When you pick up the phone, who you’re calling is none of the government’s business. The NSA’s domestic surveillance of phone metadata was the first program to be disclosed based on documents from whistleblower Edward Snowden, and Americans have been furious about it ever since. The courts ruled it illegal, and Congress let the section of the Patriot Act that justified it expire (though the program lives on in a different form as part of the USA Freedom Act).
Yet XKEYSCORE, the secret program that converts all the data it can see into searchable events like web pages loaded, files downloaded, forms submitted, emails and attachments sent, porn videos watched, TV shows streamed, and advertisements loaded, demonstrates how Internet traffic can be even more sensitive than phone calls. And unlike the Patriot Act’s phone metadata program, Congress has failed to limit the scope of programs like XKEYSCORE, which is presumably still operating at full speed. Maybe Verizon stopped giving phone metadata to the NSA, but if a Verizon engineer uploads a spreadsheet full of this metadata without proper encryption, the NSA may well get it anyway by spying directly on the cables that the spreadsheet travels over.
The outrage over bulk collection of our phone metadata makes sense: Metadata is private. Americans call suicide prevention hotlines, HIV testing services, phone sex services, advocacy groups for gun rights and for abortion rights, and the people they’re having affairs with. We use the phone to schedule job interviews without letting our current employer know, and to manage long-distance relationships. Most of us, at one point or another, have spent long hours on the phone discussing the most intimate details about our lives. There isn’t an American alive today who didn’t grow up with at least some access to a telephone, so Americans understand this well.
But Americans don’t understand the Internet yet. Bulk collection of phone metadata is, without a doubt, a violation of your privacy, but bulk surveillance of Internet traffic is orders of magnitude more invasive. People also use the Internet in all the ways they use phones — often inadvertently sharing even more intimate details through online searches. In fact, the phone network itself is starting to go over the Internet, without customers even noticing.
XKEYSCORE, as well as NSA’s programs that tap the Internet directly and feed data into it, have some legal problems: They violate First Amendment rights to freedom of association; they violate the Wiretap Act. But the biggest and most obvious concerns are with the Fourth Amendment.
The Fourth Amendment to the U.S. Constitution is short and concise:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
It means that Americans have a right to privacy. If government agents want to search you or seize your data, they must have a warrant. The warrant can only be issued if they have probable cause, and the warrant must be specific. It can’t say, “We want to seize everyone’s Internet traffic to see what’s in it.” Instead, it must say something like, “We want to seize a specific incriminating document from a specific suspect.”
But this is exactly what’s happening:
The government is indiscriminately seizing Internet traffic to see what’s in it, without probable cause. The ostensible justification is that, while tens of millions of Americans may be swept up in this dragnet, the real targets are foreigners. In a legal document called USSID 18, the NSA sets out policies and procedures that purportedly prevent unreasonable searches of data from U.S. persons.
But it doesn’t prevent, or even claim to prevent, unreasonable seizures.
Kurt Opsahl, general counsel of the Electronic Frontier Foundation, explains: “We have a fundamental disagreement with the government about whether [data] acquisition is a problem. Acquisition is a seizure and has to be compliant with the Fourth Amendment.”
If you read USSID 18 carefully, you’ll see that it appears to limit, with many exceptions, the government’s ability to intentionally collect data concerning U.S. persons. But the Department of Defense, under which the NSA operates, defines “collection” differently than most of us do. It doesn’t consider seized data as “collected” until it’s been queried by a human.
If you email your mom, there’s a good chance the NSA will intercept the message as it travels through a fiberoptic cable, such as the ones that make up the backbone of the Internet, eventually making its way to an XKEYSCORE field site. You can thwart this with encryption: either by encrypting your email (hopefully someday all parents will know how to use encrypted email), or by using email servers that automatically encrypt with each other. In the absence of such encryption, XKEYSCORE will process the email, fingerprint it and tag it, and then it will sit in a database waiting to be queried. According to the Department of Defense, this email hasn’t been “collected” until an analyst runs a query and the email appears on the screen in front of them.
When NSA seizes, in bulk, data belonging to U.S. citizens or residents, data that inevitably includes information from innocent people that the government does not have probable cause to investigate, the agency has already committed an unconstitutional “unreasonable seizure,” even if analysts never query the data about innocent U.S. persons.
The NSA has legal justifications for all their surveillance: Section 215 of the Patriot Act, now expired, was used to justify bulk collection of phone and email metadata. Section 702 of the Foreign Intelligence Surveillance Act (FISA) is currently used to justify so-called “upstream” collection, tapping the physical infrastructure that the Internet uses to route traffic across the country and around the world in order to import into systems like XKEYSCORE. Executive Order 12333, approved by President Reagan, outlines vague rules, which are littered with exceptions and loopholes, that the executive branch made for itself to follow regarding spying on Americans, which includes USSID 18.
But these laws and regulations ignore the uncomfortable truth that the Fourth Amendment requires surveillance of Americans to be targeted; it cannot be done in bulk. Americans are fighting to end bulk surveillance in dozens of lawsuits, including Jewel v. NSA, which relies on whistleblower-obtained evidence that NSA tapped the fiber optic cables that carry Internet traffic in AT&T’s Folsom Street building in San Francisco. It’s easy for the government to stall cases like this, or get them dismissed, by insisting that talking about it at all puts our national security at risk.
And, of course, let’s not forget the 6.8 billion people on Earth who are not in the United States. Article 12 of the U.N. Declaration of Human Rights states:
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
The NSA has very few restrictions on spying on non-Americans (it must be for “foreign intelligence” or “counterintelligence” purposes, and not other purposes), despite XKEYSCORE and the bulk collection programs that feed it being an “arbitrary interference” with the privacy of such persons. NSA doesn’t even have restrictions on spying on allies, such as Germany and France.
Facebook feeds everywhere are decorated with baby pictures. When those babies are grown up and getting elected to Congress, maybe then Americans will understand how the Internet works, and that bulk surveillance of phone metadata is just a tiny sliver of the enormous “collect it all” bulk surveillance pie.
Photo: Getty
Has it ever occurred to anyone that the only way for this govt to survive is to redefine any given definition? An example: the govt wont go after church burners because it wasnt a hate crime. Its not a hate crime because the definition doesnt fit the crime, but only because the definition changes as the person’s skin tone, in question, gets darker. Remember, the laws were created by racsists, therefore the law will always pertain to race. How else can a child be murdered on a playground and noone get in trouble, noone get the dealth penalty, unless the law works in that way. Get rid of the veil of the ‘Merican Dream, and all you see is reality.
In the real world; your rights stop when power wants them stopped. Whether the power is flakebook, google or the nsa matters little. We have and always have had a government of men, not a government of laws. Everyone is NOT equal before the law and never was. Millions of Americans were thrown out of their homes while the banksters were bailed out to the tune of Trillions of magic money created by the US Fed. The poor Greeks are getting a major screwing over because the banksters made bad bets knowing they would be bailed out by their governments and now the Greek people are suffering to pay back the governments who bailed out the banksters. Populations everywhere and nowhere more than the USA have been infantalized and made effete. There has always been “Bread and Circuses” but it’s at a whole new level now. It’s gonna get worse, a lot worse. Perhaps ignorance would be bliss but I still like reading the Intercept so I better understand how I’m being screwed over.
” And unlike the Patriot Act’s phone metadata program, Congress has failed to limit the scope of programs like XKEYSCORE, which is presumably still operating at full speed. ”
I expected Congress to exactly do that actually. The back of every US bill reads: “In God We Trust”. This needs no re-interpretation. And so when the NSA used XKEYSCORE to suck up the world’s electronic data, it must have not only known, but must have trusted that God would deliver on a wish and hope that the targets of their electronic sweep would ” Do unto the NSA as the NSA’s XKEYSCORE did unto them”.
And now that the targets know, does anyone in their right mind think that China or Russia or Brazil or Germany are going to fail their ally or fellow Security Council partners by not responding in kind? It is this realization, I believe, that must have compelled Congress to do nothing and let the original sin go continue on.
There is no going back. And there’s no preaching to any nation now, of a need to abstain from the internet spying activities of this nature to anyone. Because there is no congregation left that does not hold disdain for the preacher’s own actions anymore…
And then there’s the highly intrusive spying that’s taking place in our communities and homes, but it’s not being covered.
” And then there’s the highly intrusive spying that’s taking place in our communities and homes, but it’s not being covered.”
Yes, what you are alluding to makes the XKEYSCORE program look like a picnic in the park. And again, yest it is not being covered. Yet. Not even the valiant and genuinely independent journalists here will go anywhere close to that one. You gotta listen to your lawyers I guess…
My home has been clandestinely violated for more than 5 yrs in a row now. In part to steal evidence of electronic torture that I have gathered over this period. In part to grossly attack the environment in addition to attacking the brain, in order to intensify the stress and instill a sense of despair and hopelessness, so prized in mind control torture operations. None of it has not worked.
Cameras have been removed for periods of up to a year. SD cards wiped out clean of images of damage to the skin. Mail box keys have been removed from the key-chain, only to be replaced months later. Bank statements, same. All computers infected with virtual rootkits, including gapped units that were internet virgins. Jewelry has been destroyed – by deliberately breaking key functional parts. Floor rugs stained with tar print marks. Shower water tainted with black ink. Parcels from the mail, opened (contents Kangol hats). Invoices from the parcels removed.
Toenails have been cut while I slept. Segments of the scalp shaved while I slept. Underside of toes slices with an object so sharp the incision resembled that typically made by a doctor’s scalpel.
Clothing items removed or removed from suitcases of storage and returned washed, and placed in different locations. Circuit wiring of the house, altered so that the fuse box is no longer in the original state it was in when we bought the house and prior to the onset of the torture. Roof of the house mysteriously insulated while I was away at work, without any notification as an owner.
Bank cards not working. Password resets of bank accounts not working. Laser in CD player manipulated during playback so that the music repeated same line over and over again. Or skipped entire lines. And today, a car with no registration plates, front or back, sits right next to my house as the torture has so severely intensified.
This is just a very short list. May a miracle save this nation from sliding into the unthinkable.
http://freedomfchs.lefora.com/topic/7442322/nanodevices-in-sensory-overload-mind-control-torture
Stick to the nuts and bolts of it. Veer into the world of “crazy” and/or disinformation… and it’s “game over” for victims — which may just be part of “the game”, as some have suggested.
No one will touch the story because victims are “crazy.” And yet some victims wear their “craziness” like a badge of honor.
Want it to end? Stick to what’s believable.
” No one will touch the story because victims are “crazy.” And yet some victims wear their “craziness” like a badge of honor.
Want it to end? Stick to what’s believable. ”
Child, if you believe what others call you, then you are in deep doodoo. Never waste your time trying to convince either. You have it all wrong that is why you will never get anywhere. And as for “believable”, never apologize for someone else’s ignorance. Professional literature is out there for anyone who knows how to read. Grow up! And try thinking for yourself. For once.
More nonsense. As is that FFCHS link. Your comment reeks of projection, or worse.
Again:
Stick to the nuts and bolts of it. Veer into the world of “crazy” and/or disinformation… and it’s “game over” for victims — which may just be part of “the game”, as some have suggested.
No one will touch the story because it’s easy to conclude that victims are “crazy” — and some probably are. And yet some victims wear their “craziness” like a badge of honor.
Want it to end? Stick to what’s believable.
Repeating because my prior comment appears to have been obscured:
And then there’s the highly intrusive spying that’s taking place in our communities and homes, but it’s not being covered.
Glenn banned you “Targeted Individuals” last week when you were infesting his comment space, so now you land here in Micah’s. Well, Micah has dealt with you as well before, and maybe he will do so again.
Or maybe not. Not if you keep this crap confined to this one sub-thread. Guess we’ll see.
“When you talked to people outside the [anti-Vietnam War] movement about what the FBI was doing, nobody wanted
to believe it.” – Keith Forsyth, one of the activists who exposed the original version of COINTELPRO
Spend your time on something productive and useful, Mona. And steer clear of topics about which you clearly know little to nothing.
” Spend your time on something productive and useful, Mona. And steer clear of topics about which you clearly know little to nothing.” – in the know
Quite to the contrary. Mona likely is deeply immersed and knows far more about the torture industry than all of the Congress, the President and all the Justices, and the perps put together. No one defends a sordid, grossly anti-American, diabolical, treasonous, and as superlatively evil an activity as mind control torture such as she does, risking her reputation, without a reason. Or without a vested interest in hiding the torture by attempting, in vain I might add, to dismiss those who expose it is a crazy.
She casts herself as Glenn’s friend. But you have to really wonder if she is the type of friend that slithers up close before she can deliver the fatal bite…
January 9, 2014 500 Years of History Shows that Mass Spying Is Always Aimed at Crushing Dissent
It’s Never to Protect Us From Bad Guys No matter which government conducts mass surveillance, they also do it to crush dissent, and then give a false rationale for why they’re doing it.
http://www.washingtonsblog.com/2014/01/government-spying-citizens-always-focuses-crushing-dissent-keeping-us-safe.html
The best source of information these days are security cams and traffic cams. Most of these are connected to the internet and many can be controlled by whoever that logs into them (use Google to find out and surprise yourself by tweaking a few private cams). The majority of these cameras are high-resolution cameras, but the high-resolution feeds are only available to the “authorities”. Using biometric measurements you and the people you interact with can be individually tracked throughout the day. And with super-sensitive microphones enabled you can be recorded and transcribed as well. So all this encryption business will prove delusional until someone comes up with an encryption cream that when applied alters the biometrics of the person. French were the first to try this out, because of which they outlawed the burkah.
The facility in Utah is primarily meant for handling and storing this information. Where we cannot install cameras there we use drones and satellites, which allows us to use body scanners to thwart veiled persons.
Previous to Mr Snowden’s disclosure no one was aware of XKS outside of the spies themselves and probably some of their spouses. Now, after this nuisance is well known, the real danger to XKS is not from jihadi terrorists but from the thousands of hackers that are salivating at the thought of being able to hack into the XKS servers and take off with the information. That is what all the NSA and GCHQ folks mean when they say they notice changes in behavior after the Snowden information was leaked – it’s the changes in behavior of the hackers they are alluding to, not those miserable jihadis using sound-technology and hand-signals in the middle of the desert.
Given the quality of sysadmin passwords that we have seen recently, it won’t be time before they bRe@k-1N. Finally, everybody will have everybody’s information, after which everyone will be told to edit, update and maintain their own individual information so that the database can be relied on by the rest of humanity like one big family looking after and caring for each other. But meanwhile pray that NSA has some sense and keeps the servers safe with proper encryption.
This has been annoying me to no end, the Congress pretending this isn’t even an issue while obsessing over our telephony metadata as if that’s the only problem. Same way they pretend they know nothing about anything they want nothing to do with, like the Pentagon Papers.
Meanwhile, we haven’t even addressed manipulating compression technology and Tempora metadata files too provide criminal suspects escapes routes from justice!
Just WHO busted into a NewsCorp’s UK executive’s BlackBerry to VANISH David Cameron’s email contents while it was in police custody summer of 2011 on charges of corruption? Still waiting for an answer, Watson; like it wasn’t YOU, GCHQ. Just a month’s wait for Tempora to drop metadata of same in their plate and then braid it into the mix. They let Becky explain it away for the public record. See Leveson Inquiry why don’t you? But GCHQ had to brag to NSA that THEY cracked the Berry’s compression technology – minimization – metadata management, shortly after performing this hat trick.
These bums supervised the transition of corrupt communications between those two into metadata to protect the PM and NewsUK from FCPA embarrassment. Likely they were managing the disaster plan Newscorp’s hacks had made of NewsCorp’s bid to buy all of the BSkyB pie. Still can’t believe anyone would let that pervy bugger handle their telephony OR email, Sky.
I guess I’m not understanding how everybody understands metadata but the same people don’t understand the internet? Isn’t most of XKS’s built in functionality for surveilling the internet based on internet metadata (aside from the steganography plugins)? That’s what the docs seem to show. Do we have a different understanding of what metadata is?
Metadata is what you would see in your regular phone bills. Nothing more. But given a history of whom you are calling up and who’s calling you, your interests and weaknesses can be inferred. This process identifies people who can then be surveilled by other more intrusive means, with or without court orders depending on how the spies feel about them and their sexual, religious and political orientations.
What XKS does is gobble up everything and store it for use once any God-fearing, patriotic analyst determines you to be an interesting person. For a phone call it will be the metadata as explained above, as well as all the sound-bytes transcribed into nice searchable documents. For emails, it would be the “headers” with IP addresses as well as all the text, which basically means all your emails. If you are in the habit of scanning your messages and sending as photo images then those would be OCR’d by tesseract and stored as searchable documents. If you encrypt your emails or garble up the image files with unreadable characters then you voluntarily declare yourself to be a very interesting person, after which there are many other methods to find out what no-good you are up to. Obviously, these other methods are costly, so we would like to eliminate most of the generally nice innocent people by XKS such that our extra efforts are available for those who desperately need them. In this regard XKS is a highly beneficial tool for the billions of good folks out there. I fail to understand why people want to fight it and expose themselves unnecessarily to our other methods.
Yeah, that’s what I thought people thought, given the article. Actually, no. Metadata is literally data that is “besides the data”. It includes header information for email, it includes the browser and server information in html calls, it includes any xml formatting, and it includes, for images, stuff like EXIF data. It also can sometimes include a whole lot more than that, and there are several standards for it, like SMPTE Metadata, P-Meta, W3C METS, Dublin Core, IEEE 1484, MPEG-7, etc.
Maybe the parents should teach the young’uns writing articles what metadata is in exchange for being taught encryption?
Agreeing with you ondelette, albeit it’s also more than just those things too. I assume you’re limiting your answer for the same reason I’m not expanding on it (interests of brevity)? Part of the problem is non-technical people don’t even know what that stuff is, too and how it in turn can be used (nor do they realise that at some point all governments bent on power are eventually going to eat their own tail seeking enemies).
People still don’t get it. Most people just don’t get it. The problem with technical arguments are that most people just aren’t technical.
I too suffer from outrage fatigue and am at a loss on how to get the seriousness of this issue across to the masses.
One idea that crossed my mind recently however was enlisting a game developer to create a fun game with physical rewards… products or financial rewards for those who play… but program the game to cheat. For example, you gain points by completing a stage, you lose points when you fail… say you need a thousand points to win a prize, but the game changes the rules by monitoring how you play, so as soon as you get to 999 points you can no longer advance.
If you got enough people to play and get close to winning, but then it becomes impossible to win, you may have a lot of frustrated people of the generally uninformed masses type suddenly becoming aware and perhaps more skeptical.
Obviously, this is a rough concept that would require effort and eventual funding to placate the “losers” once the cheating was exposed, but maybe there’s a kernel of an idea that somebody else can improve upon? Probably not, but maybe.
Some sort of effort where private internet information is publicly revealed to generate outrage would be more effective, but is climbing into the gutter with the evil crowd and the legal liability is problematic… since a “national security” defense in protection of the fourth amendment probably wouldn’t fly with a judge.
I had an art teacher long ago who said something along the lines of “there are no bad ideas, only ones you shouldn’t pursue” (and she probably got it from someone else) to try to get her students to expand their creativity…
… so maybe with a little brainstorming and sharing of ideas, we can find something useful… or at the very least funny, distracting and reenergizing?
OK, maybe this is a better idea…
You set up a booth in a busy location with a big banner that says “Please Take 30 Seconds To Help The NSA Stop Terrorism” and get a couple of people wearing black with “NSA” hats and armbands to staff it.
The booth has two parts… one is a black box with a door and a big clunky camera on top, the other is a pad with some wires and a screen behind it.
Anybody that stops to “help” is asked to empty the contents of their pockets, wallets, purses into a tray… any phones and computers get placed on the pad by the staff, and the stuff in the tray slides into the black box and the door closed.
Then the staff hits a big red button and the flash from the camera on top of the black box goes off a few times, and the screen behind the pad flashes a “Data Copying Complete” message.
The staff hands back their stuff, with a reassurance that the pics and data won’t be looked at unless they do something suspicious.
You secretly film the reactions, and maybe a brief interview afterwards about how the people feel about it where it is explained the camera isn’t real and no data was copied… post the videos online
Let’s see if a voluntary search and seizure using the definition the NSA uses goes over well with people.
I like that… maybe one of the talk show comedians could do that…
Maybe John Oliver.
Nobody else deals with serious matters appropriately.
But convincing enough average Americans that their data in no way, shape or form helps fight terrorism is a worthy task for anyone to try.
love it… Street camera crews with big floods following random citizens? But that’s illegal isn’t it ? Lol.
You just described an earlier text based (green screen ) Star Trek game. The idea is problematic and overly complex. You need to dumb it down more and pull it off in fifteen seconds…
Great article Micah. Lays the major constitutional issues at play and why in easy to understand and clear terms. Will be saving this one.
“Facebook feeds everywhere are decorated with baby pictures. When those babies are grown up and getting elected to Congress, maybe then Americans will understand how the Internet works, and that bulk surveillance of phone metadata is just a tiny sliver of the enormous “collect it all” bulk surveillance pie.”
There is one problem with this. By the time those babies grow up, the ‘security’ apparatus will know everything they have ever done – from that time they smoked a bit of dope to the time they got a poor score at college but persuaded the lecturer to bump it up one grade. They’ll know that the political candidate visited porn websites when they were younger; they’ll know that they went to a dating website once after they married. Basically, democracy is impossible when that level of blackmail material exists.
Unfortunately, that level of blackmail material may already exist and be getting used against current elected officials – they seem so keen to ignore evidence and just do what the ‘three letter agencies’ want.
Sounds like an excellent recipe for borderline personality disorder.
>> They’ll know that the political candidate visited porn websites when they were younger; they’ll know that they went to a dating website once after they married. Basically, democracy is impossible when that level of blackmail material exists.
(This hardly requires additional comment – but here goes…) Fast Track, TTIP, TPP…
The Spooks snooping on digital data is analagous to them intercepting our mailman opening the envelope, looking to see who sent it, when and what the subject is. Then copying the contents and archiving it.
This type of behaviour is absolutely outrageous
I think you said it so well Arthur. The very idea that the 3 letter agencies could do constant spying and archiving of U.S. citizens communications as a new ongoing policy – is a commonsense nonstarter, not compatible with our constitution or democracy and clearly not politically sustainable.
Its amazing how extensive and how hard these agencies are trying to fasten the tools of totalitarianism (total surveillance) to our society…and thinking its a good thing in the process (that won’t blow up in everyone’s faces down the line). As Americans themselves, it is hard to fathom how they can be so shortsighted.
Yeah, with total information awareness, “this” will be a lot more common:
“Dennis Hastert and ‘Individual A’ leave many unanswered questions”
Just imagine Hoover with NSA powers.
Tomgram: Alfred McCoy, It’s About Blackmail, Not National Security
And from Alfred McCoy’s article, “Surveillance and Scandal – Time-Tested Weapons for U.S. Global Power,” which is half-way down the link above, right after Tom Engelhardt’s comments:
To update Henry Stimson: in the age of the Internet, gentlemen don’t just read each other’s mail, they watch each other’s porn. Even if we think we have nothing to hide, all of us, whether world leaders or ordinary citizens, have good reason to be concerned.
— Alfred McCoy
Harper did an interesting interview on some of these topics with former CIA director Woolsey.
http://thelip.tv/episode/fmr-cia-director-james-woolsey-wmds-iraq-obama-isis-edward-snowden/
Looks like we are already losing all the battles in the The Great World Cyberwar.
Snowden left with tons of secrets – and no one was either aware of it when it was occurring and nor does anyone know how much of it he took.
There is apparently a new source. We have no idea who it could be, or even if there is one for sure.
OPM lost more than 20 million records. For a year the hackers were wandering about in our systems and we didn’t know.
Our great friends HackingTeam has been stripped and head chopped off. Even with the fastest connections 400GB takes weeks of continuous download to achieve, but we became aware of it only after the hackers triumphantly announced their victory.
Clapper and Comey must inform us whether they are actually doing their duty, or are sleeping and watching free porn and dixpix. No wonder Cindy is mad and has deserted us for good.
“Even with the fastest connections 400Gb takes weeks of continuous download to achieve…”
Not quite. My domestic internet service is rated at 80Mb/s download and 20Mb/s upload [obviously I get less than that]. Extrapolating from the time it takes me to download a 1.5Gb Linux Minut Debian Edition ISO image file [3 minutes 46 seconds, on average across 5 attempts] it would take me approximately 16 hours 45 minutes to transfer 400Gb. I don’t think you can reasonably argue ~17 hours as requiring “weeks of continuous download”.
This download would have been done through Tor circuits as direct download would have led to the hacker being identified by now. So, in all probability this did take a lot of time to download.
Well yes but a local but approved dumby site could be incredibly fast. Network fast. Ask Snowden.
Respectfully disagree. If I were a hacker (and I’m not, of course) the clear path would be to find the fastest virgin proxychain I could set up for the initial extraction, probably tunneled via SSH, onto an encrypted volume which was then closed and unreadable for the person who owned the box it was on (or maybe the last hop was just a box that was paid-for anonymously and untraceably). From there, you could move it any other way you want, including tor, after obliterating the transaction trail. Doing it over Tor from the get-go would be silly, impractical, and unsophisticated. With good enough bounce points you could probably have pulled that data off in a few hours.
Thankfully I’m not a hacker (hacking is illegal), so I probably don’t know what I’m talking about.
Thanks for coverage of this issue.
Nicely expressed, to get some of the core across.
There are a number of mis-directions in play (i.e. the public debate sometimes misses the points entirely). I hope you shine your intellect on some of those and give us a nice technical analysis one day, like:
1) Spying by “commercial” web sites. (Facebook, Google, Databrokers…).
2) Nation states consider all non citizens fair game.
3) If you know the message is encrypted you’ve already broken the law.
4) Implications of a world where the rule of law no longer exists for governments.
5) ThinThread had protections, they were removed, what are the legal implications of that?
6) Governments appear not to be able to keep anything secret.
Ummm regarding point two? I’m Canadian.
“2) Nation states consider all non citizens fair game.”
My allies elect presidents on promises to screw me. Patriate Act reform means nothing to me.
I don’t vote. I’m not represented in Congress and my government is facist in either case.
This should not be a political/legal discussion about the USA Freesom Act or a techie discussion about encryption. I am not too technologically savvy. I am a retired lawyer. But this is an outright assault on our constitution and the principles we created the country to establish by our own government from the NSA people right through the president.
You’re a retired lawyer with, from what I can take away from your comment, a strong belief that what’s going on is bad…
I’m curious if you’re doing any pro-bono, volunteer, or organisation work? You’d be doing people a great service using your knowledge to help people part-time.
Most of us here couldn’t agree more, Bill, which is why most of us are here. We need all the help we can get, so welcome to the fight, if you’re willing. Not a challenge, just an opportunity.
Through and through Bill. Counted separately billions of unique discrete constitutional violations on hundreds of millions of law abiding Americans each and every day
every one of which is deserving of remedy and relief.
Possibly it is not a bad thing that NSA’s stooges are invading the internet in this regard: maybe those corrupt, criminal, cruel, rather simple-minded victimizers at the NSA will learn something as they spy on and read the comments and emails of the well informed, un-propagandized, fair dealing portions of the American population.
New information is usually parsed by the brain in such a way as to reinforce preexisting beliefs. If they go in believing we’re against them, and they read about how we’re against them, they won’t take away that what they’re doing is wrong — instead it’ll just cement in their minds even more the idea that we’re the enemy and it’s a good thing they’re around to be the good guys.
To be fair I imagine that a lot of the guys inside the Panopticon are or were, moral, patriotic, constitution defending people. The sort of people we want guarding the gates and walls for us.
Once in, they’re unfree to leave and have no avenue to point out the illegality of what they’re required to do.
I certainly hope so.
That places the problem with heirarchical organisations and the type of person that runs, manages and influences them. There lie the real problems.
I don’t think most go into it thinking they’re out to oppress the human race. In fact, I don’t think the majority do. But let’s say we have a scale, like so:
|———x———+——-|——-+——–x——–|
I’d ask you not to look at ‘left’ and ‘right’ politically.
Let’s say that middle | is neutral. I’d say almost nobody falls directly on that middle |. Let’s say most civil servants start out on the + to the right side of that middle |, and that that right side approaches total trust in government (with fear of disagreeing likely informing that, on some subconscious level). As their careers progress, they see people who are their ‘superiors’ at work ideologically more and more like the far right |, so they eventually seek to approach a middle point between where they start and that final |, not calling it ‘bad’ but considering it “their normal” because they live in and are constantly affected by a filter bubble that they can’t quite shake free of. Their normal is informed by the things they read, hear, and experience every day, the limited options they have to push against it, and the diffusion of ideas that go along with being in what feels like a ‘family’ (and you want to protect your family, of course). Let’s say most of them eventually work towards that right-hand-side ‘x’. A few go beyond it, but the right-hand-x is probably where (hypothetically) most lifelong people eventually wind up gravitating around. Few ever drop below their initial right-hand-side +, in any case.
Now let’s call this scale ‘Patriotism’. The question becomes how to enable people who see wrongdoings and report them without falling off onto the other side of that scale when even following ‘procedure’ (even when it’s grossly inappropriate — after all, if you report abuse of a program and that abuse is the scope of the program in the first place, what do you believe the results will be?) might put you smack in the middle of that scale at |, if you’re lucky. But most people rely on their peer groups for their sense of self-worth as well. They also have families, friends, and entire lives that all revolve around those jobs. Even if they do believe something’s not quite right, most of them believe someone else would have done something or said something if it REALLY wasn’t right, because they need it to be alright.
Most people don’t want to be even the *internal* ‘bad guy’ when it means they’ll get blackballed and lose the entire *life* they built up, not just their job. So most choose faith in their project, department, company, agency. After all, everyone they respect does as well. Few people even get this far — they just don’t even think about it on a conscious level. Most people just want to be happy and think they’re doing the right thing. And what that is hangs heavily on what those way above them say the right thing is.
The problem is it often isn’t the right thing — and as time has gone on, it’s rapidly become the wrong thing instead.
(BTW I’m not stating that that’s an actual scale of ‘Patriotism’ — more akin to their perception of ‘Patriotism’, maybe)
@UsefuIdiots– thank you, I hadn’t thought of it from that angle. But I think that you are very-much correct: most of those assigned to hunt us will not/cannot, be converted, or shown the light.
In the spirit of UI (great, insightful comment), those who hunt us cannot/will not see the light, no matter your efforts.
The victims targeted for this intrusion of every aspect of a life, In no logical reason, you find everything, innocently one.day to change , you think identify theft has to be only logical reasoning, since one is treated as though the label for someone else has been mixed up with your records, The safeguards to enable you’re rights reserved to handle your business affairs, and 30 years spent in researching constent violations that all tie together, with no way to open the problem to examine serious issues that finally came to light much to late, when the red flags where seen, such as corruption involment with now defunct bank, so much the public deserves the completed example of this fraudulent activity that has been allowed by my country,whom,did.nothing too protect my family, and chain of events proves it is designed this way, not even a voice to point out the facts, the control of our truths are not able to be sent from my attempts, mail ,phone, Internet no communication’s from Illinois.
Since I don’t understand how consensus is achieved in the US, perhaps you can explain how the metadata issue became the central focus of nearly everyone, and not XKEYSCORE. It took nearly two years to eke out the anemic USA Freedom Act. During that time TI’s exposition of the more glaring offender in XKEYSCORE should have alarmed the public much more than it apparently did. Either a complacent or more likely complicit MSM is obviously an important factor in guiding the public and others into backing the wrong horse. Maybe wrong horse is inaccurate but you get the picture. There are many with whom I’ve spoken who believe the USA Freedom Act fixed things, an outcome I’ve expressly feared. Getting the public ginned up for another fight won’t be easy, but who said it would be? Seeing as Jewel vs. NSA was filed in 2008 with well over 200 public or declassified documents resulting from approximately 130 separate court appearances, is there any chance my grandchildren will see a resolution to this case? Time for pitchforks yet?
“…perhaps you can explain how the metadata issue became the central focus of nearly everyone, and not XKEYSCORE…”
The Verizon metadata order (first Snowden story) as you pointed out was really the only one MSM covered these last two years. The MSM and Congress focused on this to the practical exclusion of everything else reciting the mantra “its just the number you called, the time you called and the duration of the call” even as they bathed in hundreds of more significant disclosures https://wikileaks.org/index.en.html http://leaksource.info/ https://search.edwardsnowden.com. XKeyscore chief among them. Thanks to the intercept (and no thanks to everyone who said that he was lying about it) we now know that when Edward Snowden said he could tap anyone he wanted from his desk using XKeyscore just like Hacking Team could. The good news is chasing that first disclosure (expansive in scope and breadth as it was but essentially limited to one “type” of data) has paved the way for far more successful litigation in open federal courts (whatever our legislators do) on all those far more damning disclosures. After all as Bill Binney said they didn’t build the Utah Data Center for Metadata (which requires very little server space) they built it for Content.
@jgreen7801 –
I wonder if most folks think along the same lines as the cousin I mention here a lot. She is apt to say that there is NO expectation of privacy in the internet at all, so getting her alarmed about this is a challenge for sure.
Another observation I have is that many people won’t see problems until it affects them DIRECTLY. For example, there were many who opposed gay marriage who came around because a family member turned out to be gay.
A third observation. “we” are way too likely to dismiss notions about privacy and just go after the latest social media app or gadget no matter how intrusive it is.
I just hope enough people wake up BEFORE it’s too late (if it’s not already).
BTW, good article, Micah. It needs to be read WIDELY.
Alot of feline personalities on this discussion board….
Hi Felix the Cat –
Just goes to show what a QUALITY discussion board this is :-)
There’s no expectation of privacy to be had online sure. But at the same time I don’t appreciate apparently being on a watchlist because I happen to have browsed the Tor website (super restrictive tertiary education proxy that blocked access to sites like this, and DKos even and regular proxy providers meant I kind of needed it just to communicate).
Metadata isn’t even useful in terms of their supposed purpose for collecting, but it does provide lots of dirty laundry on people that can be exploited that even in the conventional sense of the internet didn’t occur without you being specifically tracked, ie I might know you really enjoyed visiting goatse because you spend several hours there looking at stuff based solely off time the link to the server’s ip was active and amount of data transferred (we’ll ignore the amount of trolling that got done with that site because the metadata probably doesn’t show anything to suggest you were a victim of juvenile behaviour).
Personally my own metadata would indicate I have an active interest in extremism, drugs, bondage, and a number of other less than savoury interests that taken out of perspective would look really wrong, historian, writer, and game dev doing research is really easy to overlook if you’re only seeing the metadata related to sites and content I visit.
Section 702 sunsets in 2017. No USFA 2. Please don’t don’t support legislation providing FISC with means to extend Section 702’s exceedingly more invasive authorities.
Section 702 is your unminimized content. Your unminimized content in very conceivable file format traversing internet backbone upstream (and downstream). To be sure – as Micah indicated – this is by orders of magnitude a more significant concern than call detail records (metadata). Whats really cool is how far the ACLU EFF and others have gotten in the courts on “metadata” alone (open courts rule its illegal to collect in bulk metatdata forever) given how many peoples eyes glaze over whenever “metadata” is mentioned. Clearly by extension if collecting seizing bulk “metadata” is illegal (read fourth amendment above) then collecting seizing the CONTENTS of everyones’ internet communications (as is the case with Section 702 read fourth amendment above) in bulk forever is by orders of magnitude a greater ongoing violation of the rights of US citizens to be safe and secure in their papers and effects.
It’s a good article. A story written 40 years ago by Bernie Sanders has made headline news and is being thrown about on the internet today as though it had great import. Imagine what the NSA could dig up on just about anyone with a few quick keystrokes. We know that this information will be abused at some point in the future when people are distracted or simply angry, like they were after 9/11.
It’s the political season. How are the Opposition Researchers being affected by the Internet Age? Any new Dirty Tricks?
On the other hand, I am sort of running low on outrage these days.
That getting low on outrage part has always been one of the reasons I pushed for more, faster. Most of us who do get angry about this probably will eventually succumb to complete adrenal fatigue and if that happens, then this really WON’T end. That not only doesn’t seem fair — it’s flat-out NOT fair. I don’t think we’re supposed to be walking around like JOSHUA muttering under our breaths that the only winning move is not to play — nor is it a winning move not to play.
I think I take stronger precautions than most, but at the end of the day I do see all of this as popcorn melodrama. Worst case scenario, life before the internet really wasn’t so difficult.
Quite frankly, I’d be bothered by the surveillance if it were ‘only’ the net and the phone systems, but I wouldn’t be nearly as upset, because that implies explicit participation. But this isn’t 1998. There are cameras and satellites everywhere, you literally have limited expectations of privacy even in your own home or among friends or in a park or a restaurant, biometrics are required for passports and identification, and basically anybody can be tracked if someone wants you tracked — that’s not an opt-out system, nor is it a matter of ‘life before the internet wasn’t so difficult’. Frankly, if we could get rid of all that other crap, I’d gladly just take life without the internet back — but even if some people wanted to, in some countries that’s not even possible if one wants to lead a manageable life because everyone else does everything else online.
So yeah, I’ll take that time machine. But nothing short of it.
Actually, let’s set that dial back to about 1994 or so.
I take breaks now to avert the inevitable emotional drain. Since the surveillance started shortly after WWII making it a generational problem, expecting immediate remedies has generated copious levels of frustration for me to which I admit is counterproductive. This may take generations to overcome. Unfortunately, it’s not clear the planet can afford generations.
Acceleration, aided by a brain that is now addicted to immediacy, and a desire for quick and tidy outcomes painted in a positive light (no matter how negative the outcome is) is pretty much what will doom things. And near as I can tell there’s nothing that we can do about that. I agree it’s a generational problem, but (and I don’t believe I’m disagreeing with you here, more with people who’ll say that every generation believes the next generation is exasperating) this isn’t anything like the same sort of generational problems that have preceded us as a species.
Quite frankly I don’t think we have many more generations, as things are, short of some sort of close-to-extinction event that pushes us back to a time when systems of this magnitude are simply not capable of being built or maintained. Maybe things are just too ‘comfortable’ and the result has been to try to push our biological desire to hunt and dominate the only way it can be pushed — back upon ourselves (well, everybody save* whomever the given people in power are, because they’re ‘special’).
At a minimum fighting back requires a large number of people who have well-developed minds and consciences, and a whole lot of patience. But that’s hard to come by especially in the countries that have the best chance of doing anything to fight back (ie, where the problem originates).
Probably most people will get used to this. Which means they’ll get used to their chains. At least until that issue about who’s gonna pay people to live when there’s no work because it’s all been automated and outsourced. It may have been amusing comedy ala Charlie Chapman to worry about factory jobs a century ago, but now it’s really happening. I love these unemployment figures where the figures dropped dramatically because people literally dropped out of the job market. But if that doesn’t get us, then what we’re doing to the environment will in the next century. I’m sure we’ll come up with a better way to self-destruct before then, though, at the rate we’re going. And it’ll be hard to care because we can’t really dredge up the adrenaline to care.
*this word was chosen deliberately.
I not only find myself immediately gratified by your insightful comments but my fears that I might need to issue an Amber Alert are greatly relieved…
lol
Sorry, typo — obviously I meant Charlie Chaplin.
“Not with a bang but a whimper”
BANG!
“On the other hand, I am sort of running low on outrage these days.”
That could’ve been my quote.
It’s a no-brainer. Mass surveillance leads to poisoning of the wells of social support. The effect is that some of the people who would be in need of seeking social support would be reluctant to seek it (think mass shooters). And those that do often end up finding themselves in easily corruptible places like Facebook with little means to protect themselves.
Freedom is power and freedom is responsibility. Take away the freedom, and you take away both the power and sense of responsibility.
Freedom is the acceptance of your responsibilities…
Who gets to say who has what ‘responsibilities’?