the online companies individually?
It's probably trivial for the NSA to remotely access the data on your phone or even turn it into a remote listening device when you're not using it. Snowden intimated this when he recommended to all the people he was meeting to put their phones in the icebox because its insulation blocks reception.
Whereas doing the same scale of info copying by individually accessing users' computers/phones would be WAY WAY more detectable.
Typing in a hurry, sorry if the point isn't clear.
Regarding detectability, I'm sure they have methods for downloading phone data that are hard to detect and would look like malware if someone happened to detect it.
You may continue to hold that opinion, but I see no reason to trust denials by either the gov't or by Google/Facebook/et al. "Unfettered access" is easy to deny, but it may be the case that what the gov't has amounts to the same thing, or is effectively unfettered access. The gov't officials involved have little incentive to tell the truth, and a large incentive to conceal their activities. The corporate parties may be compelled to lie, or at least be unable to tell the truth (under duress).
>Dragnet surveillance techniques such as tapping fiber is a different issue.
A single program of many. Don't confuse gov't denials concerning one activity under one program, as proof that the gov't isn't conducting that activity under some other program by another name. Also, gov't officials have been caught in outright lies James Clapper, for example.
>I'm sure they have methods for downloading phone data that are hard to detect and would look like malware if someone happened to detect it.
Phones report their users' every activity, this has been discussed here and on the internet at large, at length, several times over the past few years. Most recently was the disclosure related to Motorola phones which is still on the front page. https://news.ycombinator.com/item?id=5973282
I'm not ruling out any scenario -- just pointing out that even if Google/Facebook refuse to comply with the NSA or you decide to stop storing data in the cloud, it may not do much to protect your privacy because your phone is not a safe haven.
I would very much like, now more than ever, for services to build on encryption in a way that allows it to be used by everyone, with little to no barrier to entry.
I've wanted to encrypt all my email for a very long time, but the logistics of doing so when you interact with normal people are... rough, at best.
[1] http://www.huffingtonpost.com/2013/06/29/glenn-greenwald-nsa...
I doubt it. Google/Apple/Facebook/AWS/AWS customers/Microsoft have more non-US customers than US customers, and while the US population might not care, all of those "foreign entities" that Obama explained are targeted without warrants aren't going to put their high-value confidential data into those services now that this is common knowledge.
These companies had better get their asses in gear and get this whole surveillance architecture shut down, or it's curtains for the US internet industry.
If this isn't visibly and loudly fixed, nobody (the 6.5+bn nobodies that don't get 4th amendment protections) will trust US-based companies with high value data ever again. (It may already be too late, if only because if they shut down this one, their track record of dishonesty and evasion suggests they'd just build another and lie about its existence like they did this time 'round.)
There are already European municipalities banning the use of Google Apps on security grounds, for instance. This is just the beginning.
I would be very surprised if the NSA didn't already have the means to crack most, if not all, current practical encryption schemes...
Also, do you encrypt meta-data as well? Isn't that what the whole PRISM thing is?
https://www.eff.org/deeplinks/2013/07/restore-fourth-campaig...
In their terms, nothing is off limits, correct?