The warrants were signed by a judge,I think.
The warrants were signed by a judge,I think.
PDF of the court order tied to this leak: http://www.guardian.co.uk/world/inte...ta-court-order
Its order 13-80, meaning its the 80th such FISA order this year, AFAIK.
"In a field where an overlooked bug could cost millions, you want people who will speak their minds, even if they’re sometimes obnoxious about it."
It's an abuse of power/process sure, and a pretty deplorable failure of the system of checks reining in government behavior but horrifying? Not particularly and certainly not compared to other common-place or acceptable practices and structures ranging from a proxy national-id to a professional army. Sure if conditions were different it could be put to major dystopian use as numerous futurists (i.e. speculative-fiction authors) have pointed out but so could things like that professional army. Is it linked to law enforcement in any way? No. Is it seen by human eyes? Almost none of it. Are even the computer algorithms and sifting software giving any sort of heightened attention to whatever private information from/by protected citizens had in the mass-pull? Not really. And frankly even in a dystopian setting, the only change would be law enforcement/security would be in on the data flow.Originally Posted by Enoch the Red
Last night as I lay in bed, looking up at the stars, I thought, “Where the hell is my ceiling?"
You don't have to go as far as a dystopian future or alternative present. Just read a history book of the GDR would be enough to see the extreme of a surveillance state.
And I don't think the computers play a really important part in this, it has been done before without the current means. New technology just give us better automation.
"Wer Visionen hat, sollte zum Arzt gehen." - Helmut Schmidt
I think it's fairly horrifying that the default for law abiding Americans is to collect their personal and private information, store it for an indefinite period of time, and wait for some reason to audit them for crimes real or imagined. To say this system is ripe for abuse even under the best of circumstances is an enormous understatement. The lack of transparency and oversight and the ease with which this data can be stored and accessed only adds to the concerns. And I think there's reason for concern when that kind of power is concentrated in so few hands and with what appears to be minimal oversight. I don't think it takes too much imagination to imagine a scenario in which this could be used against political enemies or public figures with relative ease.
So the information is collected, stored for an indefinite period, and available for an audit of crimes real or imagined. Which makes it different from the information in its "default" state of existing on the Google *or anyone else's* servers how? Information that is not looked at or used and which never will be looked at or used is not frightening or any sort of threat. Law enforcement might conceivably be a concern but Intelligence mass-data-analysis? Not so much.
Last night as I lay in bed, looking up at the stars, I thought, “Where the hell is my ceiling?"
There are a couple different issues that I can see with this line of thinking. First, information that is not currently looked at or used may not be considered frightening or a threat by you, but that seems to assume that the policies and purview for what is or isn't applicable are static. I don't think it would take too much imagination or real effort to change the analysis from looking for words associated with terrorism, or those who are tenuously tied to terrorists, to criteria that you might not find as palatable. I also think that inherent in your assertion is that the presumption that this system could not be abused by those who use it. It's easy to imagine people with the right knowledge and clearance using this system to spy on their wives or husbands, peer into the lives of public figures, investigate potential political rivals, or get insider information on publicly traded company X. And that's off the top of the head of someone who doesn't consider themselves to be terribly criminally minded. The infringement doesn't even have to be malicious. There have been reported cases where a phone number was incorrectly entered which resulted in exposure of information about a completely innocent citizen, or a number that was once associated with a person of interest being tapped even after it was assigned to a new subscriber.
I don't think the risk posed by terrorists begins to approach the potential for abuse here, nor does the threat posed by them justify the infringement of our rights.
Last edited by Enoch the Red; 06-10-2013 at 08:06 PM.
Sure. Who is doing this and what threatening or invasive motivation do they have for whatever unpalatable data-sift you're imagining? Think about what sort of grep you're worried about and the data-set it is being performed on.
Sure, anything can be abused. But this is data privacy we're talking about. There are, in fact, quite a few safeguards against isolated misuse (not least of which is the sheer volume of data to go through) though they only go so far. But the exact same concern is present for the data in its default state where there are even less safeguards. And yeah, mistakes happen but since that brings us back to what conceivable interest someone might have beyond "oh crap, now we have to do the entire thing over again."I also think that inherent in your assertion is that the presumption that this system could not be abused by those who use it. It's easy to imagine people with the right knowledge and clearance using this system to spy on their wives or husbands, peer into the lives of public figures, investigate potential political rivals, or get insider information on publicly traded company X. And that's off the top of the head of someone who doesn't consider themselves to be terribly criminally minded. The infringement doesn't even have to be malicious. There have been reported cases where a phone number was incorrectly entered which resulted in exposure of information about a completely innocent citizen, or a number that was once associated with a person of interest being tapped even after it was assigned to a new subscriber.
Say law enforcement did have access to all this data. You want to know what they'd do? The exact same thing they do now, they'd get warrants to give to your cell provider, your email administrator, etc. Because it's way easier and gives them a lot less extraneous material they don't have the hours to sift through. They'd resort to this data-set when they couldn't find anything else, and they'd hope to find matches. This isn't magic.
A program like this is an infringement to our collective right to privacy and it is almost certainly overbroad. But it's not egregious, much less horrifying. What you find horrifying is what could be done with a program like this under different circumstances. Like the existence of a professional army.I don't think the risk posed by terrorists begins to approach the potential for abuse here, nor does the threat posed by them justify the infringement of our rights.
Last night as I lay in bed, looking up at the stars, I thought, “Where the hell is my ceiling?"
Granted, the kind of malicious abuse I imagine would require someone with significant technical experience and/or clearance, and I'd be very surprised if they didn't institute some kind of audit trail for the front end application, but I would surprised if there weren't individuals with sufficient access, knowledge, and authority to abuse the system with impunity. That's all speculation of course, but it's not speculation without precedent.
I'm not sure I'm following your argument about the data in its current state. If by current state you mean the data at rest on the company's server, I suppose you have a point that a sufficiently motivated sysadmin would be able to abuse their position and sift through very personal information. I don't see how the PRISM program, as I understand it, would offer any significant safeguard against that though. Instead it is an additional point of weakness with the added danger of being designed to aggregate, track and analyze private data from multiple sources as opposed to a system that was not designed for that purpose being misused to do so.Sure, anything can be abused. But this is data privacy we're talking about. There are, in fact, quite a few safeguards against isolated misuse (not least of which is the sheer volume of data to go through) though they only go so far. But the exact same concern is present for the data in its default state where there are even less safeguards. And yeah, mistakes happen but since that brings us back to what conceivable interest someone might have beyond "oh crap, now we have to do the entire thing over again."
To be sure privately held data certainly can be, (and is) abused, and that is unfortunate. However, there are several distinctions which separate an abuse of data at an individual company versus the abuse of data by government, not the least of which is scale. Taken alone any single company would constitute a significant breach, taken together they constitute something much larger and more ominous. Additionally, it is more troubling to me to have abuses at a governmental level by virtue of the roles and powers that have been vested in it.
The vacuuming of data at the telecom level is also concerning, doubly so when you combine it with the vast array of computing power that is available to the NSA, and the comparative weakness of standard encryption techniques.
I think that a better comparison is the program law enforcement uses to look up your driving record, check for outstanding warrants and other personal information. I don't have any first hand experience with how it works, obviously, but I wouldn't be surprised if it was much, much easier to use, and much more powerful and easy to use than you might think.Say law enforcement did have access to all this data. You want to know what they'd do? The exact same thing they do now, they'd get warrants to give to your cell provider, your email administrator, etc. Because it's way easier and gives them a lot less extraneous material they don't have the hours to sift through. They'd resort to this data-set when they couldn't find anything else, and they'd hope to find matches. This isn't magic.
I suppose you are right. Based off of what little we know about the program it is currently troubling - and contrary to the principles that I believe make this country great - that this data is being mined, but it might be hyperbole to say it horrifying. It is indeed the abuse of this system would be horrifying, and it is the abuse of this system that I think too dangerous to allow. That being said, I think that the professional army comparison is a poor one. A professional army is much more difficult to operate and abuse in secret. The very logistics, and it's raison d'etre would preclude large scale operations that run contrary to the will of the people. I don't believe the same is true of the people in the clandestine services.A program like this is an infringement to our collective right to privacy and it is almost certainly overbroad. But it's not egregious, much less horrifying. What you find horrifying is what could be done with a program like this under different circumstances. Like the existence of a professional army.
Last edited by Enoch the Red; 06-10-2013 at 10:17 PM.
Random comment insertion, without acknowledging where I stand on this: what if the law required scrubbing metadata after a period of time?
http://walt.foreignpolicy.com/posts/...behind_the_nsaYou might think that you don't need to worry about the secret U.S. government programs to collect phone and Internet information on ordinary Americans, a program that is not quite so secret after last week's revelations. There are over 300 million Americans, after all, and the vast majority of their online and cell-phone communications have nothing to do with national security and are unlikely to attract any scrutiny. We are still some ways from Big Brother, "Minority Report," or "The Adjustment Bureau," and maybe we can trust the nameless, largely anonymous army of defense contractors and government employees (by one source numbering more than 800,000) to handle all that data responsibly. Yeah, right.
In fact, you should be worried, but not because most of you are likely to have your privacy violated and be publicly exposed. If you're an ordinary citizen who never does anything to attract any particular attention, you probably don't need to be concerned. Even if your Internet and phone records contain information you'd rather not be made public (an online flirtation, the time you emailed a friend to bring over some pot, or maybe some peculiar porn habits), there's safety in numbers, and you'll probably never be exposed.
The real risk to our democracy is what this situation does to potential dissenters, whistle-blowers, investigative journalists, and anyone else who thinks that some aspect of government policy might be boneheaded, unethical, or maybe even illegal. If you are one of those people -- even on just a single issue -- and you decide to go public with your concerns, there's a possibility that someone who doesn't like what you are doing will decide to see what they can find out about you. It doesn't have to be the attorney general either; it might just be some anonymous midlevel bureaucrat or overly zealous defense contractor. Or maybe it will be someone who wants to suck up to their superiors by taking down a critic or who wants to have their own 15 minutes of fame. It really doesn't matter: Unless you've lived an absolutely pristine online and cellular life, you might wake up to discover that some regrettable moment from your past is suddenly being plastered all over the blogosphere or discussed in the New York Times.
Does this danger sound far-fetched? Recall that when former diplomat Joseph Wilson published an op-ed debunking the Bush administration's claim that Saddam Hussein was trying to score uranium from Niger, some government officials decided to punish him by blowing his wife's cover as a CIA agent and destroying her career. Remember that David Petraeus lost his job as CIA director because a low-level FBI agent began investigating his biographer on an unrelated matter and stumbled across their emails. Recall further that long before the Internet age, J. Edgar Hoover helped keep himself in power at the FBI by amassing vast files of dirt on public figures. Given all that and more, is there any reason to believe that this vast trove of data won't eventually be abused for political purposes?
My point is that once someone raises their head above the parapet and calls attention to themselves by challenging government policy, they can't be sure that someone inside the government won't take umbrage and try to see what sort of dirt they can find. Hoover did it, Nixon did it, and so did plenty of other political leaders. And that means that anyone who wants to challenge government policy has to worry that their private conduct -- even if it has nothing to do with the issues at hand -- might be fair game for their opponents. And the deck here is stacked in favor of the government, which has billions of dollars to spend collecting this information.
Vigorous debate on key issues is essential to a healthy democracy, and it is essential that outsiders be able to scrutinize and challenge what public officials are up to. People who work for the federal, state, and local governments aren't privileged overlords to whom we owe obeisance; in a democracy, they are public servants who work for us. Right now, however, there are hundreds of thousands of public servants (including private contractors with fat government contracts) who are busy collecting information about every one of us. Citizens don't have similar resources to devote to watching what our elected and appointment officials are doing, so we must rely on journalists, academics, and other independent voices to ferret out wrongdoing, government malfeasance, corruption, or just plain honest mistakes. But if these independent voices are becoming more vulnerable to retribution than ever before -- and via completely legal means -- then more and more of those voices will be cowed into silence. And the inevitable result will be greater latitude for government officials, greater corruption, and a diminished capacity to identify and correct errors.
In short, the real reason you should be worried about these revelations of government surveillance is not that you're likely to be tracked, prosecuted, or exposed. You should be worried because it is another step in the process of making our vibrant, contentious, and most of all free-minded citizenry into a nation of sheep.
Hope is the denial of reality
Good read, thanks for posting. I said it before, what you need to be afraid of is not science fiction scenarios, where every citizen is under permanent control. It's real live example of the former GDR or current Russia and China, where all those that disagree are under pressure.
Only when you disagree you can know if you really live in freedom.
"Wer Visionen hat, sollte zum Arzt gehen." - Helmut Schmidt
I am not saying abuse can't/won't happen. I do think it will be isolated. And it has no more of a chilling effect than modern "opposition research" which can and will uncover most of what this sort of abuse will reveal anyway.
Last night as I lay in bed, looking up at the stars, I thought, “Where the hell is my ceiling?"
Opposition research doesn't generally have unfettered access to that level of information. We are talking about differences in orders of magnitudes here.
Not only that, but it empowers mid-level bureaucrats who don't have the resources or connections to engage in opposition research. It allows pretty much any computer-savvy person in the government apparatus to go after people they do not like.
Hope is the denial of reality
After the IRS scandal, I'm far more sympathetic to what Loki posted. I'm actually rather fine with the Verizon metadata issue, but the PRISM program (as reported) seems to be rather over the line in terms of data collection.
That said, as suspected, the PRISM program seems increasingly to be reported in a really lousy way.
June 11, 2013, 8:08 PM
How Google Transfers Data To NSA
ByAmir Efrati
How does Google hand over data to the government? By old-fashioned secure “file transfer protocol,” or FTP. And sometimes even by hand.
That detail, which Google disclosed for the first time late Tuesday, contrasts with earlier reports that claimed the government had special access to its network and to those of other technology companies.
Chris Gaither, a Google spokesman, said that when the company receives court orders to provide information to the government, it usually does so with secure FTP, a method of sending encrypted files over the Internet.
And occasionally, Google hands over files to the government in person, he said. (He declined to say when and why they use the manual approach.)
In other words, Google “pushes” information for the government rather than allow the government to “pull” information directly from Google’s system, Gaither said. He said the company has pushed back on attempts by governments to get more direct access, but he didn’t provide details.
“We refuse to participate in any program — for national security or other reasons — that requires us to provide governments with access to our systems or to install their equipment on our networks,” Gaither said.
He declined to say when Google began using its current data-transfer methods, and whether they apply to all law enforcement requests, including those that don’t involve secret orders by the Foreign Intelligence Surveillance Court, which authorizes the government to request information from companies in the interest of U.S. national security.
Google’s disclosure comes days after the Washington Post and the U.K.’s Guardian reported that the federal government, at the behest of the National Security Agency, had established a “direct” access to the Web servers of Google Yahoo Facebook Microsoft Corp. , Apple and others. The reports relied in part on leaked documents purporting to show details of a classified NSA program called “PRISM.”
All of the companies denied the reports, though the government acknowledged the general existence of a data-collection program on Saturday, noting that it targets foreign nationals who may be a threat to U.S. national security.
After its initial report last week, the Washington Post revised its article to say that special equipment installed at “company-controlled location” were able to obtain data for the program, though Google on Tuesday denied that such a mechanism exists.
Google on Tuesday also asked the U.S. government to allow it to publish the number and scope of requests it receives from the government after investigators get approval from the secret Foreign Intelligence Surveillance Court.
The company’s chief legal officer said in a public letter that “assertions in the press that our compliance with these requests gives the U.S. government unfettered access to our users’ data are simply untrue,” and that government gag orders on recipients of secret court orders “fuel that speculation.”
Speculation has run rampant in part because the Guardian last week published a classified order by the Foreign Intelligence Surveillance Court, telling Verizon Communications to hand over data on phone records of millions of people.
Google CEO Larry Page on Friday said he was “surprised” by the “broad” nature of such an order, implying that Google didn’t receive similar orders.
http://blogs.wsj.com/digits/2013/06/...s-data-to-nsa/
http://www.economist.com/blogs/democ...surveillance-0
Oh wait, caring about privacy is something only European luddites do, right?Here's the basic point. In the online world, essentially everything we do is always being archived and searched by the companies that provide us access. There was a time when we might have asked whether those companies should be barred from using that behavioural information for commercial purposes, but that ship sailed long ago. The question we're asking now is whether the government should be allowed to gain access to those private search archives for national security purposes. The government isn't spying on us; Google is spying on us, and the government is asking Google for certain results.
We need to think coherently about what we find scary here. The problem isn't so much that we haven't set up a legal architecture to preserve our online privacy from the government; it's that we haven't set up a legal architecture to preserve our online privacy from anyone at all. If we don't have laws and regulations that create meaningful zones of online privacy from corporations, the attempt to create online privacy from the government will be an absurdity.Not to mention that the concerns Loki mentioned and Dread agreed with are also there if only private companies hold the data (though then it will be a lot more restricted, and not in the hands of mid-level bureaucrats). Not like any company ever tried to find dirt on their opponents, after all..
Keep on keepin' the beat alive!
Again, the difference is that Loki and others see (correct me if I'm wrong guys) is that we willingly enter into this info being garbled up by using their services. I can walk away from Google and Verizon. But I can't walk away from the Federal Government. What Google (as an example) and I decide to do together is OUR business (That sounds kinkier than I wanted), what I (and 300 million other Americans) am searching for is not the Government's business until they get a warrant. Vacuuming up the data before hand 'just in case' I do naughty things is no different than intercepting my mail, photocopying it (but not looking!), storing the copy for later, then when I get naughty (or just accused), getting a warrant for those letters in storage. Is this what we want?
Brevior saltare cum deformibus viris est vita
I don't think you can walk away from ISP and phone companies. Unless you want to cut yourself off the internet and the phone. But if you do that, the government wont get your data either.
"Wer Visionen hat, sollte zum Arzt gehen." - Helmut Schmidt
ISPs don't generally store all your transmitted data indefinitely, and my impression is that they don't try and crack encrypted data that they transmit. You also have a contract with your ISP.
Contracts are just a piece of paper.
They certainly store a lot of data. But the sheer amount of data is the best coverage against all kind of curious people.
"Wer Visionen hat, sollte zum Arzt gehen." - Helmut Schmidt
Wut?
Brevior saltare cum deformibus viris est vita
So what if your ISP stores your data even the contract says it doesn't. First you need to find out, and if you do, what do you want to do? Sue em?
"Wer Visionen hat, sollte zum Arzt gehen." - Helmut Schmidt
Er, yes? Class action lawsuits exist for this very reason.
Exactly. And what isn't mentioned is that congress gave "tele-communication" companies immunity from law suits."The government isn't spying on us; Google is spying on us, and the government is asking Google for certain results.
"The problem isn't so much that we haven't set up a legal architecture to preserve our online privacy from the government; it's that we haven't set up a legal architecture to preserve our online privacy from anyone at all. If we don't have laws and regulations that create meaningful zones of online privacy from corporations, the attempt to create online privacy from the government will be an absurdity."
Oh wait, caring about privacy is something only European luddites do, right?
That applies to cell phone/internet service providers, so long as they required users click the Agree (to TOS in fine print). I'm not sure how landline contracts are/were worded, but my guess is it was broad enough legal-ese to include any new digital or satellite technology covering any-or-all "wire" communications, so long as they mailed 'updates' to customers....and continuing service was considered that same Agree.
Yes and No. All we have to do is use a credit/cebit card for corporations to sell/share certain data, and the 'tracking' can begin. That's how certain plastic cards or computer apps (for member 'points', coupons, discounts) started as a cottage industry and grew into a multi-billion dollar sector....with people willingly participating, sharing a phone number or e-mail address.
BTW, that's how direct mail (junk mail) also works, and why we still get tons of crap through the Post Office.
To Fuzzy: you may think there are sufficient legal safeguards for data privacy, or there's not much of a chilling effect with all this meta-collection....but that's overlooking that our Press is totally digitized, using "tele-comm" to contact sources, do their research, write their rough drafts, file their stories, etc. Professional journalists have been dragged into the net, too.
Also, don't underestimate the impact of our banking system being digitized, cached and stored for decades. Identity thieves can still capitalize on the glaring gaps.
first you need to find an ISP that isn't shielded behind an arbitration clause. Hell, it was AT&T that won that case in front of the supreme court.
"In a field where an overlooked bug could cost millions, you want people who will speak their minds, even if they’re sometimes obnoxious about it."
The courts also have to recognize "legal standing" before a suit can be considered.
An arbitration clause doesn't mean the ISP is shielded from breach of contract.
Government can only access what Google keeps (aside from direct tapping, but I'm under the impression PRISM doesn't do that). So when you use Google's services, you willingly accept that the government can access it with a warrant, which they did. Apparently it falls within the law, so you could have known the law, and basically agreed to this happening. In fact, considering they store everything, it is still the same as what you described, except Google owns the storage instead of the government. Like the quote says, it's useless to protect your privacy from the government if it's not protected from anyone to begin with. Hell, why would it be legal to sell information to commercial parties but not to the government?
Anyway, while I do understand the difference, they can still abuse the information, and have even more of it. Abusing the information in the way Loki's article suggested is illegal for government officials just like it is for any citizen. There's no real difference between a Google employee leaking something and a government employee leaking something (no difference in the effect, at least: it's still a leak). You say you can sue them, but first you're going to have to know who leaked it, and prove that, etc., just take a look at the Plame thing the article mentioned - IIRC that lead to a whopping single conviction that was commuted. And private companies don't seem much better, it took News Of The World a long time to get in trouble with all the nasty stuff they were doing. It is silly to think, while assuming government will only use your info in nefarious ways, that companies won't. They are also self serving, after all (and open about that). And that's before mentioning hackers who could get the info, too.
Also, with regards to willingly agreeing to the privacy agreements - most people don't even read it, and it changes often, and you have to be a lawyer to know what it exactly means. I don't oppose to a legal minimum of protections, with each company deciding for themselves how they protect the privacy on top of that minimum. We have similar protections in a lot of places, e.g. labour safety laws (you agreed to the job, but there's a legal minimum safety), then again you probably oppose those too.You have a piece of paper as a 'contract' between your government and yourself too, it's called the constitution, if they break that you can sue. So if you're okay with private companies having this power, surely you are okay with the government doing the exact same until they are rebuffed by the courts?
Is what GGT is saying right, that telecom companies cannot be sued? Source, please.
Keep on keepin' the beat alive!
Just a couple of links for your reading pleasure:
http://washingtonindependent.com/232...ecoms-immunity
http://www.wired.com/threatlevel/201...-cyberwar/all/In short, Bush urged, we need Congress to renew the federal eavesdropping law which, for several years following 9-11, the National Security Agency used to conduct electronic surveillance of U.S. residents without judicial oversight. That renewal, Bush has stipulated, must grant retroactive legal immunity to the telecommunications companies that cooperated with the administration under its warrantless wiretapping program.
Congress later gave retroactive immunity to the telecoms that assisted the government.
Edit: it's a rather complicated trail that began in the 70's. Sorry about the wikifist, but note the ACLU section, and other reference links.
http://en.wikipedia.org/wiki/Foreign...ts_Act_of_2008
Last edited by GGT; 06-13-2013 at 09:59 PM.
Posting Permissions
Reply With Quote