A lot of these are either politically impossible or not within the President's power to implement to begin with:
2) Protect "privacy rights" of foreigners: Foreigners don't have privacy rights under our Constitution, and by and large Americans don't have a problem with the NSA spying on foreigners. Indeed, that's the purpose of the NSA.
5) Stop undermining internet security: what does this even mean? Should the NSA stop figuring out how to break encryption? Stop inserting backdoors into equipment sold to China? Again, that's the purpose of the NSA.
7) Reject the third party doctrine: the third party doctrine is a legal doctrine; the President cannot reject it, only the Supreme Court.
It's a mistake to believe that just because many Americans are upset with the NSA over recent revelations, that they embrace the leftist/globalist sentiments that are common in the tech community with regards to the NSA. To the extent the public opposes the NSA programs, they oppose mass-collection of call data from Americans. That's it.
There's a widely held belief that the way NSA stockpiles exploits harms Internet security. One plausible way that could be true is if NSA sources exploits from researchers who would otherwise sell them to places that would disclose them to vendors, which NSA won't do.
And, obviously, there's the widely held (and very plausible) belief that NSA backdoored random number generator standards. Those backdoors probably aren't currently doing much harm to the Internet, because they aren't in use on systems whose random numbers we (a) care much about and (b) are exposed 32 bytes at a time. But still, it's reasonable to expect NSA to stop doing that kind of thing.
I don't think those sorts of reforms are unreasonable, and go to the general issue of cabining the scope of the NSA to foreign instead of domestic surveillance. However, I think they're probably too esoteric for a political solution. I'd imagine this is just something the standards bodies will have to deal with.
The NSA's foreign activity is very much a part of the problem. American interests are damaged for the forseeable future because of revelations about their corruption of the internet, of hardware shipped overseas, of cable traffic, and on and on.
That kind of thinking is the product of availability bias: you think about NSA's foreign activity, because it's been leaked en masse. But it would be incredibly naive to think that major European countries --- not just the UK, but particularly France and Germany --- haven't been doing the exact same things for years. When we get to talking about "foreign intelligence", we are talking about pure SIGINT, of the sort that has been practiced since before the computer era --- in fact, the sort of SIGINT that presaged and motivated the computer era to begin with.
Really? Can anyone argue that what the NSA is doing resembles anything that ever went before? Using (subverting) the entire power of the internet and its major commercial inventors/backbone to capture petabytes of personal data on everyone everywhere?
Since our European friends have lesser resources, I cannot imagine they have done/would even conceive of doing anything so cold-blooded as our NSA has done. Which internet authorities are centered in Germany? Any?
In fact, I imagine a new Internet rule will have to be created, where invoking the NSA as hyperbole ends a thread in much the same way as NAZIs or Hitler do now.
One could argue that if one wanted to move the goalposts back to pretend that one was arguing with a point that nobody disagrees with. My understanding is that you were talking about foreign signals intelligence, and that was what I was commenting on.
Worse yet, the NSA creates exploits of their own. Its not comforting to think you machine was invaded through a backdoor that was meant for the NSA's own use - breached is breached.
Essentially the NSA has been working against the interests of all of the rest of us in a measurable, negative way for years. Weighing that against the admittedly negligible positive results achieved, the NSA becomes little better than a massively-funded exploit-creator who, by the way, we all pay our own money to fund.
Actually, NSA creating exploits of their own is much better for the security of the Internet, because it doesn't capture resources that could have been directed at improving software. I'm fine with an NSA that competes with the commercial software industry over software security.
NSA finding exploits is good. NSA keeping those exploits secret, for use as tools, is probably good; NSA disclosing those exploits to vendors and getting them fixed may or may not be better. NSA convincing vendors to insert bugs (or features) that can be exploited is bad. I don't know a whole lot about how much they do each of these.
I agree, but try to keep the terminology clear. The things you're saying are bad aren't "exploits"; they're "implants". There are modes of implanting code that I think are clearly bad, but even more modes where I think "well, that's SIGINT for you."
Sure, I'll readily accept a preference for the term "implants". I just wanted to state things (what I hope was) clearly lest people talk past each other.
I'd agree if we shared our knowledge with the NSA. But they keep it secret, in fact threaten to put a bag over your head and send you to Guantanamo if you tell anyone.
So what could be a healthy tension becomes a rigged game, with the NSA busting heads and breaking things all over the place.
Curious - what can it mean for the NSA not to be capturing resources? Surely they use competent engineers to do what they do - who could have been directed at improving software instead of subverting it?
Once again: it's fine if NSA is discovering exploits, as long as they aren't also paying off commercial researchers not to disclose flaws to vendors. A private NSA exploit development capability merely puts them in competition with commercial industry, and industry has the upper hand, because they can actually fix whole bug classes all at once, and NSA has to find them piecemeal.
I guess I didn't understand the previous then. The NSA isn't just discovering exploits, they are an exploit factory. They develop chips and hardware, coerce internet backbone corporations to create exploits, generally have broken the whole game. While we were arguing about cookies, they were recording the whole conversation, breaking the encryption, reducing privacy worldwide to a sham.
Competition implies some sort of level ground. But they gag the communications suppliers as they subvert the networks. If not for a whistle-blower this could have continued undetected for decades.
I wish I were some sort of conspiracy-theorist spouting hyperbole. I know this sounds like one.
I'm reading "exploit", "chips", "hardware", "backbone", "cookies", and "encryption", but not seeing a coherent argument or evidence that we mean the same things when we use these words. NSA is not getting "backbone corporations" to create "exploits".
I guess I'm not qualified to speak on this subject, I can't say anything without sounding like a newb. The NSA requires Google, wireless operators, everybody who has or transmits data, to hand it over assembly-line fashion and that's not an 'exploit'. But if I managed to do that, it would be.
So the NSA doesn't get labeled as a rogue hacker or exploit-creator because, well, because of semantics.
2) The constitution does not directly state that foreigners have rights. That does not mean the President cannot state that he views foreigners as having rights X, Y, and Z, and that he is directing the forces and agencies under his command to respect them.
5) It most especially means "stop pushing the use of compromised encryption standards". If there is a weakness for the good guys to exploit, the bad guys will find it as well - it is better that we strive to be secure. Attempting to break encryption standards the world has come to through legitimate processes is an entirely different thing, and totally compatible with that striving to be secure. Backdoors into equipment sold internationally are less of an issue - and the more targeted, the less of an issue - I'm not sure what the right call is there, once we're generally respecting point 2.
7) The president can state that he doesn't believe it is appropriate (bully pulpit...), and can instruct the Justice Department not to rely on it. He could also ask for legislation that closes the loophole explicitly - we already do that for HIPAA.
I'm not saying any of these are politically expedient (though I would prefer the political environment to be such that it is) or likely, but "the President can't do this" is wrong, and "it is not politically expedient" is reason not excuse.
I said: "either politically impossible or not within the President's power." Recognizing foreigners as having "rights" that constrain the security-related operations of the NSA would be a political non-starter.
Re: "stop pushing the use of compromised encryption standards" is a lot narrower than "stop undermining internet security." Politically, the former might be possible, but the latter certainly wouldn't be, at least to the extent they involve breaking encryption standards and the like.
Finally, while the President could theoretically instruct the Justice department not to rely on the doctrine, he can't "reject it" as the law of the land. He also can't, practically, tell the DOJ not to rely on it. U.S. v. Miller is the underpinning of a huge portion of white-collar and antitrust enforcement activity.
'I said: "either politically impossible or not within the President's power."'
Yes, and I'm not sure I disagree with that statement. My responses weren't directed to that statement, but to the more specific enumerated critiques. In any event, "X is seen as politically impossible" shouldn't become "never ask for X", or X will never be seen as politically possible because no one is asking for it.
'Recognizing foreigners as having "rights" that constrain the security-related operations of the NSA would be a political non-starter.'
I think that's something we should fix (and I think doing so would be in our long-term interest on several fronts, including security). We start by stating that it's something we want.
Re internet security: Breaking encryption standards, and then recommending that it's time to move to new standards when the breaks become sufficiently significant, is not undermining internet security - it is furthering internet security.
'Finally, while the President could theoretically instruct the Justice department not to rely on the doctrine, he can't "reject it" as the law of the land.'
"Rejecting" a law doesn't have a precise legal meaning that I'm aware of. The call is for him to 1) say that it's bad, and 2) to take steps to curtail it.
"He also can't, practically, tell the DOJ not to rely on it. U.S. v. Miller is the underpinning of a huge portion of white-collar and antitrust enforcement activity."
So call for legislation that restricts it without overly restricting it (granting that the costs of going all the way would exceed the benefit), or find some other means of enabling that enforcement.
The President with one executive order can tell the NSA / FBI that no American can have data or metadata gathered without a specific, individual warrant. That is well within his power under the US Constitution. Some would say it is his duty to do just that under the Constitution.
Installing backdoors in private equipment might be the first modern case for a 3rd Amendment challenge.
2) Protect "privacy rights" of foreigners: Foreigners don't have privacy rights under our Constitution, and by and large Americans don't have a problem with the NSA spying on foreigners. Indeed, that's the purpose of the NSA.
5) Stop undermining internet security: what does this even mean? Should the NSA stop figuring out how to break encryption? Stop inserting backdoors into equipment sold to China? Again, that's the purpose of the NSA.
7) Reject the third party doctrine: the third party doctrine is a legal doctrine; the President cannot reject it, only the Supreme Court.
It's a mistake to believe that just because many Americans are upset with the NSA over recent revelations, that they embrace the leftist/globalist sentiments that are common in the tech community with regards to the NSA. To the extent the public opposes the NSA programs, they oppose mass-collection of call data from Americans. That's it.