"We all know that it's illegal to look at a US citizen's data without a court order. I use the term "look" deliberately: the Agency makes the distinction that looking at data is surveillance, while gathering it from locations outside the US is not. We gathered everything, and only looked at a tiny percentage of it. I am okay with this..."
This is more perverse NSA interpretations of the law.
Collection is the crime.
It does bother me that the NSA asserts a right to hold copies of my GPG-encrypted messages indefinitely. It bothers me more that my web traffic, address book, or phone metadata ends up in a government database even if only temporarily.
I don't care if Google's computers were abroad or not, but they belonged to an American company.
The United States government penetrated the network and intercepted the communications of an American company. That's one of the most egregious violations of the 4th Amendment that the American government has ever committed. Don't pretend this is something that is right.
The NSA had no legal right to spy on me, and they did -- even if you say it's likely no one looked at the data. I don't care. Collection is the crime.
While I do not agree with much of the sentiment, I enjoyed the article.
My question to the OP: even if you believe that at the moment abuses are rare and that your colleagues are trustworthy and law-abiding, does the capability and level of information concern you in terms of the potential for future abuse it enables?
Potential future abuse, whether due to laws becoming more permissive or a radical in-agency culture change that led to more people ignoring the law, is certainly concerning. As are current abuses. I just believe that the capabilities provided under the powers currently given to the agency are worth the abuses and potential future abuse. If I thought there was much chance that in the future, law enforcement and intelligence would not remain separate, my decision would change. I would prefer to live in a free unsafe state than a police state.
How do you answer questions of the NSA's known past involvement in targeting political figures such as Martin Luther King[1], US journalists, and US antiwar activists? The NSA was known to pass this intelligence to LE.
MINARET was used in the 60's and 70's. It led to the passing of FISA, which made it illegal to look at or pass on US citizen data unless a judge suspected them of being a foreign agent.
The NSA did these things both pre-FISA and post-FISA. For example:
* 1980-present. MAIN CORE, which is shared between CIA, FBI, NSA, Contains data on 8 million Americans and is used by LE. http://en.wikipedia.org/wiki/Main_Core
And these are just the cases we know about, they are likely only the tip of the iceberg.
Lorendsr, given this evidence and your previous statements that, "If I thought there was much chance that in the future, law enforcement and intelligence would not remain separate, my decision would change.", are you considering changing your decision?
I don't believe the NSA should be giving data (or even just "tips") on citizens to LE. It's either illegal or done under a law I don't know about. Do you know what this is talking about?
>FISA surveillance was originally supposed to be used only in certain specific, authorized national security investigations, but information sharing rules implemented after 9/11 allows the NSA to hand over information to traditional domestic law-enforcement agencies, without any connection to terrorism or national security investigations.
No, and I had not read that article, thank you. I do not know the law, if any exists, that allows that, although it violates most readings of the 4th Amendment.
The legal principle is that once the government legitimately comes into possession of evidence, it doesn't have to "pretend to have not seen it".
What this means is that if a given surveillance transcript is obtained legally (which is easy to do for foreign communications, even if a U.S. person is a party to the conversation), that it can be legally passed to LE. Once LE knows about it, they don't have to "close their eyes" to any U.S. nationals on the transcript, similar to how the police are not required to ignore evidence in plain sight (even if it wasn't listed specifically on the warrant).
By this route it is possible to pass incriminating evidence to LE about U.S. nationals even without a warrant, as long as one of the parties to the communication in question is actually a foreigner.
Is this the best defense of the actions of NSA employees publicly available?
He spends a lot of time denying pervasive surveillance puts us in a panopticon where the FBI and other LEAs can observe everything we do. And never mentions parallel construction once.
He tries to justify a Cold War sized, and then some, security state by invoking North Korea.
This is a big bowl of very weak sauce.
The director's standard of candor is "least untruthful."
I really don't care what a mid ranking employee says about what the NSA will and won't do. EVERY revelation where people in this forum have given the NSA benefit of a doubt in the form of "they could, but they wouldn't" has max'ed out at "would do, did do, and trying hard to do it more" once more revelations have emerged.
"Project MINARET was a sister project to Project SHAMROCK operated by the National Security Agency (NSA), which, after intercepting electronic communications that contained the names of predesignated US citizens, passed them to other government law enforcement and intelligence organizations."
- http://en.wikipedia.org/wiki/Project_MINARET
The NSA has a history of sharing intelligence with LE, to state that the NSA is not a LE agency is extremely misleading, if not an outright lie. Not only did the NSA do this in the past but the Snowden revelations show that they continue to do this.
On one hand, I completely buy his assertions about China's pervasive hacking attempts/successes and that the NSA is our best tool for stopping them.
On the other hand, you're right on the money about parallel construction. In my book, that's the one thing that sent the NSA "over the line." It's good to hear that many NSA employees take the police/military distinction seriously, but we know for a fact that some higher-ups don't and he didn't mention the most egregious case of this, not even once. Also, he invoked the "it only happened if they get caught" assumption while commenting on the frequency of abuses, which is highly suspicious.
If you'd never heard of parallel construction before today, that seems to powerfully undermine your credibility. Why should we take you more seriously than someone who says "I was a secretary at the NSA for years and I never heard of anything bad happening, therefore nothing bad happened"?
"I was in the Computer Network Operations Development Program, and my office was S32X: Signals Intelligence Directorate (S) > Data Acquisition (S3) > Tailored Access Operations (S32) > Special Tactics and Techniques (S32X)."
I think it is reasonable to say that he is slightly more informed to speak on these issues than a secretary.
It's really not surprising he hasn't heard of parallel reconstruction, considering:
Also, there's no need to be so hostile. It's simply his point of view, and by the very nature of the restricted work environment at intelligence agencies, it's not reasonable to expect him to have a complete picture.
To quote the very post of his that you're replying to:
"You're right, abuses probably have happened more often than those caught."
He's hardly saying nothing bad ever happened, or that all abuses are known for that matter.
Credibility and scope are two different things. His claims can have limited scope and still be credible. I don't see any reason to doubt his character.
Come on, "left hand isn't aware what the right is doing" isn't just plausible, it's standard practice at any organization larger than a dozen or so people.
He never claimed to have more than anecdotal evidence regarding the NSA. He never asked to be taken more seriously than, as you so derisively put it, a well-placed secretary (actually, I suspect a secretary would have a much better high-level picture of what was going on, but I don't think you intended an actual comparison).
I'd like to thank him for adding his perspective to the discussion. Even though I'll be keeping my opinion, it is good to know that in some (most?) parts of the NSA, the culture of taking jurisdiction seriously still pervades. It could be a lot worse, and absent this admittedly anecdotal evidence it's difficult to know what to believe.
How can you defend a program in a public way like this without having the most basic understanding of what we know about it? Parallel construction is one of the basic story lines that has come out of the Snowden leaks.
They painted fascism with an American flag, and you ran it up the pole.
In a way its' embarrassing for the NSA to get a defence that is written by such a rube. But at the same time, the general public doesn't seem to be concerned, so perhaps it was unnecessary in the first place.
I could be wrong, but I think there is a bit of cognitive dissonance in your statement. I think you are slowly coming to realize that your actions were wrong; that you do need to defend them. The bad news is that you you fucked up, and you owe the Americans you pretend to care about an apology.
There's also little analysis (here or elsewhere) of the consequences of widespread data warehousing. Why pay agents to listen to personal calls, when you can stockpile intel for the day you might need it, and analyze it via algorithm?
I foresee a day when every American has a dossier, a smear campaign, and a law enforcement attack plan on file, in case they decide to "make trouble" for the powerful. It's highly probable we're there already. Look at the history of harassment against MLK if you don't believe me. Even if they're not doing it now, sweeping up all the data in perpetuity guarantees that they'll do it later.
(I may disagree with this guy fervently about the NSA, but I'm extremely psyched to try his mayo. Good for him for transitioning into something useful.)
The dossier exists in the form of all the collected communications. Moores law and Gustafson's law will allow your entire life to sliced, diced and trolled for breaches of the law in seconds. Lazy, deferred evaluation of the police state.
It would be great to see a cheerful launch page for a satirical startup that automatically generated smear campaigns for governments against persons of interest. "We use of the expanded information capabilities of our client agencies to maximize the plausibility of our allegations!"
Pricing!
$8,000: General fear, uncertainty, and doubt (duration: 2 months)
$15,000: Complete discrediting (duration: 6 months -- best value!)
$50,000: Overturn their life with "Anonymous"-style harassment (e.g. triggered by c pornography "revelations" -- duration: two years)
Why. The only (vaguely) scientific argument the paleo diet has against legumes falls apart when you're just extracting the oils (which is not where the "toxins" are). Apart from that it'd just be an organic no-preservatives mayonnaise, and that's already widely available.
It's just another example that this guy will swallow anything you tell him with sufficient amount of authority.
But it plausibly is just what a purports to be - a portrait of the mentality of a rank and file NSA employee (I don't see any evidence that he's even "mid-ranking" if "mid" means middle management). That mentality seems to be a fusion of "surveillance doesn't matter if you have nothing to hide" and "America is under siege".
The thing is, it is good that the NSA has a lot of sincere employees are not now simply there for the power. It seems like this means instances of surveillance abuse are only period rather than constant. This puts them above the level of local police, who tend to have a fair of "ex-high school bullies and wanna be bullies". Yes, that's good but given the NSA's unchecked power, if an "institutional drift" towards the cynical use of power began in earnest, there isn't much people could do legally to stop that. And that is very bad.
The most dangerous are the Cynics who pretend to be True Believers, they are the prophets who know damn well that the eschaton isn't here but that there will be money to be made in the reconstruction. Some folk don't mind how small the pile is as long as they can stay near the top of it.
EVERY revelation where people in this forum have given the
NSA benefit of a doubt in the form of "they could, but they
wouldn't" has max'ed out at "would do, did do, and trying
hard to do it more" once more revelations have emerged.
I find it increasingly scary how people continue to defend the NSA's actions in the face of these escalating revelations. It almost feels like Stockholm Syndrome.
I think it was important for the citizens to know what powers they have given the NSA. They did not have an accurate sense of that before Snowden. But he released a lot more than that, much of which will hurt the NSA's capabilities.
Thanks for your response. I'd question whether the American people having given the NSA those powers - it's more like:
Lawyers working for the NSA have deemed certain methods of data collection as being in accordance with US law, as voted for by elected officials within the context of a not great two-party democracy.
I am not one either. But I still have to obey the law.
Maybe that's not what's implied by that statement? But if not, what on earth is meant (more exactly, what was the author's intent in saying something that seems obvious and irrelevant if taken at face value; what am I expected to infer?)?
I meant that the NSA is only looking at your information if a judge suspects that you are a foreign agent. It will not look at your information to determine whether you have done something else illegal, which is what it would do if it were part of a police state.
>One current federal prosecutor learned how agents were using SOD tips after a drug agent misled him, the prosecutor told Reuters. In a Florida drug case he was handling, the prosecutor said, a DEA agent told him the investigation of a U.S. citizen began with a tip from an informant. When the prosecutor pressed for more information, he said, a DEA supervisor intervened and revealed that the tip had actually come through the SOD and from an NSA intercept.
>Wiretap tips forwarded by the SOD usually come from foreign governments, U.S. intelligence agencies or court-authorized domestic phone recordings. Because warrantless eavesdropping on Americans is illegal, tips from intelligence agencies are generally not forwarded to the SOD until a caller's citizenship can be verified, according to one senior law enforcement official and one former U.S. military intelligence analyst.
Except it wasn't and isn't. And that is the problem. Generally should be always, but we now know it's not.
And then to add to the list. "Collect" should mean "obtain" and not "use", and "metadata" is actually a subset of, and not different from "data". And "transcripts" and "summaries" are actually a form "content". "US Citizen" mean's a person who lives in the US, not "51% likely based on this metric", and "direct access" does not depend on who owns the land in which the particular section of cable is buried. And the list goes on. These words mean something, and when 'always' slips to become 'generally' - we have a problem. And when the one doing the slipping is a titanic behemoth of the size of the NSA, with as little accountability as already exists, we have an even bigger problem.
When the words used to assure us are twisted and misused, then the assurance does little. Trust is hard to earn back. Especially when we intelligent owners (US citizens) of the mechanisms and powers are not given access to their actual processes, or even their legal justifications.
And most important of all, hold people accountable if they're wrong about the "imminent action."
Same with torture and other unethical activities. Think you can save the city from nuclear destruction by torturing the brown-skinned guy? Sure, go for it. But you'd better hope you're right, because (at least in a just world) that's the only way you're staying out of prison for the rest of your life.
If I run a program to look at communications and it decides that I may have done something of interest, would you look at my file then? Where is the separation between collecting and "looking" when various pieces of code automatically determine interest and connections?
That's an overly narrow construing of the word "information". As you well know, metadata and location bits are considered "information" by anyone except the pen & trap zealots.
They've also been saying "and we're not allowed to look at it without a court order, either." The laws and authorities that allow them to conduct their activities were all written by elected representatives. You can say the NSA might someday want to look at it, but it's kind of equivalent to asking what the point of having a constitution and laws is if they might changed sometime in the future.
I'm honestly gobsmacked by this blogpost... that anyone in a democracy thinks that hovering up all the data, will be safe from repercussions down the line, regardless of leadership.
Thank you so much, kind American intelligence guy, for having the grace to not look at USA citizens emails, all the while not even mentioning foreigners, who should apparently just lie down and take it.
You are missing the important aspect of it, and that is, just like their citizens are fair game for us, we are also fair game for them.
I would be highly surprised if those agencies are _not_ allowed to "look" at our data, since they won't be breaking any "laws".
Fuck everything about finding loopholes and skating on the edge of what is legal. NSA has repeatedly lied so far, never apologied for it. A lie would come out and bam! exposed by Snowden's docs. It was spectacular to watch.
The bottom line is, I am more scared and afraid of our NSA than of the Chinese bogey men or "cyber warriors" out there. I have not seen anything but lies, trickery and dishonesty come out of their mouth. I think they are traitors and unpatriotic.
They are betraying fundamental principles this country is founded on. I can see how slimey mafia lawyers would want the laws re-interpreted to fit their clients' purposes ("well, it depends what 'is' is, your honor"), I don't want out government doing the same. It technically might be legal it doesn't mean it isn't shitty.
Not just lie down and take it, the foreigners should be re-assured that their communications are also shared to the USA's best friends:
> If you are a citizen of the UK, Canada, New Zealand, or Australia, you may also be glad, because everything the NSA collects is by default shared with your government (the default classification is TS//SI//REL TO FVEY, or "release to five eyes", which are the aforementioned countries and the US).
As a US citizen, I assume foreign countries (esp. China) spy on me. But I don't go around bitching about that. Why? Because the US will protect me. China cannot hurt me.
On the other hand, when the US spies on me, I am much more threatened, because nobody can protect me from the US. If the US turns against me (for instance, for supporting the Tea Party), declaring me part of a "violent organization", I'm in real trouble.
tl;dr compain about your own country spying on you, not other countries spying on you
I think you are missing a point: US (cloud) companies do business with for example European companies/customers. The leaks suggest that all data a non-US customer stores with them is fair game for being snooped by NSA etc. without any judge or due process. This turns "complain about your own country spying on you!" into "Don't do business with an American company if you care for legal protection/are not stupid". But please continue to pretend that economy is confined by national borders.
> The leaks suggest that all data a non-US customer stores with them is fair game for being snooped by NSA etc. without any judge or due process.
I agree.
> turns "complain about your own country spying on you!" into "Don't do business with an American company if you care for legal protection/are not stupid".
I agree. As a US citizen, I was quite upset when my employer started mandating Gmail use, and this was before the Snowden leaks.
Foreign companies are obliged not to use US cloud services, just as US companies are obliged not to use Chinese ones.
That is all water under the bridge now. There is no going back.
So you are not actually rebutting anything I said.
U.S. law has never been compatible with E.U. data protection law as I understand it though, even before Snowden. The Europeans can't seriously have thought the U.S. wasn't engaging in surveillance (and indeed, they did know otherwise, with ECHELON), so what can be said for that other than "caveat emptor"?
Until multilateral treaties are passed dictating how one national jurisdiction will handle the data of another then every EU business using a US cloud service has just been using wishful thinking. And again, this was true even before Snowden.
Except that unlike with China, the US is allied with some of the foreign countries spying on you and assisting them in their data collection, and quite likely even using the results of that spying themselves. Likewise, I'm in the UK which is allied with the US and assists them in spying on UK citizens.
> I use the term "look" deliberately: the Agency makes the distinction that looking at data is surveillance, while gathering it from locations outside the US is not. We gathered everything, and only looked at a tiny percentage of it. I am okay with this distinction both because I don't mind if my emails are copied to an Agency database and likely never read and because from a technical standpoint it would seriously impair our ability to spy if we couldn't gather everything.
I'm not mad at NSA they're just playing their role, they're grabbing everything they can. But, it should serve as a reminder of the goals we should all (civilians) strive for: encrypting everything. I think lot of individuals are working on these problems right now and I'm confident great tools and protocols will soon be created/improved.
edit: downvoted for proning mass encryption, great.
On the other note. If you want good mayo: http://www.eff.ca/featured_products.html order from these guys. I am sure they can ship to your door, they do distribute in the USA as well, however, not sure to which cities.
This blog post does nothing to answer the fundamental questions that the Snowden leaks have raised. This man basically argues that, with few exceptions, everyone that works for the NSA is a true American and a patriot who only has your interests at heart and what is a little spying amongst friends anyway. Follow that with some scary hints about cyber war with nuclear responses to further raise the stakes (and the fear) to justify their dragnet surveillance police state. This man is a moron if he can't see that constitutional protections were not created to protect us from good people but bad people who can gain control of such a system in the future.
Moreover, if what he says is true that we are facing real dangers then the government has the obligation, in a free society, to reveal these threats and explain what they are doing about it. The method of using such secret threats as a basis for increase police powers and (implicit) suspension of constitutional rights is not proper for a free society.
If the result of the so called "war on terror" is a gutted and shredded constitution then I'd say the terrorists have won.
I think that giving credit to the terrorist, and saying that they have won, is wrong.
The kind of paranoia that defense forces have operated under has always been there since WWII. The only thing different now it that people are a lot aware of what could be/is happening.
If we commit suicide by destroying the constitution and the freedoms it embodies then the terrorist goal of destroying America is achieved. I see your point though, they would not deserve credit for our failure to stand up to an internal threat, so consider it poetic license to dramatize my point.
"Moreover, if what he says is true that we are facing real dangers then the government has the obligation, in a free society, to reveal these threats and explain what they are doing about it. "
Could not agree more. To make good decisions as a nation, we need good information. When everything's classified TS/SCI or above, most Americans are denied an accurate description of reality on which to base their decisions and their votes.
Bad guys may do bad things to us regardless of whether their conduct and methods are revealed to all or classified into invisibility. If the NSA revealed everything it knows and does, it would in the near term, wreak embarrassment and economic damage on some parties, but in the longer term would help us craft a better country.
By analogy, nobody would keep money at a bank that couldn't be audited. Why would you entrust your society's core values of privacy to a completely opaque government entity having no independent oversight?
There is no such thing as 'terrorists'. It is wrong to imagine that there is a group of evil doers [I am an ESL and this expression always cracks me open:)] that is (1) organized and (2) focused on an agenda to harm United States. If you think so then you fell victim of the greatest fallacy pulled by the government.
The deterioration of your way of life is not due to some struggle with imaginary bad people, but due to the evolution of your government, which is becoming more fat, arrogant, detached from reality and self-centric. NSA is a natural spin in such evolution, where you transform from Huxley's Brave New World to an outright 1984.
yeah, all that juicy data, just sitting there. trust us. we won't touch it. neither will the fbi. or the cops. they don't care that you smoke weed. really.
except they do care. and they want that data. and they will get that data. you can bet your fucking LIFE on it.
if it's there, it will be used, and very possibly by someone with less than good intentions. how the hell could anyone convince themselves that this isn't true? it's mind boggling.
look at mccarthy era politics. THAT CAN HAPPEN. IT DID HAPPEN. IT WILL HAPPEN AGAIN.
No offense to OP, but this reads like propaganda to me. It feels like someone at the Pentagon realized they weren't winning the war of the minds of hackers, so they encouraged some of their own to blog about their experiences.
I hate to sound like a tin hat wearing conspiracist. I really do. But I wouldn't be surprised if there was some sort of concerted effort by the NSA to encourage a dialogue with hackers on platforms like HN.
Sorry for the paranoia OP. Glad you enjoyed your time at the NSA.
Really? why should anyone trust in anything coming from the NSA when you are systematically lying again and again? why should we listen to anything you say when historically, part of your strategy is to try to influence the PoV of society || specifics groups?
Specifically: how are you so sure about what the NSA is doing? in your article you say that the NSA does not do SI on US citizens without a warrant, but how can you really know that if you are just another worker? I don't think you can... but hey, you seem like a smart person so why are you making that kind of statement?
> I was not asked to write this, nor guided in its contents by the government.
I find this hard to believe, especially coming from someone in your area: if there is no way for us to verify this statement, then how relevant can this comment be for us?
why should anyone trust in anything coming from the NSA when you are systematically lying again and again?
That's a bold claim - do you have any evidence that lorendsr, who is by his own admission no longer employed by the NSA, has been systematically lying again and again? Or that historically, part of his strategy is to try to influence society or specific groups? Or are you claiming that part of the NSA's employment process is the removal of independent thought and plugging into the collective hive mind?
> That's a bold claim - do you have any evidence that lorendsr
I meant "you" the NSA, not lorendsr... I don't know him.
But yeah, sorry if my distrust of people who say they worked for a government agency that has as its main PR policy lying and manipulating public opinion sounds harsh... I'm just a bit angry because I'm not a US citizen and I know that my use of pgp,otr,tor,i2p,self-signed certs is enough to make some powerful organization start registering every single move I do on the Internet.
Did your post have to go through some sort of internal review before you were allowed to publish it? I find it weird that you're allowed to blog, let alone blog about the NSA.
See bottom of post: This essay was deemed UNCLASSIFIED and approved for public release by the NSA's office of Pre-Publication Review on 11/21/2013 (PP 14-0081).
Hmmm... where do we find out about all the CLASSIFIED blog posts? NSA internal forums? Any place where there's a summary of these reviews as metadata, hence leaving the content "CLASSIFIED" ? Who is watching the watchers?
The government tells you what is classified and what isn't.
If you have ever been privy to any classified material, you will have made the decision to self-censor that information, to keep the essay unclassified. In other words, you will have removed information that the government told you it didn't want published.
Granted the control wasn't overt, but the government has influenced your writing via your past and the controls that were embedded when you went though your initial security induction.
If it works differently to this, please do explain it to me, as I would be interested to know.
I just mean that I wasn't told what to write by a USG PR person. The only thing I heard from the NSA about it was that I didn't have to redact anything.
I don't disbelieve you came up with all those points yourself, btw. Maybe you've never even seen that PDF hand-out. However, you couldn't have reworded this obvious piece of propaganda any better, if you did.
How would they encourage "internal" blogs though - asking directly would most likely raise flags, or a flood of insincere blog posts that would counter the desired result.
What I'd be more interested in is how much this issue is being discussed internally. If these discussions are allowed, or even surreptitiously encouraged, then I'd take that as a possible internal propaganda push, subtle as it may be. What's in the conscious mind gets written about, hence you'd see these kind of "justification" posts.
If there was very little internal discussion, or it was frowned upon, then I would expect much less of these blog posts, as it would potentially undermine your career...
I set up an account to reply to this comment; I have an informed opinion.
I expect that the blog post is sincere. If the NSA or another government agency wanted to manipulate the discourse on this or a similar site, however, they would (not could, would) do so by setting up a large number of active accounts over a long period of time. These would promote articles without triggering voting ring algorithms.
For the last couple of years I have been an active participant in a part of the blogosphere that is inspired by Unqualified Reservations, a contrarian ("(neo)reactionary") blog. I recently discovered that many of the (active and quite long-standing) blogs and commenters in this online community are fraudulent. It is the situation described in Wikipedia's article on COINTELPRO: "pseudo movement groups run by government agents". This includes people with whom I've had email and even a Skype conversation.
Since the realisation, I've managed to have a little awkward and plausibly deniable dialogue with these "bloggers" and "commenters". The message seems to be that they view neo-reactionaries as a group of potentially violent dissidents whose memes, if they were to spread, would lead to serious public disorder. So it's a political broken windows theory, in which the NSA or FBI are guardians of public opinion (although I happen to be English). Apparently they have been watching closely and collecting "data" for over a year.
So, mtgentry, I don't think you are too paranoid at all. (Although I would have done until quite recently.)
I recently discovered that many of the (active and quite long-standing) blogs and commenters in this online community are fraudulent.
Realizing the potential awkwardness of this request from a stranger considering your message, is there anything publicly published about this particular situation?
Did the possibility ever cross your mind that the fake accounts and users are simply an attempt by a very small fringe group to bulk up their numbers and look like a more legitimate political concern?
The NSA copy of my emails won't be viewed by police or FBI investigating me about marijuana use, for instance. Law enforcement might get a search warrant and retrieve a copy from Google, but not from the NSA.
Sorry lorensr.me. "Trust me, they're good guys" is not an argument, and in the current context, it can only be read as a small piece of damage-control astroturf.
Or rather, the NSA's perfidy has left us with no other safe default assumption, so we have to ignore on sight. The data is tainted. All of it.
> Even if you are not a citizen of the Five Eyes, you shouldn't be worried about your data being viewed unless you're involved with a group of interest, such as a foreign government or violent organization.
Is the US Tea Party considered a "violent organization"? (It's not, but that's a separate issue.) If not, can you guarantee that it won't be labeled as such under some future administration? The IRS is already targeting the Tea Party, so we have reason to believe that certain US political actors are not interested in abiding by objective laws.
If not, why do you defend the NSA?
Though I'm a US citizen, I'm sure one of the other Five Eyes countries can be employed to spy on me.
"Even if you are not a citizen of the Five Eyes, you shouldn't be worried about your data being viewed unless you're involved with a group of interest, such as a foreign government or violent organization."
Huh, so:
- My best friend's dad was a spy in the CIA
- During the 70s and 80s my dad worked with Russian scientists (also ones from Poland and other Communist Bloc countries). Ecology stuff, mostly.
- I've been in "interesting" circles in the crypto arena, and know people who are almost certainly under surveillance.
So, how likely is it that my email is read, that my phone records are looked at, and so on? What are the chances that I'll have trouble the next time I cross a border or try to board a plane? One percent? Fifty percent?
Am I going to get my Name on a List because I've said that we need to stop allowing the NSA to build more data centers? That I think that Dianne Feinstein needs to be removed from office?
I don't do anything that interesting and my life is quite frankly pretty boring; my personal concern about any damage from someone looking at my emails to Mom is small. But I'd still like the government to get a lot smaller in this area because I'm afraid of what things will look like ten years from now, when data mining the innocuous stuff you did fifteen years earlier gets you Special Treatment at those DUI stops.
The "developed capacity equals intent" bullshit works both ways.
Am I going to get my Name on a List because I've said that we need to stop allowing the NSA to build more data centers? That I think that Dianne Feinstein needs to be removed from office?
Beyond the monitoring, the deeper point of Big Brother in the book "1984" was the worry about whether what you were doing made you subject to punishment. Foucault also covers this in his discussions of the panopticon, where it is one thing to have a mechanism for constant and pervasive surveillance, and quite another when the windows of surveillance are tinted so you can never know whether the collection is being aimed at you.
> "Even if you are not a citizen of the Five Eyes, you shouldn't be worried about your data being viewed unless you're involved with a group of interest, such as a foreign government or violent organization."
This really is a key quote. Even if OP's assertions about the NSA are totally correct, even if all security protocols are followed to the letter, the problem still remains that they have a tremendous amount of power that can be used to target anyone deemed an enemy of the state.
I think a lot of contention on this issue revolves around how much you trust the government to appropriately designate enemies of the state. Many people believe the government is responsible about this, and that it will only go after people who a reasonable person would consider "dangerous." The problem, of course, is that the United States doesn't exactly have the cleanest track record of appropriately focusing its wrath:
(And yes, I know COINTELPRO was FBI, not NSA... I believe it's still an instructive example of government overreach.)
Anyone who defends the NSA on the grounds that it only targets those who are worthy of targeting needs to convince me that another COINTELPRO will never happen. I would actually welcome such an argument, since it would make me feel a whole lot better about this.
So, an interesting question is, how many people do you think believe that all COINTELPRO targest in fact were 'worthy of targetting'? For some targets, the number of people who today think they were 'worth of targetting' may be way different than the number who may have thought so at the time. (If MLK was held in as high regard 40 years ago as he is now, he would have had a lot less work to to do).
It doesn't even have to be on the level of COINTELPRO. See here:
> The history of the FBI Lab hasn't been without controversy. Dr. Frederic Whitehurst, who joined the FBI in 1982 and served as a Supervisory Special Agent at the Lab from 1986 to 1998, blew the whistle on scientific misconduct at the Lab. In a subsequent investigation, it was found that evidence had been falsified, altered, or suppressed, or that FBI agents had testified falsely, in as many as 10,000 cases, resulting in many false convictions. More than a decade later, cases were still being overturned because of this massive fraud.
You have a great point, and the TL;DR of OP's entire post is "Unless you're doing something wrong, you have nothing to worry about."
Which is the slimmest argument I ever hear in favor of these pervasive civil rights violations.
I've never been a terrorist, never given any information to a foreign enemy, hell, I've barely ever even broken the law. But I do have a personal interest in Russia, speak Russian, and have been to Russia 14 times.
Am I on a list somewhere? Maybe I have done "something wrong" in the eyes of some automated, arbitrary algorithm that's connecting the dots of US citizens around the globe?
If there is anything to learn here, it is that a specific enemy is not necessary. You could get back-roomed for having said "I like Froot Loops" in a private email a decade ago. It could be /arbitrary/.
> Unless you're doing something wrong, you have nothing to worry about.
A nice comeback is to ask the accuser to apply similar standards as a universal principle. I mean if NSA didn't do anything wrong why worry about Snowden leaks. Or why doesn't Google show us their search algorithms?
Interesting to get a look at what it's like to be inside the bubble. It's compartmentalized enough that the individual actors can justify their actions by the assumed competence and benevolence of the others.
> I didn't test it, but I'm sure there was automated analysis that prevented or flagged use of US selectors.
The mental leap here is subtle, but substantial. Since I have been told I can't use US selectors , I assume the system enforces this. As such, US citizens have nothing to worry about. However, in the immediately previous paragraph, he noted:
> one employee spied on a spouse
So much for automated analysis, besides not being able to filter out US citizens' data it can't even filter out an employee's direct family. But there's no need to worry citizen, the NSA has a very high-quality workforce.
In the NY Times this morning was a piece noting that the government has concluded they don't know what files Snowden took with him (http://www.nytimes.com/2013/12/15/us/officials-say-us-may-ne...). The most technologically advanced intelligence agency in the history of the world and they have no idea what files were electronically taken by one of their own. One of their own who passed the background check by the way--I don't know why the OP is so enamored with the polygraph.
Well, following his explanations, you can fail the polygraph and just do it again. The cost of failure is zero, so really just keep trying.
(I personally loved the bizarre mix between cyber war, nukes and North Korea. He seems to have the mindset of a paranoid Stalin, always wary of others when he's the one terrorizing.)
Definitely a bizarre mix, I thought it was a parody a couple of times. To combat the threat of nuclear war with the completely isolated totalitarian state of North Korea we must create and store copies of all global communication... (Of which approximately none will have originated in NK, our intelligence agencies still literally watch NK news broadcasts to find out what's going on in NK.)
Yes, but you don't copy all communications to try and find the astonishingly small number from the most closed-off country in the world. This is how the NSA gets smart people to build something they would never set out to build--an all powerful global snapshot of data.
They tell you about North Korea and your radioactive future. You like big problems and give it your best effort, perhaps thinking that you had a small part in saving the world. Then one day you read in the New York Times that your well intended project doesn't just scoop up communications from North Korean thugs, but what you helped make is collecting communications on everyone. It's helping the DEA illegally bust people. It's helping diplomats illegally snoop on our allies. It's helping keep US companies aware of what non-US companies are doing. Etc etc.
tl;dr Anyone could be a terrorist, everyone must be monitored.
I absolutely don't dispute that. I am merely pointing out that there is a small number of messages to intercept. The traffic with the AQ Khan network would be a good example. That said, no, it does not justify turning the world into a surveillance state.
> Yes, but you don't copy all communications to try and find the astonishingly small number from the most closed-off country in the world.
What would your collection proposal be then?
You can't determine data of interest until you have sufficient data to determine if it's of interest in the first place. Even the NSA doesn't have an Oracle computer that can look into the future and figure out what vanishingly small percentage of communications are just the ones they should be interested in. If they did, they could also solve the halting problem and rewrite the history of computer science and time-travel.
Remember, the standard the NSA is held up to is that it should not only be following known bad people who are/might be doing bad things, but to ferret out the unknown bad people. Every time there's a Boston or similar, everybody goes and climbs all over the NSA for "not knowing about these guys"
You can't do that until you have a sufficiently large enough collection of unevaluated data to start looking through.
I'm not saying it's right or wrong, only that it's the reality of the task spy agencies have before them.
> Well, following his explanations, you can fail the polygraph and just do it again.
He didn't say you had an arbitrary number of opportunities to pass, simply that the screening (of which polygraph was one of many he mentioned) is such that it's not as if NSA analysts are able to simply wander their way into the NSA so that they can then spy on the people.
That doesn't mean people can't make it through all the screenings (just ask Snowden), simply that it's one of many safeguards that are put in place to make it so difficult to land an NSA job for nefarious reasons that the many other layers of oversight and controls should be adequate to prevent gross abuses.
> It's compartmentalized enough that the individual actors can justify their actions by the assumed competence and benevolence of the others.
I've talked to this before but this denial and self delusion is an important defense mechanism. Sometimes people write blogs and get into apologetic because they feel an internal dull pain of an inconsistency. "Hmm it looks we NSA did all these pretty bad things. I worked for them NSA. Surely I couldn't have worked for the bad guys." and then <proceed rationalizing and defending NSA, might as well put it in blog form>.
That cognitive dissonance, I believe, is pretty powerful. A lot of dark secrets and past transgressions can be filtered so well throw it.
Seriously, you can't win. Here you have an actual former NSA employee giving a first-hand account of his time there -- and not only his account doubted for no reason other than failure-to-comply with known-biases and unverifiable journalism, but some guy is now providing psychological analysis of him as well!
Some know-nothing armchair psychologist who read the NYT is telling this guy -- who has made an honest effort to be utterly transparent -- that he's cognitively dissonant and that comment is going to receive a hundred votes because it makes people feel good about the things they think they know. It's not truth, just an exercise in mass delusion.
What's particularly interesting is that some of the recent disclosures don't seem to be visible inside the bubble. Take this assertion, for instance:
"The NSA copy of my emails won't be viewed by police or FBI investigating me about marijuana use, for instance. Law enforcement might get a search warrant and retrieve a copy from Google, but not from the NSA."
In fact, it's been known for months that the DEA receives intercepts from the NSA in such volume that they have an office devoted to handling them (the DEA's "Special Operations Division"). And as for search warrants, the manuals for that office describe a practice of "parallel construction" which involves, not to put to fine a point on it, lying about the ultimate source of the information they're using, with the clear intent of evading judicial scrutiny.
It really depends on how widely it is reported. Government employees even those with clearance are prohibited from looking at the wikileaks cables. If it makes it into the NYT and they see it, then it is ok. But they can't actively dig for it. Direct from the mouths of government employees.
Again, an assumption that a magical unicorn guards the morality of being told what someone can or cannot do should be understood as a non-trustworthy system. Especially one that is referred to as the NSA in very general terms - as they have no control over employees or data dissemination / exfiltration. And, yes, the last statement is fact based on all of the supporting evidence in the public domain. If one thinks otherwise I politely redirect you back to aforementioned magical unicorns.
Outside of magical unicorns, what kind of unicorn should guard things? I'm afraid automated systems don't offer either the coverage or the flexibility to provide what you think should be provided.
Yes, but why can Loren Sands-Ramshaw use a blog, where he critics his employer and also use Kickstarter without getting fired? Not that I want him to get fired, but I worry that he risks his job in telling us this critical information!
Aren't those things, a spy shouldn't have? Is the working strategy, filling the web with disinformation about NSA employees, or is it to never use the web with a real identity for the period of contractual employment?
I mean, from a technological standpoint, every single HN member would love to work for the NSA. Because they have an extremely sophisticated set of technology that people would like to get their hands on. (Well, that's at least what we think they have). Keep in mind though, that in reality only a very small percentage of HN would actually like to work for the NSA! This is not because of the recent revelations, but because the government in general has not a positive image for most hackers.
He's no longer employed by the NSA. He left to play with a startup and some personal coding projects; the last paragraph of his post links to them. Any discussion of his employment there still gets reviewed by the NSA, but that's routine for anyone who does classified work. (And he does say up front that he sought that review, and that they had no problem with him posting what the rest of us read.)
Then it's even more important that we read this blog post in the knowledge that it's the one that made it past NSA screening. We'll never know how many didn't.
What's the legal term? I think it's "double construction"? Where the prosecution knows it's you from illegal means (wiretap/NSA spying) but by that knowledge can go back and construct the legal case in reverse.
It's been rumored that Dread Pirate Of SilkRoad case was figured out that way.
The story around DPR getting caught started in him making posts that had personally identifiable information from his anonymous accounts in the very beginning, not from illegal searches.
That's just a really long scraping / pattern-matching exercise of publicly available data, and the reminder that even particularly clever people won't be on point 100% of the time.
Or they did find him illegally and found later on the public pattern-matching exercise to justify their findings. Which is exactly the point of parallel construction.
> What's the legal term? I think it's "double construction"? Where the prosecution knows it's you from illegal means (wiretap/NSA spying) but by that knowledge can go back and construct the legal case in reverse.
I think the technical term is either "perjury" or "fraud on the court".
The euphemism, though, is "parallel construction".
It is not necessarily illegal means, but simply means that the government do not want to expose in open court. Perhaps this is because they are illegal, or perhaps revealing the source of intelligence could compromise an active intelligence operation. The NSA does not want its methods exposed in open court. You will probably say that this is because they are illegal. But an equally plausible explanation is that revealing details of their capabilities is of benefit to their adversaries.
This is an interesting article, thanks for sharing. Your summary does not quite reflect the article though. You say "In fact, it's been known for months that the DEA receives intercepts from the NSA in such volume that they have an office devoted to handling them (the DEA's "Special Operations Division")", which to me created the impression that the NSA was funneling large amounts of information about US citizens to the DEA.
However, the article actually says: "...two dozen arms of the government working with the Special Operations Division, including the Federal Bureau of Investigation, the National Security Agency and the Central Intelligence Agency.", and later that "the Special Operations Division of the DEA funnels information from overseas NSA intercepts, domestic wiretaps, informants and a large DEA database of telephone records to authorities nationwide to help them launch criminal investigations of Americans. The DEA phone database is distinct from a NSA database disclosed by former NSA contractor Edward Snowden." [emphasis mine]
It's quite possible that the NSA passed only occasional information about non-US citizens - it's impossible to tell from that article - if that's the case, then to many people they're acting within their mandate.
I'm not trying to defend the NSA, and I'm deeply troubled by the implications of mass surveillance. But it's important I think to be clear about the claims we're making since otherwise it's easy for people to dismiss us.
Thanks for the close reading. I guess it depends what you think "no domestic intercepts" excludes, and how much you believe that everyone in the NSA follows the rules. Even if most of them do, a few have the tools to become a very big problem --- and the rest of the organization wouldn't necessarily know, since in an organization like the NSA, people aren't supposed to know what's happening in the office down the hall.
To start with the scope of what's available: it almost certainly includes data on US persons "incidentally" acquired in taps on an authorized target. I'm not aware of anything on DEA procedures there specifically, but as for the general rules, see here: http://www.emptywheel.net/2013/11/08/the-intelligence-commun...
Of course, even if NSA analysts know that they have DEA "customers" (as they apparently call the recipients of their intelligence), it might be a breach of the rules to select overseas targets which would be likely to have domestic contacts of interest to the DEA. But given that knowingly breaking the rules in pursuit of an authorized goal seems to count in NSA audits as mere "lack of due diligence", and not classed as "abuse", I'm not sure how much comfort to take from that.
Yes, this stood out at me too. As soon as I read that statement, I knew the author was either lying or underinformed. Thanks for providing the article.
The most extraordinary thing about Snowden is not that he took the documents: it is that he sacrificed his whole life to make them public.
And this should make us scared. A guy like Snowden was extremely improbable, and yet he happened. So, what to think about the far more likely case of NSA employees taking extremely sensitive information and selling it privately? How many of those have there been already?
1000 times this. If Snowden could do what he did and the NSA doesn't even know what he took, it is inevitable that a hostile foreign government will infiltrate the NSA. It is also highly probable that there are people in the intelligence apparatus that are abusing their power in some way or another.
There have already been about a dozen cases in the NSA of 'LOVEINT' where employees were spying illicitly on love interests. From what I recall, all of those people volunteered that they were spying illegally on their own, none of them were caught by any internal review process.
> The mental leap here is subtle, but substantial. Since I have been told I can't use US selectors , I assume the system enforces this. As such, US citizens have nothing to worry about.
For the life of me I cannot figure out why people refuse to accept the concept of training and policy as being relevant to proper civil liberties safeguards in addition to technical ones.
Imagine applying that idea to any other field, and keep in mind the unintended consequences.
For instance consider from a soldier's perspective "Since I've been told I can't shoot citizens or non-combatants, I assume the system enforces this. As such, US citizens and non-combatants have nothing to worry about." And yet our troops do have issued firearms (at least during things like field exercises and training), and the republic has not fallen to a coup. There are missile siloes dotted throughout the Midwest, yet no rogue junior officers or missileers have launched ICBMs at people.
You're missing his greater point, which seems to be that it didn't even occur to him to "test the interlock" since he knew that by law and by policy, it was wrong to even try. He also made quite clear (if you'd bother to read to the end instead of cherry-picking quotes to declaim) that this doesn't mean such technical controls can't or shouldn't be strengthed, merely that there is indeed a "culture of compliance" among the analysts instead of a bunch of voyeurs.
> > one employee spied on a spouse
> So much for automated analysis, besides not being able to filter out US citizens' data it can't even filter out an employee's direct family. But there's no need to worry citizen, the NSA has a very high-quality workforce.
Is it really your claim that a workforce must be 100% perfect in every way for an organization to be legitimate? Even the anarchists don't try to claim that there won't eventually be murderers amongst them, nor is there anywhere else in the real world where spouses are always exceptionally nice to each other in everything they do. Just ask Ashley Madison.
> The most technologically advanced intelligence agency in the history of the world and they have no idea what files were electronically taken by one of their own.
They also haven't solved the Halting Problem.
But anyways I know I'm going to be speaking to an uncooperative crowd but perhaps you all should consider the high-level points of his "peek inside" and then discuss the ramifications of that, instead of always drilling down into the weeds. Many of the same arguments used here could be used with equal logic toward every large civilian IT concern, which would tend to devastate the need for things like YC capital. :P
> Imagine applying that idea to any other field, and keep in mind the unintended consequences
The difference from other fields, is that the consequences in other fields are public. If a soldier shoots someone, that someone is dead and can prompt an investigation.
If someone in the NSA abuses his powers, it is very likely that nobody will ever know. Or be able to know. No investigation will be triggered, and even if one is, it cannot possibly gather any evidence.
> If someone in the NSA abuses his powers, it is very likely that nobody will ever know.
But this claim is only a concern if an analyst can unilaterally abuse his power and never be caught. Are you saying this type of surveillance capability would then be acceptable if proper accountability and oversight safeguards can be emplaced?
If anything this should be one of the easier things in the world to do, putting audit trails on computerized systems is hardly "pro league" stuff.
But either way, you say that the consequences will at least be public in other scenarios. But that's not really true either. People get shot every day in this country; how do you know that any given shooting wasn't from a soldier? How do you know when the government lets a contract that they actually fully complied with the Federal Acquisition Regulations? How do you know that when a Congressman votes against his normal voting habits, whether that vote was due to his conscience or due to someone else's wallet? How do you know that when the NSF gives one scientist a grant and refuses another, that it was done in the public interest?
You don't know any of this, as a rule, and yet many of those are much more impactful on the average citizen, even if we assume the existence of lapses in oversight.
As far as I can tell with government IT, your data will always be at more risk of being leaked to cybercriminals via hacking or stupidity (the latter has happened to me already!), than be at risk of being looked at by a rogue NSA agent.
I thought the track record of the US Government on the matter was pretty clear:
1) Write down the law
2) Break it
3) Retroactively make the violation legal
Wrt to what oversight exists, well... the fact that they have no idea what material Snowden took with him is telling. But that's not what I'd be the most worried about. How hard would it be for the White House to ask information about a specific individual for "national security" reasons?
> But either way, you say that the consequences will at least be public in other scenarios. But that's not really true either. People get shot every day in this country; how do you know that any given shooting wasn't from a soldier?
I'm not a US citizen, but I would think murders are investigated by the police. It's usually difficult to hide.
> How do you know when the government lets a contract that they actually fully complied with the Federal Acquisition Regulations?
I suppose there are audits? Not to suggest that abuse does not exist, but I assume there is some oversight.
> How do you know that when a Congressman votes against his normal voting habits, whether that vote was due to his conscience or due to someone else's wallet?
You certainly don't, but you can make an educated guess.
I'm not sure what you're trying to say here. That the NSA doesn't need any form of oversight, and can be 100% trusted with the power to snoop on everybody belonging to any country (knowing - in case you thought "I don't care about these dirty foreigners as long as they promise not to look at US data" - that nothing prevents them from asking another Five Eyes member about your whereabouts without breaking the rules)? From the same government which gave you Guantanamo, extraordinary rendition, warrantless wiretapping and extrajudicial executions-by-drone? Their definition of legality is terribly elastic.
> I'm not sure what you're trying to say here. That the NSA doesn't need any form of oversight, and can be 100% trusted with the power to snoop on everybody belonging to any country
That's not at all what I'm trying to say. In fact I would argue very strong oversight is needed, but I'd also argue that very strong oversight is possible in the first place, which means that oversight (or not) is not the proper reason to argue about the very existence of the program in the first place.
In other words, the program(s) are either required or not. If they are required, determine the needed level of oversight and install it. If it's not required, then it's not required and discussions about oversight are simply redundant.
>If someone in the NSA abuses his powers, it is very likely that nobody will ever know.
You mean, besides his family, friends, and loved ones when he loses his job and potentially ends up in prison. You're underestimating the amount of training and internal oversight that occurs.
Folks have lost clearances and jobs. I don't know about prison time. But I do know the fear of these things happening is a motivating factor not to cross the line. But I'm just some guy...
The problem here is that you trust the organization to police itself, whereas it has little incentive to actually do so effectively.
The cases of caught individuals seem to have gone under-punished, as they sound worthy of prison time.
Also, even if the NSA polices against personal abuses, why would it police against systematic abuse for government's purposes against the constitution?
Self-policing does not work well, especially without elaborate mechanisms to enable it to work, and especially with a combination of secrecy and lack of oversight.
I'm not saying I trust it to police itself. I'm trying to suggest that the environment in which NSA analysts work does have a (positive) material effect on their behavior. Non-systemic transgressions are not common. When Snowden said he was able to check Obama's email, that angle was lost.
Now, systemic problems are a different issue. But the article we're all talking about here is written by an analyst from his own perspective.
> The mental leap here is subtle, but substantial. Since I have been told I can't use US selectors , I assume the system enforces this. As such, US citizens have nothing to worry about.
I think it's fair to say most rank and file NSA employees are honest and actually do believe in their mission. The far scarier thought is how things may work at an extremely senior level (contractors included), where there's literally nobody there to watch the watchers, or at least challenge them without being fired and blackballed.
That said, "US selectors" shouldn't return the results that they do in the first place. Obviously there's incidental collection, which is unavoidable. But the notion of incidental collection, as with metadata collection, was hijacked and used in public relations messaging as a cover for actual domestic collection programs that intentionally capture the full contents of nearly all domestic communications within the United States.
Despite exceptions such as the article above, this messaging has largely been successful. Even The Guardian and The Washington Post---organizations who publish stories directly sourced from documents leaked by Snowden---routinely fail to underscore the critical difference between actual collection, and "collection" in the sense of mere authorized access to data that's already intercepted and stored. The two have been intentionally conflated as part of a semantics game, and it's working beautifully to mislead the American public about what's actually happening.
> That said, "US selectors" shouldn't return the results that they do in the first place.
Determining if a "selector" is tied to a U.S. person is actually a very subtle and very hard problem.
Let's take a phone number +1 (212) 555-1234
Is this a US selector? It's a selector for a phone in the US, but that's not the same thing as a phone number tied to a US citizen. Let's say I'm following a senior North African pirate with a Maltese mobile +356 2010-1234 and he calls/is called by my number above?
- Should I follow it? Or is it absolutely off limits for me because it happens to be a U.S. number?
- How do I determine if it's tied to a U.S. person?
- What if it's a shared number between a group of associates, all of whom are not U.S. persons except for one?
- Is that number off limits now?
- If it is a U.S. person what should I do with it?
- Pretend it doesn't exist? Turn it over to U.S. Federal law enforcement? Who should I turn it over to? DEA? FBI? ATF? DHS? The Coast Guard? U.S. Customs and Border Patrol?
It's actually a significant intelligence task to figure this out.
However, my statement was not intended to be read in isolation, but in context of "domestic collection programs that intentionally capture the full contents of nearly all domestic communications within the United States." I was referring to the bulk interception and subsequent long-term retention of data on US persons.
The implication of my statement was: assuming this type of collection didn't exist, selectors related to potential US persons (for whatever reason) would simply return intercept data beginning from the time said selector was invoked.
Contrast that to the present, where selectors are capable of retroactively returning the sum total of a US person's digital (and by some extension physical) life for the past 5+ years.
It's commendable that the procedures for accessing the data of potential US persons are so stringent, but at the end of the day there is still an incredibly intimate and detailed picture of almost every single US citizen's private life being retained on a long-term basis.
The author may believe he or she’s a patriot. I disagree. I don’t believe someone who acts to subvert the Bill of Rights which states
“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”
is even remotely close to being a patriot.
> Many are concerned about the NSA listening to their phone calls and reading their email messages. I believe that most should not be very concerned because most are not sending email to intelligence targets.
> Email that isn’t related to intelligence is rarely viewed, and it’s even less often viewed if it’s from a US citizen.
“Rarely” is pretty meaningless. The NSA has repeatedly tried to compare the number looked at with the number of intercepts. Of course they’re only looking at a tiny percentage. But if I were to only steal one-in-a-billion dollars in the US or only kill one-in-a-million people, I’d still be doing something immoral.
> Every Agency employee goes through orientation, in which we are taught about the federal laws that govern NSA/US Cyber Command: Title 10 and Title 50.
Yet evidence seems to show that they've willfully found ways to interpret the laws in ways that the authors of the laws think is illegal.
> We all know that it's illegal to look at a US citizen's data without a court order.
But the NSA has a special non-adversarial court that rubber-stamps whatever it wants. (And it still happened)
> I use the term "look" deliberately: the Agency makes the distinction that looking at data is surveillance, while gathering it from locations outside the US is not. We gathered everything, and only looked at a tiny percentage of it.
The problem is that the 4th Ammendment makes no such distinction. They were wrong in collecting it in the first place.
> I am okay with this distinction both because I don't mind if my emails are copied to an Agency database and likely never read and because from a technical standpoint it would seriously impair our ability to spy if we couldn't gather everything.*
He may not mind, but many other people do. I respectfully ask that he, Mr. Clapper, and Gen Alexander give us all their data in case we later do find what they were doing was illegal.
> The Agency is an intelligence organization, not a law enforcement agency.
> The NSA copy of my emails won't be viewed by police or FBI investigating me about marijuana use, for instance.
“A secretive U.S. Drug Enforcement Administration unit is funneling information from intelligence intercepts, wiretaps, informants and a massive database of telephone records to authorities across the nation to help them launch criminal investigations of Americans.
“Although these cases rarely involve national security issues, documents reviewed by Reuters show that law enforcement agents have been directed to conceal how such investigations truly begin - not only from defense lawyers but also sometimes from prosecutors and judges.”
> The NSA copy of my emails will only be viewed if the Agency can convince a judge that I might be a foreign agent. And the judges aren't pushovers.
During the 25 years from 1979 to 2004, 18,742 warrants were granted, while just four were rejected. Fewer than 200 requests had to be modified before ...
I seriously don't understand if OP has written this article in satirical sense, because to me there is no logic there.
I am a foreign national, I and my company uses services provided by a US company (email etc.), and this gives right to you guys to collect and ready my emails?
tldr; of your article is this:
"Oh ! he is a foreigner, fuck him. What he can do? ? He can't vote to get us out of power. So, it's ok and about the persons who can vote to get us out, they can't do anything because we know every little dirty secret of them. Oh ! one more thing, we are so good we promise we don't look at these dirty secrets. Although cases where a employee uses this 'secure' system for personal use, ya that do happen. Trust Us."
First off, congratulations for coming forward and giving what sounds like a honest account of your experience at the NSA. You haven't chosen the easiest forum to air your views, and that takes courage.
However, I can't disagree more with your views. You don't mind if [your] emails are copied to an Agency database and likely never read and because from a technical standpoint it would seriously impair our ability to spy if we couldn't gather everything. Really? You may be familiar with a certain Richard Nixon. How would you feel if a similar character came into power tomorrow? Imagine all the wealth of information at hand. All this... without independent oversight. The only thing you need is to make sure a second Snowden comes forward to explain how you're spying on your opponents. And I can't even begin to imagine how much this juicy information means in terms of economic intelligence. Of course, you cannot push this angle too much, because it would mean the end of the cooperation with your partners. This wonderful agreement you have to keep the free world safe. Thanks, but no thanks. I don't want security at this price.
History is littered with examples of power without accountability. And we don't need to go very far... just read any history book about the CIA. I'm sure their personnel is mostly composed of law-abiding patriots. This ends up the same way anyway: coups against democratically-elected governments. Drugs. Assassinations. Torture. And don't tell me that times have changed. The Guantanamo inmates are laughing at you. The Bagram inmates are laughing at you. Even John Yoo is laughing at you.
And that's only looking at it with the eyes of an American citizen, which I'm not. But in the end, what difference does it make? NSA, GHCQ, DGSE... Aren't you all cut in the same mold? You certainly sound like you believe in what you are doing. I'm sure STASI agents did as well, but they were never this successful.
322 comments
[ 2.0 ms ] story [ 255 ms ] threadThis is more perverse NSA interpretations of the law.
Collection is the crime.
It does bother me that the NSA asserts a right to hold copies of my GPG-encrypted messages indefinitely. It bothers me more that my web traffic, address book, or phone metadata ends up in a government database even if only temporarily.
I don't care if Google's computers were abroad or not, but they belonged to an American company.
The United States government penetrated the network and intercepted the communications of an American company. That's one of the most egregious violations of the 4th Amendment that the American government has ever committed. Don't pretend this is something that is right.
The NSA had no legal right to spy on me, and they did -- even if you say it's likely no one looked at the data. I don't care. Collection is the crime.
My question to the OP: even if you believe that at the moment abuses are rare and that your colleagues are trustworthy and law-abiding, does the capability and level of information concern you in terms of the potential for future abuse it enables?
http://en.wikipedia.org/wiki/Project_MINARET#Domestic_target...
* 1980-present. MAIN CORE, which is shared between CIA, FBI, NSA, Contains data on 8 million Americans and is used by LE. http://en.wikipedia.org/wiki/Main_Core
* ?-Present the DEA SOD program which uses NSA intelligence for drug cases. http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/05...
And these are just the cases we know about, they are likely only the tip of the iceberg.
Lorendsr, given this evidence and your previous statements that, "If I thought there was much chance that in the future, law enforcement and intelligence would not remain separate, my decision would change.", are you considering changing your decision?
>FISA surveillance was originally supposed to be used only in certain specific, authorized national security investigations, but information sharing rules implemented after 9/11 allows the NSA to hand over information to traditional domestic law-enforcement agencies, without any connection to terrorism or national security investigations.
https://www.eff.org/deeplinks/2013/08/dea-and-nsa-team-intel...
What this means is that if a given surveillance transcript is obtained legally (which is easy to do for foreign communications, even if a U.S. person is a party to the conversation), that it can be legally passed to LE. Once LE knows about it, they don't have to "close their eyes" to any U.S. nationals on the transcript, similar to how the police are not required to ignore evidence in plain sight (even if it wasn't listed specifically on the warrant).
By this route it is possible to pass incriminating evidence to LE about U.S. nationals even without a warrant, as long as one of the parties to the communication in question is actually a foreigner.
He spends a lot of time denying pervasive surveillance puts us in a panopticon where the FBI and other LEAs can observe everything we do. And never mentions parallel construction once.
He tries to justify a Cold War sized, and then some, security state by invoking North Korea.
This is a big bowl of very weak sauce.
The director's standard of candor is "least untruthful."
I really don't care what a mid ranking employee says about what the NSA will and won't do. EVERY revelation where people in this forum have given the NSA benefit of a doubt in the form of "they could, but they wouldn't" has max'ed out at "would do, did do, and trying hard to do it more" once more revelations have emerged.
The NSA can't be trusted with what it has.
The NSA has a history of sharing intelligence with LE, to state that the NSA is not a LE agency is extremely misleading, if not an outright lie. Not only did the NSA do this in the past but the Snowden revelations show that they continue to do this.
On the other hand, you're right on the money about parallel construction. In my book, that's the one thing that sent the NSA "over the line." It's good to hear that many NSA employees take the police/military distinction seriously, but we know for a fact that some higher-ups don't and he didn't mention the most egregious case of this, not even once. Also, he invoked the "it only happened if they get caught" assumption while commenting on the frequency of abuses, which is highly suspicious.
You're right, abuses probably have happened more often than those caught.
I think it is reasonable to say that he is slightly more informed to speak on these issues than a secretary.
It's really not surprising he hasn't heard of parallel reconstruction, considering:
https://news.ycombinator.com/item?id=6911200
Also, there's no need to be so hostile. It's simply his point of view, and by the very nature of the restricted work environment at intelligence agencies, it's not reasonable to expect him to have a complete picture.
To quote the very post of his that you're replying to:
"You're right, abuses probably have happened more often than those caught."
He's hardly saying nothing bad ever happened, or that all abuses are known for that matter.
How is that different from "he lacks credibility" ?
His character is secondary to his veracity.
> His claims can have limited scope and still be credible.
His claims were about the NSA. That is the scope over which we all agree he is not a credible source on.
He never claimed to have more than anecdotal evidence regarding the NSA. He never asked to be taken more seriously than, as you so derisively put it, a well-placed secretary (actually, I suspect a secretary would have a much better high-level picture of what was going on, but I don't think you intended an actual comparison).
I'd like to thank him for adding his perspective to the discussion. Even though I'll be keeping my opinion, it is good to know that in some (most?) parts of the NSA, the culture of taking jurisdiction seriously still pervades. It could be a lot worse, and absent this admittedly anecdotal evidence it's difficult to know what to believe.
Seriously? Have you - as far as the NSA's activities goes - been living under a rock?
... oh.
Quiz, where did the FISA court come from?
http://www.pbs.org/moyers/journal/10262007/profile2.html
They painted fascism with an American flag, and you ran it up the pole.
In a way its' embarrassing for the NSA to get a defence that is written by such a rube. But at the same time, the general public doesn't seem to be concerned, so perhaps it was unnecessary in the first place.
I could be wrong, but I think there is a bit of cognitive dissonance in your statement. I think you are slowly coming to realize that your actions were wrong; that you do need to defend them. The bad news is that you you fucked up, and you owe the Americans you pretend to care about an apology.
You should have heard of it. It was brought up the last time you posted your blog post to HN:
https://news.ycombinator.com/item?id=6882823
I foresee a day when every American has a dossier, a smear campaign, and a law enforcement attack plan on file, in case they decide to "make trouble" for the powerful. It's highly probable we're there already. Look at the history of harassment against MLK if you don't believe me. Even if they're not doing it now, sweeping up all the data in perpetuity guarantees that they'll do it later.
(I may disagree with this guy fervently about the NSA, but I'm extremely psyched to try his mayo. Good for him for transitioning into something useful.)
Pricing!
$8,000: General fear, uncertainty, and doubt (duration: 2 months)
$15,000: Complete discrediting (duration: 6 months -- best value!)
$50,000: Overturn their life with "Anonymous"-style harassment (e.g. triggered by c pornography "revelations" -- duration: two years)
Why. The only (vaguely) scientific argument the paleo diet has against legumes falls apart when you're just extracting the oils (which is not where the "toxins" are). Apart from that it'd just be an organic no-preservatives mayonnaise, and that's already widely available.
It's just another example that this guy will swallow anything you tell him with sufficient amount of authority.
But it plausibly is just what a purports to be - a portrait of the mentality of a rank and file NSA employee (I don't see any evidence that he's even "mid-ranking" if "mid" means middle management). That mentality seems to be a fusion of "surveillance doesn't matter if you have nothing to hide" and "America is under siege".
The thing is, it is good that the NSA has a lot of sincere employees are not now simply there for the power. It seems like this means instances of surveillance abuse are only period rather than constant. This puts them above the level of local police, who tend to have a fair of "ex-high school bullies and wanna be bullies". Yes, that's good but given the NSA's unchecked power, if an "institutional drift" towards the cynical use of power began in earnest, there isn't much people could do legally to stop that. And that is very bad.
Lawyers working for the NSA have deemed certain methods of data collection as being in accordance with US law, as voted for by elected officials within the context of a not great two-party democracy.
I am not one either. But I still have to obey the law.
Maybe that's not what's implied by that statement? But if not, what on earth is meant (more exactly, what was the author's intent in saying something that seems obvious and irrelevant if taken at face value; what am I expected to infer?)?
>One current federal prosecutor learned how agents were using SOD tips after a drug agent misled him, the prosecutor told Reuters. In a Florida drug case he was handling, the prosecutor said, a DEA agent told him the investigation of a U.S. citizen began with a tip from an informant. When the prosecutor pressed for more information, he said, a DEA supervisor intervened and revealed that the tip had actually come through the SOD and from an NSA intercept.
>Wiretap tips forwarded by the SOD usually come from foreign governments, U.S. intelligence agencies or court-authorized domestic phone recordings. Because warrantless eavesdropping on Americans is illegal, tips from intelligence agencies are generally not forwarded to the SOD until a caller's citizenship can be verified, according to one senior law enforcement official and one former U.S. military intelligence analyst.
"Generally" should be always.
How about they stop the illegal collection and then the illegal sharing cannot occur.
And then to add to the list. "Collect" should mean "obtain" and not "use", and "metadata" is actually a subset of, and not different from "data". And "transcripts" and "summaries" are actually a form "content". "US Citizen" mean's a person who lives in the US, not "51% likely based on this metric", and "direct access" does not depend on who owns the land in which the particular section of cable is buried. And the list goes on. These words mean something, and when 'always' slips to become 'generally' - we have a problem. And when the one doing the slipping is a titanic behemoth of the size of the NSA, with as little accountability as already exists, we have an even bigger problem.
When the words used to assure us are twisted and misused, then the assurance does little. Trust is hard to earn back. Especially when we intelligent owners (US citizens) of the mechanisms and powers are not given access to their actual processes, or even their legal justifications.
Face, meet palm
Same with torture and other unethical activities. Think you can save the city from nuclear destruction by torturing the brown-skinned guy? Sure, go for it. But you'd better hope you're right, because (at least in a just world) that's the only way you're staying out of prison for the rest of your life.
What about Americans who are 2, 3 or 4 degrees removed from suspected foreign agents?
Does 'looking' include automated processes that scan for, for lack of a better word, suspicious behavior?
That's an overly narrow construing of the word "information". As you well know, metadata and location bits are considered "information" by anyone except the pen & trap zealots.
I want to scream "well maybe someday you will, and then you'll have it collected already."
What a dense mind, and I am not all inclined to insult people in fact I hate it, but in this case it is well deserved.
I'm honestly gobsmacked by this blogpost... that anyone in a democracy thinks that hovering up all the data, will be safe from repercussions down the line, regardless of leadership.
Head-spinningly-shortsightedly-naivé.
I would be highly surprised if those agencies are _not_ allowed to "look" at our data, since they won't be breaking any "laws".
Fuck everything about finding loopholes and skating on the edge of what is legal. NSA has repeatedly lied so far, never apologied for it. A lie would come out and bam! exposed by Snowden's docs. It was spectacular to watch.
The bottom line is, I am more scared and afraid of our NSA than of the Chinese bogey men or "cyber warriors" out there. I have not seen anything but lies, trickery and dishonesty come out of their mouth. I think they are traitors and unpatriotic.
They are betraying fundamental principles this country is founded on. I can see how slimey mafia lawyers would want the laws re-interpreted to fit their clients' purposes ("well, it depends what 'is' is, your honor"), I don't want out government doing the same. It technically might be legal it doesn't mean it isn't shitty.
> If you are a citizen of the UK, Canada, New Zealand, or Australia, you may also be glad, because everything the NSA collects is by default shared with your government (the default classification is TS//SI//REL TO FVEY, or "release to five eyes", which are the aforementioned countries and the US).
On the other hand, when the US spies on me, I am much more threatened, because nobody can protect me from the US. If the US turns against me (for instance, for supporting the Tea Party), declaring me part of a "violent organization", I'm in real trouble.
tl;dr compain about your own country spying on you, not other countries spying on you
I agree.
> turns "complain about your own country spying on you!" into "Don't do business with an American company if you care for legal protection/are not stupid".
I agree. As a US citizen, I was quite upset when my employer started mandating Gmail use, and this was before the Snowden leaks.
Foreign companies are obliged not to use US cloud services, just as US companies are obliged not to use Chinese ones.
That is all water under the bridge now. There is no going back.
So you are not actually rebutting anything I said.
Until multilateral treaties are passed dictating how one national jurisdiction will handle the data of another then every EU business using a US cloud service has just been using wishful thinking. And again, this was true even before Snowden.
It doesn't really matter if the US spies on you as long as the UK is your defender. The US doesn't have jurisdiction there.
This is all, really, a political issue. Ultimately, it is about political speech. Everything else you can simply encrypt and secure, and you should.
I'm not mad at NSA they're just playing their role, they're grabbing everything they can. But, it should serve as a reminder of the goals we should all (civilians) strive for: encrypting everything. I think lot of individuals are working on these problems right now and I'm confident great tools and protocols will soon be created/improved.
edit: downvoted for proning mass encryption, great.
On the other note. If you want good mayo: http://www.eff.ca/featured_products.html order from these guys. I am sure they can ship to your door, they do distribute in the USA as well, however, not sure to which cities.
This blog post does nothing to answer the fundamental questions that the Snowden leaks have raised. This man basically argues that, with few exceptions, everyone that works for the NSA is a true American and a patriot who only has your interests at heart and what is a little spying amongst friends anyway. Follow that with some scary hints about cyber war with nuclear responses to further raise the stakes (and the fear) to justify their dragnet surveillance police state. This man is a moron if he can't see that constitutional protections were not created to protect us from good people but bad people who can gain control of such a system in the future.
Moreover, if what he says is true that we are facing real dangers then the government has the obligation, in a free society, to reveal these threats and explain what they are doing about it. The method of using such secret threats as a basis for increase police powers and (implicit) suspension of constitutional rights is not proper for a free society.
If the result of the so called "war on terror" is a gutted and shredded constitution then I'd say the terrorists have won.
Edit: Apparently Loren is a man, Sorry.
Could not agree more. To make good decisions as a nation, we need good information. When everything's classified TS/SCI or above, most Americans are denied an accurate description of reality on which to base their decisions and their votes.
Bad guys may do bad things to us regardless of whether their conduct and methods are revealed to all or classified into invisibility. If the NSA revealed everything it knows and does, it would in the near term, wreak embarrassment and economic damage on some parties, but in the longer term would help us craft a better country.
By analogy, nobody would keep money at a bank that couldn't be audited. Why would you entrust your society's core values of privacy to a completely opaque government entity having no independent oversight?
There is no such thing as 'terrorists'. It is wrong to imagine that there is a group of evil doers [I am an ESL and this expression always cracks me open:)] that is (1) organized and (2) focused on an agenda to harm United States. If you think so then you fell victim of the greatest fallacy pulled by the government.
The deterioration of your way of life is not due to some struggle with imaginary bad people, but due to the evolution of your government, which is becoming more fat, arrogant, detached from reality and self-centric. NSA is a natural spin in such evolution, where you transform from Huxley's Brave New World to an outright 1984.
except they do care. and they want that data. and they will get that data. you can bet your fucking LIFE on it.
if it's there, it will be used, and very possibly by someone with less than good intentions. how the hell could anyone convince themselves that this isn't true? it's mind boggling.
look at mccarthy era politics. THAT CAN HAPPEN. IT DID HAPPEN. IT WILL HAPPEN AGAIN.
I hate to sound like a tin hat wearing conspiracist. I really do. But I wouldn't be surprised if there was some sort of concerted effort by the NSA to encourage a dialogue with hackers on platforms like HN.
Sorry for the paranoia OP. Glad you enjoyed your time at the NSA.
Specifically: how are you so sure about what the NSA is doing? in your article you say that the NSA does not do SI on US citizens without a warrant, but how can you really know that if you are just another worker? I don't think you can... but hey, you seem like a smart person so why are you making that kind of statement?
> I was not asked to write this, nor guided in its contents by the government.
I find this hard to believe, especially coming from someone in your area: if there is no way for us to verify this statement, then how relevant can this comment be for us?
That's a bold claim - do you have any evidence that lorendsr, who is by his own admission no longer employed by the NSA, has been systematically lying again and again? Or that historically, part of his strategy is to try to influence society or specific groups? Or are you claiming that part of the NSA's employment process is the removal of independent thought and plugging into the collective hive mind?
That is most likely the reason. Even reddit doesn't jerk this hard.
The OP's submission is a valuable one, even if you disagree with his views.
I meant "you" the NSA, not lorendsr... I don't know him.
But yeah, sorry if my distrust of people who say they worked for a government agency that has as its main PR policy lying and manipulating public opinion sounds harsh... I'm just a bit angry because I'm not a US citizen and I know that my use of pgp,otr,tor,i2p,self-signed certs is enough to make some powerful organization start registering every single move I do on the Internet.
I flagged it for my to-read list for after work. I'm an idiot and didn't RTFA.
This essay was deemed UNCLASSIFIED and approved for public release by the NSA's office of Pre-Publication Review on 11/21/2013 (PP 14-0081).
Are you sure about this?
The government tells you what is classified and what isn't. If you have ever been privy to any classified material, you will have made the decision to self-censor that information, to keep the essay unclassified. In other words, you will have removed information that the government told you it didn't want published.
Granted the control wasn't overt, but the government has influenced your writing via your past and the controls that were embedded when you went though your initial security induction.
If it works differently to this, please do explain it to me, as I would be interested to know.
I'm quoting m8urn's post from upthread:
> m8urn https://news.ycombinator.com/item?id=6911796
> It all seems so sincere. Except when you see how closely this matches the talking points the NSA sent home with employees https://s3.amazonaws.com/s3.documentcloud.org/documents/8445...
I don't disbelieve you came up with all those points yourself, btw. Maybe you've never even seen that PDF hand-out. However, you couldn't have reworded this obvious piece of propaganda any better, if you did.
What I'd be more interested in is how much this issue is being discussed internally. If these discussions are allowed, or even surreptitiously encouraged, then I'd take that as a possible internal propaganda push, subtle as it may be. What's in the conscious mind gets written about, hence you'd see these kind of "justification" posts.
If there was very little internal discussion, or it was frowned upon, then I would expect much less of these blog posts, as it would potentially undermine your career...
I expect that the blog post is sincere. If the NSA or another government agency wanted to manipulate the discourse on this or a similar site, however, they would (not could, would) do so by setting up a large number of active accounts over a long period of time. These would promote articles without triggering voting ring algorithms.
For the last couple of years I have been an active participant in a part of the blogosphere that is inspired by Unqualified Reservations, a contrarian ("(neo)reactionary") blog. I recently discovered that many of the (active and quite long-standing) blogs and commenters in this online community are fraudulent. It is the situation described in Wikipedia's article on COINTELPRO: "pseudo movement groups run by government agents". This includes people with whom I've had email and even a Skype conversation.
Since the realisation, I've managed to have a little awkward and plausibly deniable dialogue with these "bloggers" and "commenters". The message seems to be that they view neo-reactionaries as a group of potentially violent dissidents whose memes, if they were to spread, would lead to serious public disorder. So it's a political broken windows theory, in which the NSA or FBI are guardians of public opinion (although I happen to be English). Apparently they have been watching closely and collecting "data" for over a year.
So, mtgentry, I don't think you are too paranoid at all. (Although I would have done until quite recently.)
Realizing the potential awkwardness of this request from a stranger considering your message, is there anything publicly published about this particular situation?
If an employee had a contrarian opinion to the NSA would it be declassified like this one?
Its hard to read it and feel that it is balanced or even truthful.
The NSA copy of my emails won't be viewed by police or FBI investigating me about marijuana use, for instance. Law enforcement might get a search warrant and retrieve a copy from Google, but not from the NSA.
</lie>
Or rather, the NSA's perfidy has left us with no other safe default assumption, so we have to ignore on sight. The data is tainted. All of it.
Is the US Tea Party considered a "violent organization"? (It's not, but that's a separate issue.) If not, can you guarantee that it won't be labeled as such under some future administration? The IRS is already targeting the Tea Party, so we have reason to believe that certain US political actors are not interested in abiding by objective laws.
If not, why do you defend the NSA?
Though I'm a US citizen, I'm sure one of the other Five Eyes countries can be employed to spy on me.
Huh, so:
- My best friend's dad was a spy in the CIA
- During the 70s and 80s my dad worked with Russian scientists (also ones from Poland and other Communist Bloc countries). Ecology stuff, mostly.
- I've been in "interesting" circles in the crypto arena, and know people who are almost certainly under surveillance.
So, how likely is it that my email is read, that my phone records are looked at, and so on? What are the chances that I'll have trouble the next time I cross a border or try to board a plane? One percent? Fifty percent?
Am I going to get my Name on a List because I've said that we need to stop allowing the NSA to build more data centers? That I think that Dianne Feinstein needs to be removed from office?
I don't do anything that interesting and my life is quite frankly pretty boring; my personal concern about any damage from someone looking at my emails to Mom is small. But I'd still like the government to get a lot smaller in this area because I'm afraid of what things will look like ten years from now, when data mining the innocuous stuff you did fifteen years earlier gets you Special Treatment at those DUI stops.
The "developed capacity equals intent" bullshit works both ways.
Beyond the monitoring, the deeper point of Big Brother in the book "1984" was the worry about whether what you were doing made you subject to punishment. Foucault also covers this in his discussions of the panopticon, where it is one thing to have a mechanism for constant and pervasive surveillance, and quite another when the windows of surveillance are tinted so you can never know whether the collection is being aimed at you.
This really is a key quote. Even if OP's assertions about the NSA are totally correct, even if all security protocols are followed to the letter, the problem still remains that they have a tremendous amount of power that can be used to target anyone deemed an enemy of the state.
I think a lot of contention on this issue revolves around how much you trust the government to appropriately designate enemies of the state. Many people believe the government is responsible about this, and that it will only go after people who a reasonable person would consider "dangerous." The problem, of course, is that the United States doesn't exactly have the cleanest track record of appropriately focusing its wrath:
http://en.wikipedia.org/wiki/COINTELPRO
(And yes, I know COINTELPRO was FBI, not NSA... I believe it's still an instructive example of government overreach.)
Anyone who defends the NSA on the grounds that it only targets those who are worthy of targeting needs to convince me that another COINTELPRO will never happen. I would actually welcome such an argument, since it would make me feel a whole lot better about this.
> The history of the FBI Lab hasn't been without controversy. Dr. Frederic Whitehurst, who joined the FBI in 1982 and served as a Supervisory Special Agent at the Lab from 1986 to 1998, blew the whistle on scientific misconduct at the Lab. In a subsequent investigation, it was found that evidence had been falsified, altered, or suppressed, or that FBI agents had testified falsely, in as many as 10,000 cases, resulting in many false convictions. More than a decade later, cases were still being overturned because of this massive fraud.
http://en.wikipedia.org/wiki/FBI_Laboratory#Controversy
Which is the slimmest argument I ever hear in favor of these pervasive civil rights violations.
I've never been a terrorist, never given any information to a foreign enemy, hell, I've barely ever even broken the law. But I do have a personal interest in Russia, speak Russian, and have been to Russia 14 times.
Am I on a list somewhere? Maybe I have done "something wrong" in the eyes of some automated, arbitrary algorithm that's connecting the dots of US citizens around the globe?
If you're going to assume that level of malice on the part of government then the game is already over.
Recall that Russian sleeper agents were arrested in the US as recently as 2010.
A nice comeback is to ask the accuser to apply similar standards as a universal principle. I mean if NSA didn't do anything wrong why worry about Snowden leaks. Or why doesn't Google show us their search algorithms?
This principle is absolutely forbidden to be reversed, the secret workings of government agencies are protected by the highest secrecy.
What do they have to hide?
> I didn't test it, but I'm sure there was automated analysis that prevented or flagged use of US selectors.
The mental leap here is subtle, but substantial. Since I have been told I can't use US selectors , I assume the system enforces this. As such, US citizens have nothing to worry about. However, in the immediately previous paragraph, he noted:
> one employee spied on a spouse
So much for automated analysis, besides not being able to filter out US citizens' data it can't even filter out an employee's direct family. But there's no need to worry citizen, the NSA has a very high-quality workforce.
In the NY Times this morning was a piece noting that the government has concluded they don't know what files Snowden took with him (http://www.nytimes.com/2013/12/15/us/officials-say-us-may-ne...). The most technologically advanced intelligence agency in the history of the world and they have no idea what files were electronically taken by one of their own. One of their own who passed the background check by the way--I don't know why the OP is so enamored with the polygraph.
(I personally loved the bizarre mix between cyber war, nukes and North Korea. He seems to have the mindset of a paranoid Stalin, always wary of others when he's the one terrorizing.)
They tell you about North Korea and your radioactive future. You like big problems and give it your best effort, perhaps thinking that you had a small part in saving the world. Then one day you read in the New York Times that your well intended project doesn't just scoop up communications from North Korean thugs, but what you helped make is collecting communications on everyone. It's helping the DEA illegally bust people. It's helping diplomats illegally snoop on our allies. It's helping keep US companies aware of what non-US companies are doing. Etc etc.
tl;dr Anyone could be a terrorist, everyone must be monitored.
What would your collection proposal be then?
You can't determine data of interest until you have sufficient data to determine if it's of interest in the first place. Even the NSA doesn't have an Oracle computer that can look into the future and figure out what vanishingly small percentage of communications are just the ones they should be interested in. If they did, they could also solve the halting problem and rewrite the history of computer science and time-travel.
Remember, the standard the NSA is held up to is that it should not only be following known bad people who are/might be doing bad things, but to ferret out the unknown bad people. Every time there's a Boston or similar, everybody goes and climbs all over the NSA for "not knowing about these guys"
You can't do that until you have a sufficiently large enough collection of unevaluated data to start looking through.
I'm not saying it's right or wrong, only that it's the reality of the task spy agencies have before them.
He didn't say you had an arbitrary number of opportunities to pass, simply that the screening (of which polygraph was one of many he mentioned) is such that it's not as if NSA analysts are able to simply wander their way into the NSA so that they can then spy on the people.
That doesn't mean people can't make it through all the screenings (just ask Snowden), simply that it's one of many safeguards that are put in place to make it so difficult to land an NSA job for nefarious reasons that the many other layers of oversight and controls should be adequate to prevent gross abuses.
I've talked to this before but this denial and self delusion is an important defense mechanism. Sometimes people write blogs and get into apologetic because they feel an internal dull pain of an inconsistency. "Hmm it looks we NSA did all these pretty bad things. I worked for them NSA. Surely I couldn't have worked for the bad guys." and then <proceed rationalizing and defending NSA, might as well put it in blog form>.
That cognitive dissonance, I believe, is pretty powerful. A lot of dark secrets and past transgressions can be filtered so well throw it.
Some know-nothing armchair psychologist who read the NYT is telling this guy -- who has made an honest effort to be utterly transparent -- that he's cognitively dissonant and that comment is going to receive a hundred votes because it makes people feel good about the things they think they know. It's not truth, just an exercise in mass delusion.
"The NSA copy of my emails won't be viewed by police or FBI investigating me about marijuana use, for instance. Law enforcement might get a search warrant and retrieve a copy from Google, but not from the NSA."
In fact, it's been known for months that the DEA receives intercepts from the NSA in such volume that they have an office devoted to handling them (the DEA's "Special Operations Division"). And as for search warrants, the manuals for that office describe a practice of "parallel construction" which involves, not to put to fine a point on it, lying about the ultimate source of the information they're using, with the clear intent of evading judicial scrutiny.
Details here: http://www.reuters.com/article/2013/08/07/us-dea-irs-idUSBRE...
Aren't those things, a spy shouldn't have? Is the working strategy, filling the web with disinformation about NSA employees, or is it to never use the web with a real identity for the period of contractual employment?
I mean, from a technological standpoint, every single HN member would love to work for the NSA. Because they have an extremely sophisticated set of technology that people would like to get their hands on. (Well, that's at least what we think they have). Keep in mind though, that in reality only a very small percentage of HN would actually like to work for the NSA! This is not because of the recent revelations, but because the government in general has not a positive image for most hackers.
It's been rumored that Dread Pirate Of SilkRoad case was figured out that way.
http://news.ycombinator.com/item?id=6911150
That's just a really long scraping / pattern-matching exercise of publicly available data, and the reminder that even particularly clever people won't be on point 100% of the time.
We cannot know.
I think the technical term is either "perjury" or "fraud on the court".
The euphemism, though, is "parallel construction".
However, the article actually says: "...two dozen arms of the government working with the Special Operations Division, including the Federal Bureau of Investigation, the National Security Agency and the Central Intelligence Agency.", and later that "the Special Operations Division of the DEA funnels information from overseas NSA intercepts, domestic wiretaps, informants and a large DEA database of telephone records to authorities nationwide to help them launch criminal investigations of Americans. The DEA phone database is distinct from a NSA database disclosed by former NSA contractor Edward Snowden." [emphasis mine]
It's quite possible that the NSA passed only occasional information about non-US citizens - it's impossible to tell from that article - if that's the case, then to many people they're acting within their mandate.
I'm not trying to defend the NSA, and I'm deeply troubled by the implications of mass surveillance. But it's important I think to be clear about the claims we're making since otherwise it's easy for people to dismiss us.
To start with the scope of what's available: it almost certainly includes data on US persons "incidentally" acquired in taps on an authorized target. I'm not aware of anything on DEA procedures there specifically, but as for the general rules, see here: http://www.emptywheel.net/2013/11/08/the-intelligence-commun...
Of course, even if NSA analysts know that they have DEA "customers" (as they apparently call the recipients of their intelligence), it might be a breach of the rules to select overseas targets which would be likely to have domestic contacts of interest to the DEA. But given that knowingly breaking the rules in pursuit of an authorized goal seems to count in NSA audits as mere "lack of due diligence", and not classed as "abuse", I'm not sure how much comfort to take from that.
Analysis of NSA audit data from Marcy Wheeler here: http://www.emptywheel.net/2013/08/16/lack-of-due-diligence-t...
... with further notes on the audit process, and narrow definitions of "abuse" here: http://www.emptywheel.net/2013/08/20/if-nsa-commits-database...
And this should make us scared. A guy like Snowden was extremely improbable, and yet he happened. So, what to think about the far more likely case of NSA employees taking extremely sensitive information and selling it privately? How many of those have there been already?
There have already been about a dozen cases in the NSA of 'LOVEINT' where employees were spying illicitly on love interests. From what I recall, all of those people volunteered that they were spying illegally on their own, none of them were caught by any internal review process.
For the life of me I cannot figure out why people refuse to accept the concept of training and policy as being relevant to proper civil liberties safeguards in addition to technical ones.
Imagine applying that idea to any other field, and keep in mind the unintended consequences.
For instance consider from a soldier's perspective "Since I've been told I can't shoot citizens or non-combatants, I assume the system enforces this. As such, US citizens and non-combatants have nothing to worry about." And yet our troops do have issued firearms (at least during things like field exercises and training), and the republic has not fallen to a coup. There are missile siloes dotted throughout the Midwest, yet no rogue junior officers or missileers have launched ICBMs at people.
You're missing his greater point, which seems to be that it didn't even occur to him to "test the interlock" since he knew that by law and by policy, it was wrong to even try. He also made quite clear (if you'd bother to read to the end instead of cherry-picking quotes to declaim) that this doesn't mean such technical controls can't or shouldn't be strengthed, merely that there is indeed a "culture of compliance" among the analysts instead of a bunch of voyeurs.
> > one employee spied on a spouse
> So much for automated analysis, besides not being able to filter out US citizens' data it can't even filter out an employee's direct family. But there's no need to worry citizen, the NSA has a very high-quality workforce.
Is it really your claim that a workforce must be 100% perfect in every way for an organization to be legitimate? Even the anarchists don't try to claim that there won't eventually be murderers amongst them, nor is there anywhere else in the real world where spouses are always exceptionally nice to each other in everything they do. Just ask Ashley Madison.
> The most technologically advanced intelligence agency in the history of the world and they have no idea what files were electronically taken by one of their own.
They also haven't solved the Halting Problem.
But anyways I know I'm going to be speaking to an uncooperative crowd but perhaps you all should consider the high-level points of his "peek inside" and then discuss the ramifications of that, instead of always drilling down into the weeds. Many of the same arguments used here could be used with equal logic toward every large civilian IT concern, which would tend to devastate the need for things like YC capital. :P
The difference from other fields, is that the consequences in other fields are public. If a soldier shoots someone, that someone is dead and can prompt an investigation.
If someone in the NSA abuses his powers, it is very likely that nobody will ever know. Or be able to know. No investigation will be triggered, and even if one is, it cannot possibly gather any evidence.
But this claim is only a concern if an analyst can unilaterally abuse his power and never be caught. Are you saying this type of surveillance capability would then be acceptable if proper accountability and oversight safeguards can be emplaced?
If anything this should be one of the easier things in the world to do, putting audit trails on computerized systems is hardly "pro league" stuff.
But either way, you say that the consequences will at least be public in other scenarios. But that's not really true either. People get shot every day in this country; how do you know that any given shooting wasn't from a soldier? How do you know when the government lets a contract that they actually fully complied with the Federal Acquisition Regulations? How do you know that when a Congressman votes against his normal voting habits, whether that vote was due to his conscience or due to someone else's wallet? How do you know that when the NSF gives one scientist a grant and refuses another, that it was done in the public interest?
You don't know any of this, as a rule, and yet many of those are much more impactful on the average citizen, even if we assume the existence of lapses in oversight.
As far as I can tell with government IT, your data will always be at more risk of being leaked to cybercriminals via hacking or stupidity (the latter has happened to me already!), than be at risk of being looked at by a rogue NSA agent.
1) Write down the law
2) Break it
3) Retroactively make the violation legal
Wrt to what oversight exists, well... the fact that they have no idea what material Snowden took with him is telling. But that's not what I'd be the most worried about. How hard would it be for the White House to ask information about a specific individual for "national security" reasons?
> But either way, you say that the consequences will at least be public in other scenarios. But that's not really true either. People get shot every day in this country; how do you know that any given shooting wasn't from a soldier?
I'm not a US citizen, but I would think murders are investigated by the police. It's usually difficult to hide.
> How do you know when the government lets a contract that they actually fully complied with the Federal Acquisition Regulations?
I suppose there are audits? Not to suggest that abuse does not exist, but I assume there is some oversight.
> How do you know that when a Congressman votes against his normal voting habits, whether that vote was due to his conscience or due to someone else's wallet?
You certainly don't, but you can make an educated guess.
I'm not sure what you're trying to say here. That the NSA doesn't need any form of oversight, and can be 100% trusted with the power to snoop on everybody belonging to any country (knowing - in case you thought "I don't care about these dirty foreigners as long as they promise not to look at US data" - that nothing prevents them from asking another Five Eyes member about your whereabouts without breaking the rules)? From the same government which gave you Guantanamo, extraordinary rendition, warrantless wiretapping and extrajudicial executions-by-drone? Their definition of legality is terribly elastic.
That's not at all what I'm trying to say. In fact I would argue very strong oversight is needed, but I'd also argue that very strong oversight is possible in the first place, which means that oversight (or not) is not the proper reason to argue about the very existence of the program in the first place.
In other words, the program(s) are either required or not. If they are required, determine the needed level of oversight and install it. If it's not required, then it's not required and discussions about oversight are simply redundant.
You mean, besides his family, friends, and loved ones when he loses his job and potentially ends up in prison. You're underestimating the amount of training and internal oversight that occurs.
The cases of caught individuals seem to have gone under-punished, as they sound worthy of prison time.
Also, even if the NSA polices against personal abuses, why would it police against systematic abuse for government's purposes against the constitution?
Self-policing does not work well, especially without elaborate mechanisms to enable it to work, and especially with a combination of secrecy and lack of oversight.
Now, systemic problems are a different issue. But the article we're all talking about here is written by an analyst from his own perspective.
Almost all of those points (except maybe the very last one) are echoed by the OP.
Except that this hand-out is straight-out propaganda and the OP sort of tried to veil that.
I think it's fair to say most rank and file NSA employees are honest and actually do believe in their mission. The far scarier thought is how things may work at an extremely senior level (contractors included), where there's literally nobody there to watch the watchers, or at least challenge them without being fired and blackballed.
That said, "US selectors" shouldn't return the results that they do in the first place. Obviously there's incidental collection, which is unavoidable. But the notion of incidental collection, as with metadata collection, was hijacked and used in public relations messaging as a cover for actual domestic collection programs that intentionally capture the full contents of nearly all domestic communications within the United States.
http://www.pbs.org/newshour/bb/government_programs/july-dec1...
Despite exceptions such as the article above, this messaging has largely been successful. Even The Guardian and The Washington Post---organizations who publish stories directly sourced from documents leaked by Snowden---routinely fail to underscore the critical difference between actual collection, and "collection" in the sense of mere authorized access to data that's already intercepted and stored. The two have been intentionally conflated as part of a semantics game, and it's working beautifully to mislead the American public about what's actually happening.
Determining if a "selector" is tied to a U.S. person is actually a very subtle and very hard problem.
Let's take a phone number +1 (212) 555-1234
Is this a US selector? It's a selector for a phone in the US, but that's not the same thing as a phone number tied to a US citizen. Let's say I'm following a senior North African pirate with a Maltese mobile +356 2010-1234 and he calls/is called by my number above?
- Should I follow it? Or is it absolutely off limits for me because it happens to be a U.S. number?
- How do I determine if it's tied to a U.S. person?
- What if it's a shared number between a group of associates, all of whom are not U.S. persons except for one?
- Is that number off limits now?
- If it is a U.S. person what should I do with it?
- Pretend it doesn't exist? Turn it over to U.S. Federal law enforcement? Who should I turn it over to? DEA? FBI? ATF? DHS? The Coast Guard? U.S. Customs and Border Patrol?
It's actually a significant intelligence task to figure this out.
However, my statement was not intended to be read in isolation, but in context of "domestic collection programs that intentionally capture the full contents of nearly all domestic communications within the United States." I was referring to the bulk interception and subsequent long-term retention of data on US persons.
The implication of my statement was: assuming this type of collection didn't exist, selectors related to potential US persons (for whatever reason) would simply return intercept data beginning from the time said selector was invoked.
Contrast that to the present, where selectors are capable of retroactively returning the sum total of a US person's digital (and by some extension physical) life for the past 5+ years.
It's commendable that the procedures for accessing the data of potential US persons are so stringent, but at the end of the day there is still an incredibly intimate and detailed picture of almost every single US citizen's private life being retained on a long-term basis.
The author may believe he or she’s a patriot. I disagree. I don’t believe someone who acts to subvert the Bill of Rights which states
“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”
is even remotely close to being a patriot.
> Many are concerned about the NSA listening to their phone calls and reading their email messages. I believe that most should not be very concerned because most are not sending email to intelligence targets.
> Email that isn’t related to intelligence is rarely viewed, and it’s even less often viewed if it’s from a US citizen.
“Rarely” is pretty meaningless. The NSA has repeatedly tried to compare the number looked at with the number of intercepts. Of course they’re only looking at a tiny percentage. But if I were to only steal one-in-a-billion dollars in the US or only kill one-in-a-million people, I’d still be doing something immoral.
> Every Agency employee goes through orientation, in which we are taught about the federal laws that govern NSA/US Cyber Command: Title 10 and Title 50.
Yet evidence seems to show that they've willfully found ways to interpret the laws in ways that the authors of the laws think is illegal.
> We all know that it's illegal to look at a US citizen's data without a court order.
But the NSA has a special non-adversarial court that rubber-stamps whatever it wants. (And it still happened)
> I use the term "look" deliberately: the Agency makes the distinction that looking at data is surveillance, while gathering it from locations outside the US is not. We gathered everything, and only looked at a tiny percentage of it.
The problem is that the 4th Ammendment makes no such distinction. They were wrong in collecting it in the first place.
> I am okay with this distinction both because I don't mind if my emails are copied to an Agency database and likely never read and because from a technical standpoint it would seriously impair our ability to spy if we couldn't gather everything.*
He may not mind, but many other people do. I respectfully ask that he, Mr. Clapper, and Gen Alexander give us all their data in case we later do find what they were doing was illegal.
> The Agency is an intelligence organization, not a law enforcement agency.
> The NSA copy of my emails won't be viewed by police or FBI investigating me about marijuana use, for instance.
And yet, per Reuters
http://www.reuters.com/article/2013/08/05/us-dea-sod-idUSBRE...
> The NSA copy of my emails will only be viewed if the Agency can convince a judge that I might be a foreign agent. And the judges aren't pushovers.http://en.wikipedia.org/wiki/United_States_Foreign_Intellige...
During the 25 years from 1979 to 2004, 18,742 warrants were granted, while just four were rejected. Fewer than 200 requests had to be modified before ...
I am a foreign national, I and my company uses services provided by a US company (email etc.), and this gives right to you guys to collect and ready my emails?
tldr; of your article is this: "Oh ! he is a foreigner, fuck him. What he can do? ? He can't vote to get us out of power. So, it's ok and about the persons who can vote to get us out, they can't do anything because we know every little dirty secret of them. Oh ! one more thing, we are so good we promise we don't look at these dirty secrets. Although cases where a employee uses this 'secure' system for personal use, ya that do happen. Trust Us."
http://www.youtube.com/watch?v=JEle_DLDg9Y
People need to realise it's more "All that is necessary for the triumph of evil is that good men do nothing."
And less terrorists and other cliches.
However, I can't disagree more with your views. You don't mind if [your] emails are copied to an Agency database and likely never read and because from a technical standpoint it would seriously impair our ability to spy if we couldn't gather everything. Really? You may be familiar with a certain Richard Nixon. How would you feel if a similar character came into power tomorrow? Imagine all the wealth of information at hand. All this... without independent oversight. The only thing you need is to make sure a second Snowden comes forward to explain how you're spying on your opponents. And I can't even begin to imagine how much this juicy information means in terms of economic intelligence. Of course, you cannot push this angle too much, because it would mean the end of the cooperation with your partners. This wonderful agreement you have to keep the free world safe. Thanks, but no thanks. I don't want security at this price.
History is littered with examples of power without accountability. And we don't need to go very far... just read any history book about the CIA. I'm sure their personnel is mostly composed of law-abiding patriots. This ends up the same way anyway: coups against democratically-elected governments. Drugs. Assassinations. Torture. And don't tell me that times have changed. The Guantanamo inmates are laughing at you. The Bagram inmates are laughing at you. Even John Yoo is laughing at you.
And that's only looking at it with the eyes of an American citizen, which I'm not. But in the end, what difference does it make? NSA, GHCQ, DGSE... Aren't you all cut in the same mold? You certainly sound like you believe in what you are doing. I'm sure STASI agents did as well, but they were never this successful.