Hacker News new | past | comments | ask | show | jobs | submit login
Trying to Keep the Internet Safe from Warrantless NSA Surveillance (aclu.org)
150 points by maxt on Jan 15, 2017 | hide | past | favorite | 63 comments



Very nice. Nothing new here, but this is a great summary to share with people who are less familiar with internet architecture and want to get up to speed with this particular facet of (seemingly illegal) surveillance.

However, I want to quickly point out one omission in the discussion of the risks of allowing this kind of activity to continue:

If the NSA is effectively spying on everybody who communicates with a server outside the US, it is trivial for them (or another government agency) to fabricate traffic (presumably child pornography) in order to target someone.

The ACLU (and others similarly positioned to criticize this conduct) always rightly point to the risks to journalists and human rights activists of having their communications intercepted and accurately portrayed, but what about the ease of lying about it in order to target dissidents?

This seems like an obvious vector and deserves more attention and discussion.


> this is a great summary to share with people who are less familiar with

Unfortunately, the people I know who need to read this the most consider "aclu" is a dirty word.


Sadly many of the people protected by the ACLU have been convinced by marketing and propaganda that the ACLu wants to destroy America.


Why does the USG need global surveillance capability to fabricate damning traffic?


Hey buddy. You never responded to me in the other thread. :-)

Strictly speaking, it's not a requirement. But it gives incredible cover. It makes everyone think, "well, it's possible - they know everything that goes on."

In other words, absent this sort of mass vacuuming, the individual targeting of a dissident might seem much more suspicious.


Conversely, even the myth that the NSA reads all traffic also lends credibility to that theory. They don't need to read all traffic, they just need HN commenters to say they do.


Don't normal people already sort of assume that? What's in doubt isn't the potential for the USG to learn these things, but the credibility of their unverified claims that they actually have learned them. I seriously don't see the connection between global surveillance and the USG's ability to lie convincingly: they can already lie convincingly.

Later

BTW: I felt like I responded to what you asked in other comments on the thread, and by the time I saw your comment, many other people had already responded. Nothing personal!


[flagged]


1. the hair on fire alarmism over imagined issues distracts from some very real issues.

2. some of those very real issues have very real solutions, but people still cry bloody murder because those solutions don't solve every imagined problem.

3. Exaggerating the scope of the problem conveys a sense of helplessness. What purpose is served by making people needlessly afraid? There's a point at which the harm caused by surveillance panic exceeds the harm caused by surveillance.

4. the hysteria results in people making stupid choices regarding email, messaging, etc. like "I can't trust the companies I know, so I'm going to trust companies I don't know". That's ridiculous. Or the fact that while Comcast may inject some janky notifications on web pages I visit, it's not straightup malware like rogue tor exit nodes inject.

5. It becomes impossible for anybody to actually discuss what's happening when every little molehill is a backdoor, or rootkit, or malware, or existential threat to cyber existence.


I'd also add that none of us should need to apologize for civil, good-faith discussion on HN.


This obsession with comparatives is pointless if we don't know the scope.


If it were legal you could call it unconstitutional. The point is do not want. But really Google is so much worse than the NSA. We can't do anything about Google though. He's like an uninvited guest to every party. And now we have Microsoft to contend with as well.


> We can't do anything about Google though.

Yes, we can! Don't use Google, or use certain settings in the applications which enhance your privacy. The default settings are not always the best settings for the user.

Don't use Google Search. Use a search engine which respects your privacy such as the scraper DuckDuckGo (DDG).

Don't use Gmail. Use an e-mail provider which doesn't scan through your e-mail. Where you got IMAP access. Use a device where you can use GPG. Or use alternative methods of communication.

Don't use Google Maps. Use a maps application which respects your privacy such as OpenStreetMap or (arguably) Apple Maps.

Don't use Google Fit. [...]

And so on, so forth. Ask yourself the following: do I really need this? The answer is often: "not really."

You have the option to use neither. If the choice is Android or iOS you pay more for iOS devices but your privacy generally suffers less. [Ignoring the option of dumbphones] there's a third option: don't take your phone with you. It is a choice to take your Android or iOS device with you. Among others, Bruce Schneier wrote about this in his book Data And Goliath.


But you can't avoid google analytics..


> But you can't avoid google analytics..

That's the easiest to avoid. Ghostery, or a simple edit to your /etc/hosts file.

The problem is that tracking is much more pervasive, and there are many more ways you can be tracked that are much harder to block than Google Analytics.


What about for iOS? Sure there's more pervasive methods, but I doubt any are as ubiquitous as GA. My ghostery plugin shows GA for nearly every website I visit.


I thought iOS browsers' adblockers can at least do domain-based blocking, which is enough for the typcial GA case?


There are adblockers for iOS, but not for old versions of iOS and I think 32 bit versions of iOS don't work with it. IIRC Apple has allowed it since 9.0.


Adblock works on Android.


Try Privacy Badger, made by the Electronic Frontier Foundation. It protects you from many trackers, not only Google's, for example it disables the tracking capabilities of Facebook like buttons. https://www.eff.org/privacybadger


Why not? There's loads of options. Some examples include uBlock, NoScript, /etc/hosts


Doesn't ublock block requests to the likes of GA?


> But really Google is so much worse than the NSA

Google is one of the many tentacles of the NSA. Worth reading 'How the CIA made Google': https://medium.com/insurge-intelligence/how-the-cia-made-goo...

Also noteworthy: 'DARPA director Regina Dugan takes job as Google senior executive':

http://articles.latimes.com/2012/mar/13/business/la-fi-tn-fr...


Commercial surveillance is a problem, no doubt, but the problem isn't just Google - any held commercial data is susceptible to government snooping. Which is why people just blindly throwing their data into The Cloud annoys me.


We implicity permit Google to have our info. We have not given informed consent to allow our government to take this data. Therefore it is an unreasonable search and seizure of our property.


This is incorrect. Most people don't realize this. Do you consent your car to store all your location information in the cloud? What if TV started storing all things you watch in the cloud? Tomorrow, if all the car/tv manufacturers started doing this, what choice do you have? No, the option is not "do not use cars/tv". And tbh, I don't even think 80% of the population is cognizant about what is being collected and what it's used for. This is the reality and they have "accepted" it as-is. This is the situation we find ourselves with email (all email providers mark any other email as spam).


> Tomorrow, if all the car/tv manufacturers started doing this, what choice do you have? No, the option is not "do not use cars/tv"

Supply & demand. If there is demand for dumb TVs and dumb cars, this supply will (eventually) be met. Vote with your wallet.

Also, do not forget the second hand market for cars. This one's huge. There's still TVs and cars available which are dumb. There's still laptops available without Intel ME.

> This is the situation we find ourselves with email (all email providers mark any other email as spam).

What are you on about?


> If there is demand for dumb TVs and dumb cars, this supply will (eventually) be met.

I keep hearing that, I just never see it. There are a lot of things nobody wants which corporations push in unison because they want them. And that's not even accounting for the meddling of the marketing department, which does matter.


> I keep hearing that, I just never see it. There are a lot of things nobody wants which corporations push in unison because they want them. And that's not even accounting for the meddling of the marketing department, which does matter.

[In my reply I'll be mostly specific to TVs. Cars is -at least for me- a more complex topic due to AI which I don't want to argue against because I am reluctantly positive about this development (I do realise the privacy issues). Its also a lot higher in price than a TV, which makes the risk/reward higher.]

1) The smart TV is a relatively new phenomenon (to me, I'm in my 30s and I grew up with CRT monitors, I suppose for someone who's 15 it doesn't feel this way). I don't own a TV, but when I bought a TV for my mother back in 2010 it was a dumb TV. Its still being in use, and it was made smart via a Chromecast (but it can be made dumb). My point is: the old supply hasn't dried up yet. Dumb TVs are still in use.

2) Part of the supply is met via the second hand market. If you don't see that, you are not trying hard enough. Go to eBay, type in a brand of a car made in 90s or 00s or fill in ThinkPad T61 or fill in a type of an old TV and off you go.

3) We're also seeing a conversion from TV being less relevant, due to streaming and Internet. This is akin to radio replaced by audio streaming, or PC replaced by tablets and smartphones. It may very well be that people use a dedicated TV less. In other words, I argue that there's less demand for TVs. (Which is why TVs are made more 'useful' by making them smart.)

4) The dumb TV is already here. It has a better refresh rate, and low ms than a traditional dumb TV. This dumb TV is called a 'monitor'. This is what I actually use as my current TV (I lied when I said I didn't have a TV, but its technically an 7+ year old monitor with a TV module. Its 24", and we barely use it).

So in short conclusion, concerning the dumb TV:

1 & 2) The replacement is relatively new and the customer has to learn the + and - of the newer version. The old supply hasn't dried up.

3) Demand has shifted. Customer perceives a smart TV as more capable.

4) Other product -still being actively made- satisfies demand.

I have no reason to doubt that supply & demand doesn't work in this specific market. Furthermore, you might want to take a look at importing from Asia. There's a relatively new market with a large supply of options over there.


> Demand has shifted. Customer perceives a smart TV as more capable.

Also see "not accounting for the meddling of the marketing department" - not all things just "happen". And while you make good points about streaming (having to schedule yourself around broadcasts is a huge drawback, after all) TV getting "smarter" and them being the way they are are still not exactly the same thing.


Its not that TV is smarter; it had to catch up. SUN used to say the network is the computer. Everything is both nowadays.

The consumer/customer can use any device with internet (PC, laptop, tablet, phone) to watch a TV series a few hours (?) right after or even during broadcast. Those devices can also be used to watch YouTube and all the other streaming platforms whereas a traditional TV can't. I wouldn't assume malice. I suppose the thought was "wait, what. More functionality than TV? We can compete with that."

Except that these onboard 'computers' on TV are weak, and profit margins are apparently too low to increase that. Which means you end up with something similar as the mess of Android. Devices with firmware too expensive to maintain.

Like I said, I use an old monitor as TV. My personal belief is TV as we know it is dying. We're going to see a merge of monitor and TV soon (with monitor capable being a TV) and the elder will be able to watch TV the traditional way. But youth generally don't. This means funding of public broadcast TV like BBC in UK and NPO in NL will get cut. Its a downward spiral, already set in process long ago in 90s.

Disclosure: I'm not from USA though.


If you run your own mail server, it's hard to get email deliverability to the inboxes of people who use the Big 3 (Gmail, yahoo mail, Outlook.com). This makes using these privacy-invasive email services a much easier decision


Problems seem more to do with the age of the domain, rather than the size.


> If there is demand for dumb TVs and dumb cars, this supply will (eventually) be met.

Such demand will never rise to substantial levels. The moment your solution to a problem requires the general public to (change their behavior/become educated about something), your solution is unworkable.

If the general public regularly changed their habits out of principle, Windows would have been displaced by Linux in the 90s and the banana and diamond industries would be dead or dying.

It doesn't work that way, and it's unrealistic to assume it ever can.


> If the general public regularly changed their habits out of principle, Windows would have been displaced by Linux in the 90s and the banana and diamond industries would be dead or dying.

My argument has never been that the general public at a whole changes something out of principle. Some of us may, most will not. Sadly you're right on that account.

My argument was that if there is a demand for a product this will (eventually) be met by supply.

I don't know anything about the banana industry.

I do know that Windows is from the former monopolist Microsoft. I was there when the Halloween documents got released into the wild.

The diamond industry is a former monopoly as well (De Beers). The diamond industry furthermore has the advantage of tradition. However according to [1] "Synthetic diamonds sold as jewelry typically sell for 15-20% less than natural equivalents, but the relative price is expected decline further as production economics improve." A-ha we got incentive right there: a price of 15-20% of the natural counterpart which is going to drop further over time! What makes you believe this competitor is irrelevant, unable to compete with natural diamonds? I see the exact opposite. So we have two incentives now: the principal, ideologic one (sadly usually doesn't fly; we agree there) and a money one. Diamonds lose their value the moment they're bought. There's no second hand market for them. It is a stupid investment. If you can save 80-85% on a stupid investment that seems like a pretty good incentive to me.

> It doesn't work that way, and it's unrealistic to assume it ever can.

If we're talking about monopolies, no, but those monopolies stay monopolies due to lack of government intervention and because the wheels of justice grind slowly. Microsoft eventually got what they deserved by courts, and they failed to compete with the successors of the PC which ran the 'children' of Linux and macOS (Android and iOS). Microsoft even had to change their business model, giving away Windows 10 and focusing on advertising instead.

[1] https://en.wikipedia.org/wiki/Synthetic_diamond#Gemstones


And my point was that there never will be enough demand for such a product for it to be anything but a niche product sold to first worlders. And that goes double on commodities with few differentiating features like TVs.


See my post above where I explain monitor and TV are competitors. A monitor made nowadays is a dumb TV (and, much more, but not a smart TV).


It's in the EULA, hence the implicit permission.


Meanwhile: Obama Opens NSA’s Vast Trove of Warrantless Data to Entire Intelligence Community, Just in Time for Trump [1]

1. https://theintercept.com/2017/01/13/obama-opens-nsas-vast-tr...


Yeah, I hate it when this starts out with Trump bashing. Obama is much more guilty. I am not an american, so I don't exactly understand what the term 'liberal' means. Spying on your own people without warrant?

More discussion here - https://www.reddit.com/r/worldnews/comments/5o1ovy/with_only...


Heh, that's funny. I am American and don't understand the meaning of the terms "liberal" and "conservative" in our modern culture.


Ideology is basically meaningless. American politics is entirely tribalism.

The Democrats spent 8 years decrying the myriad ways the executive branch violated the Constitution under George W. Then Obama takes power and basically continues or expands nearly all of them, and with only a small handful of exceptions, the Democrats stop caring and forget entirely.

The Republicans spend 8 years decrying overspending and the national debt under Obama, even organizing an enormous 'Tea Party' movement predicated around resistance to it. Then, as Trump is taking power, they rally around a budget that will increase the national debt by 50%.

Ideology is an extremely loose set of guidelines that are only really adhered to in a coherent way by a tiny handful of true believers (folks like Bernie Sanders or Justin Amash). By and large, politics is purely about power -- once you win, all that matters is erasing any past victories claimed by the other party and then doing whatever will please your donors so you can win the next time.


American politics is good cop - bad cop, which one is good or bad depends on political affiliations. Both have the exact same goals with minimal deviation besides what words are being read from the teleprompter. Political hardliners cancel each other out and solidify the power of the base.


It starts out with facts. That those facts reflect poorly on a person has no bearing on their truth value.

If you believe the article misrepresents the state of affairs, say so -- but whataboutism doesn't cut it. It steers the discussion off course.


My original comment was detached and hellbanned due to unseemly sentiment and use of profanity. But it's not inaccurate.

Use the "show dead" function to find it.

The long and short of it is that the word is simply a code for pejorative insults.


Have you considered that Obama's regulating the distribution before Trump comes in and the main issue is that the FBI is both an intelligence and law enforcement agency?

I mean, if the FBI, Drug Enforcement Administration and Department of Homeland Security weren't in this group of 16, wouldn't the discussion be completely different?

Lastly, who says the minimization that the NSA had been doing itself so far didn't just consist of removing noise? The requests have been and will continue to be confidential after all.

Obama is a proponent of very strong intelligence agencies which certainly must be criticized, but the hysteria and fear-mongering that's happening right now completely misses the issues that have to be solved first, imho.


Obama is ultimately responsible for trying to ram an international Internet surveillance mechanism into law (https://www.eff.org/issues/tpp) and giving the NSA a free pass to conduct mass surveillance against American citizens without a warrant. (New rules issued by the Obama administration under Executive Order 12333 will let the NSA—which collects information under that authority with little oversight, transparency, or concern for privacy—share the raw streams of communications it intercepts directly with agencies including the FBI, the DEA, and the Department of Homeland Security, according to a report today by the New York Times. https://www.documentcloud.org/documents/3283349-Raw-12333-su...)


The copies the NSA keeps of your intellectual property are definitely not piracy though.


>"To use a non-digital analogy: It’s as if the NSA sent agents to the U.S. Postal Service’s major processing centers to conduct continuous searches of everyone’s international mail."

It's worth noting that U.S. Post Office also records meta data of all snail mail:

http://www.nytimes.com/2013/08/03/us/postal-service-confirms...

The last paragraph in the above link being completely laughable if course.


> and even invited Russia to hack the emails of his political opponent

For the 1000th time. He didn't (and it's amazing how often this gets repeated) 'invite' them. He said they should release the documents if they already had them.

Note the story line and then the exact quote here:

http://www.politico.com/story/2016/07/trump-putin-no-relatio...

"I hope you are able to find the 30,000 emails that are missing".

Is not "hack Hillary Clinton". It's "if you've hacked Hillary Clinton release the emails". Key difference.


>For the 1000th time. He didn't (and it's amazing how often this gets repeated) 'invite' them. He said they should release the documents if they already had them.

The direct quote is as follows:

“I will tell you this, Russia: If you’re listening, I hope you’re able to find the 30,000 emails that are missing,”

It's hardly a stretch to read this as an invitation, despite the later claims of his handlers.


> It's hardly a stretch to read this as an invitation

It's an interesting Rorschach test.

What would be fascinating is to do an experiment where someone didn't have an emotional attachment to the issue and see how this is interpreted by different parties.

For that matter do the same with this issue merely see what people who fell on either side (or in the middle) thought.


I think a reasonable person could interprete that quote both ways. I'd note that the politico headline you linked says "Trump urges Russia to hack Clinton's email", and it is only a campaign spokesperson who said the opposite.


I'm curious to what HN crowd thinks about a question related to all this.

People are now under the assumption that US agencies are collecting all calls, emails, anything electronic for all citizens as it's technically possible and confirmation is slowly being revealed.

If a crime was committed to a citizen, how would said citizen legally make a request for information the NSA or any agency has that would be useful as evidence. Shouldn't all citizens be able to use what is being collected in court as the government is for the people? How would a person in court go about requesting anything if the possibility exists.


I know some people have already tried that and obviously failed. they just pull the "security" card and say any information they have cannot be disclosed in court because its a threat to national security. then they'd say those matters can only be conducted in a secret court where everyone has "security clearance", and oops - sorry plaintiff - you don't, so you're excluded from your own trial.

This was part of what happened to Ladar Levison, owner of Lavabit which was served with an NSL. He couldn't easily shop for a lawyer because he could only contact lawyers that were authorized to handle top secret material. And he had to appear at one specific court venue in Virginia even though he was from Texas.


I'd less worry about NSA then character like googles Eric Schmidt. This one will sell you in a blink of an eye for his own political hallucinations.


Yep - both him and Zuckerberg are awful people is you are about privacy.


If you support this you should consider donating to Wikimedia or the ALCU:

https://wikimediafoundation.org/wiki/Ways_to_Give

https://action.aclu.org/secure/donate-to-aclu


I feel like it will just get worse and worse.

No turn back possible anymore.

Maybe in fifty or hundred years we can talk about it again. For now. It will just get worse.


If it will "just get worse" then there will be no "again".

Frankly, elsewhere people get jailed for speaking their mind, and you know what some of them do? Speak their mind. We face pretty much no repercussions other than it not being so fun to discuss it, some people pouting because it holds up the mirror to their cowardice, so we.. don't? Nah. This is the only way worms can get power, by giants lying down and falling asleep. So maybe just don't.


Is there anyway for us outside the US to stop the US government from spying on our comms, when we message people inside the US?


Warrantless? Thats really splitting hairs. Warrants arent a problem for national governments. The goal must remain protection against all surveillance ... full stop. There is no room for backdoors, even for those with warrants.



[flagged]


We detached this flagged subthread from https://news.ycombinator.com/item?id=13404667.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: