It's obvious he's not really taking this seriously. These are empty promises with only one goal, and that's restoring the public's trust without hampering the NSA's abilities too much (if at all).
EDIT: After having very quickly skimmed the PPD, here's something interesting:
The collection of foreign private commercial information
or trade secrets is authorized only to protect the
national security of the United States or its partners
an
d allies. It is not an authorized foreign intelligence
or counterintelligence purpose to collect such
information to afford a competitive advantage to U.S.
companies and U.S. business sectors commercially.
Bascially what they're saying is that, in the name of security, we can do whatever the fuck we want. Good luck trying to stop an agency operating in total secrecy from abusing these powers.
Not really. He is addressing the concerns of the majority of people, not the .00001% of America that comprises HN, where the only acceptable speech would be that the NSA is being shut down tomorrow.
Well, that's being a little flippant. I think there's plenty that could be done to improve the situation. Mainly, we need to be able to discuss whether 50,000 contractors should have full search access to all these records that are too secret to discuss with congress.
1) Congressional oversight, even if it's a special committee. NSA can't be completely outside of elected governance. There should be NO level of access that is "too classified" for this committee. If "super access" like that needs to exist in some fashion it should NOT be under the jurisdiction of the NSA. As it stands, that excuse is a loophole that undermines the concept of oversight and the NSA is way too big of an organization to have that power. Just moving "super secret" stuff to a smaller, more concentrated organization would improve things immensely.
2) Clear and open communication over access rights. The structure of which roles have what access should not be considered a secret. If this somehow weakens our security, so be it - that's the price of democracy.
3) Better access control. From what has been leaked, it's clear the NSA is putting a lot of value in security through obscurity. As we all know, this isn't a great approach. At the same time, contractors are given access to actually get stuff done. The terms of access, tracking of usage, etc. need to be discussed in a more open way because right now that's the biggest problem of the NSA.
50,000 contractors may have clearances, but they don't all have access to those records. Remember, the whole point of Snowden going in with sysadmin access, and then stealing credentials and otherwise impersonating 20 other people, is precisely because the stuff Snowden wanted to leak was so compartmentalized.
Your 1) has already happened, AFAIK. Perhaps we need to have different (i.e. more active and intrusive) Congressmen on the subcommittee so that they don't act so shocked when details come out, but that's a different issue.
Another key note is that unlike almost every other subcommittee, these Congressional overseers don't get the ability for political patronage out of what they do. The Chairman of the House Armed Services Committee, for instance, can be greatly influential in drawing massive DoD dollars to their district, but there's not much the Intelligence committees can do in the same vein, aside from random data centers perhaps.
Even then, I know there was a determination by Sen. Feinstein earlier that EO 12333 collection was not in their oversight bailiwick. That wasn't NSA refusing to discuss it, it was the subcommittee deciding it was out of their jurisdiction.
There are many Federal agencies and groups that do monitor EO 12333 (though it is certainly unclear what type of oversight they are providing across the totality of programs).
Beyond all that, I do agree that nothing going on within NSA should be out-of-scope for oversight (including Congressional oversight, if it comes to it). From the nuclear propulsion perspective, we had routine audits of essentially every major program, institutionalized. I don't know how the Congressional subcommittees do their business but it would be a good idea to institute the same there, and also ensure that NSA/IC staff (contractors too) can always feel comfortable coming to a staffer from that Congressional subcommittee with details of abuses.
I'd give the NSA some credit on security through obscurity because you're talking about intelligence programs, not computer code or algorithms. A rule of thumb from crypto research does not necessarily directly apply to anything with the word "communications" in it. ;)
In fact the only real problem I see in 3) is that (assuming you're talking about public discussion) the people who most need to care (the American public) are going to have their eyes glaze over immediately, the people who might actually be able to craft countermeasures would be intensely interested, and it wouldn't even prevent government abuse; how easy is it to craft a good system of access controls for public approval but then add workarounds as needed in practice?
how about nothing to access? give these cretins an inch, and next week you'll wake up in a police state. Crazy? No, just tired of seeing this stuff waved away.
I can't believe this got down-voted. This is absolutely true. To the extent that Americans have a problem with what the NSA is doing, it's with the fact that NSA's collection of phone records doesn't try hard enough to filter out information from Americans. Their opposition to this does not mean they embrace the leftist/globalist ideas that are so common on HN (e.g. foreigners should have the same rights as Americans!)
If the reform is actually just:
1) We stop spying on prominent politicians in heavily allied countries; and
2) We shut down the mass collection of call records and implement a new system that only does mass collection of international calls and traffic;
That would make the vast majority of people perfectly happy.
I think you overestimate the requirements of most Americans.
Most of them just want to hear "I will fix this" and "we won't spy on YOU". Many could care less if you spy on the other guys, let alone other world leaders.
I'm not talking about the people who really don't care, I'm talking about the (broad) subset of Americans that care about the issue and oppose the NSA's current activities. My point is even within that group, the meat of the opposition is to those specific issues, not the fundamental mission of the NSA.
The gp certainly deserved downvoting. It was more or less Nixonian "silent majority" propaganda with no substance behind it.
In any given scandal that's not of truly titanic proportions, "addressing the concerns of the majority of people" inherently is papering-over any problems without addressing them - since the majority is going to be concerned with other stuff and no have that much of an opinion.
And your claims of the reactionary-ness of the majority hasn't been born-out by polls. The majority may indeed be satisfiable by simple thing but the rhetoric of that is not so much democratic as demagogic.
I'd say the difference in view between subject matter experts and others has a number of causes. Some are pure ignorance: for example, most people do not know how tenuous the security of the Internet already is, and thus how harmful it is to try to actively subvert it. But those can only really be part of the story; security protocols seemingly haven't been affected all that much in practice (c.f. Dual EC's brokenness in OpenSSL), and the core question of whether it is acceptable to spy on private communications doesn't really depend on technical details (indeed, there was plenty of anger over just spying on plain-old-telephone-service records, which most of the people here don't know those details about). So I would also nominate...
- More technically inclined people have more (for some, I'd say an order of magnitude more, however you want to define that) of their life online, so they (a) have more data online and thus more to lose, and (b) tend to care much more about anything which affects their activities, since it is more important to them.
- Having a connection, direct or broad, with the technologies and the people responsible for securing things can make their subversion feel more violating; so can knowing that many things (email, Google's backend) could have been secured better but weren't, partially due to a false belief that the US Internet didn't need to be treated as an adversary.
- Connections in the "tech community" causing a bandwagon effect in topics that spread well beyond technology itself. In the context of one forum, such as this one, this is quite clear (the political norm here is very far from the mainstream in areas that have nothing to do with tech); less so the more broadly you define the community, but I think there is some group bias to be found even if you include every programmer in the US.
Don't have the transcript but to paraphrase the bit about NSA reform it was basically "We can set up a shell operation to do all the dirty work, we can't guarantee that it won't be even dirtier and less under congressional control, but we can definitely do that if you want us to"
Does that mean we can sue the company and the individuals involved, for tresspassing and vandalizing equipment to enable sigint for internal corporate data? Will they be subject to the Computer Fraud and Abuse Act the same as everyone else? Can we catch and prosecute individuals participating in operations that involve crimes (vandalism/b&e/sabotage) by enabling sigint on corporations' servers and networking equipment? And if such individuals are armed during an occasional physical incursion into corporate infrastructure, can they be shot in self defense?
More fundamentally, let's follow the money.
Who is going to fund this corporation? If they take money from the USG, money which is then paid to corporations to persuade those corporations to give up personal data or allow network taps and collocated spying equipment, that is no different from the current situation.
I think people forgot that the original reason there was a FISC order to turn over the phone records was because the telecom companies had already been doing it, and were quite happy to cooperate.
But they felt there would be recrimination if the fact that it was voluntary on their part came out and so requested to be ordered to do so (if that makes sense).
But you're right, at best there will be a third-party private company setup to hold the records and act as an "independent" review of the request, since none of the telecoms want to maintain the records themselves, since now that it's public it would risk discovery motions in every random case until the end of time.
And now that we would have an "independent" third party watching the NSA, who watches the watchers? At least NSA analysts are trained from Day 0 about the Constitution, USSID 18, FISA, etc. Who monitors the shell company to verify that they're not doing evil things with the database? Perhaps we could have FBI constantly monitor their comms and at least spread the risk around.
" At least NSA analysts are trained from Day 0 about the Constitution, USSID 18, FISA, etc." And we all know how well that worked out. What's your point? The NSA is currently not doing it's job.
> And we all know how well that worked out. What's your point? The NSA is currently not doing it's job.
AFAICT the NSA analysts have been operating under the assumption that they are following the law as written and interpreted by the Courts (Supreme and FISC), and handling incidental abuses that they discover via the same types of procedures (albeit more strict) used in other branches of government.
The fact that the lawyers and courts happen to disagree on your personal interpretation of the law and Constitution doesn't mean they weren't trying to follow it.
And however bad their actions are, there's no telling how bad it will get when you introduce profit motive.
> Basically what they're saying is that, in the name of security, we can do whatever the fuck we want.
That's not an accurate paraphrasing. Of course when it comes to "foreign private commercial information or trade secrets" it is the sovereign right of the U.S. to "do whatever the fuck we want." The paraphrased language actually makes a concession: we will only use this information for security purposes as opposed to commercial purposes.
> we will only use this information for security purposes as opposed to commercial purposes.
They obviously wouldn't lie, would they? And I guess abuse also never happens.
I thought the point of this was to implement mechanisms that would make occurrence of abuse less likely, instead they're just trying to calm people down.
The only lie would be if they said they were going to stop monitoring foreign Internet comms completely.
Beyond that, if you're assuming the government will lie as a matter of course then it doesn't matter what Obama said in his speech, as there's nothing he could have said to conclusively guarantee anything you'd want.
I think granting "do whatever we want to citizens of other countries when they are in their home country" as a part of sovereignty is bizarre. We are not sovereign over that territory.
Sovereignty means total freedom of action except perhaps what you bargain away. And even then, in the absence of some higher jurisdiction to enforce them, agreements between sovereigns are only binding out of politeness and convenience.
In other words, to say that the U.S. can't say tap international fiber cables and record all French traffic, you must be able to point to a treaty where we agree not to do that. And even then, since nobody can enforce that treaty against us, we follow it only to the extent we find it convenient. Sovereign nations exist amongst themselves in a state of nature, and those are the rules of nature.
> total freedom of action except perhaps what you bargain away.
Sovereignty and the lack of some treaty preventing some behavior X does nothing to prevent other sovereigns from becoming angry and or retaliating in kind. Doing something 'because we can' does not make it wise.
Sure, the other sovereigns are welcome to retaliate, mope, etc. But there is a huge difference between "should not" and "can not." It's also fundamental that "should" is determined by democratic process, while "can" may be subject to legal constraints that override democracy.
But we were discussing "should not". If all sovereignty means is, effectively, "you can do whatever you can get away with" then "it's our sovereign right" conveys no moral force. We can and should curtail our "sovereign rights" and everyone else's whenever it aligns sufficiently with our interests and ideals.
You could say that the US government can do whatever with the data of citizens of other countries that flows through US networks, but that still wouldn't justify the NSA tapping on foreign-only networks on grounds of do-whatever-we-want sovereignity, would it?
What upset me most about his speech is him conflating the issues of protection against terrorists and protection against cyber-attacks, implying that they are basically the same, and that the NSA is just as useful for both.
I won't discuss the fact that 12 years of surveillance have led to no results on stopping any terrorist plots, as the NSA has already admitted, but the NSA has actually made cyberattacks more likely because they are undermining the security of everything, including US infrastructure.
As Schneier says, it's not a question of whether we allow the NSA to spy on everyone or not. It's a question of whether we allow every attacker to spy or attack our networks - or we try to make everything more secure by default.
So when president Obama implies that NSA should keep hoarding their vulnerabilities into systems, he's choosing the former, rather than the latter. He's making cyberattacks more likely, not less. The way you defend against cyberattacks is by increasing security, not by increasing your offense capabilities.
If they really cared about the security of US infrastructure, they'd divulge the vulnerabilities they found or bought from the black market that exploit the security of these systems, so those systems can be fixed, and no one else can exploit them with these exploits. Instead they keep them for themselves so they can exploit them. That's not just wrong. It's incredibly dangerous and reckless, especially from an agency that supposedly wants to "protect us".
And you seem to be conflating dragnet surveillance with intelligence/counter-intelligence programs. Obama stated in this speech that the purpose of this type of surveillance isn't to spy on potentially hostile nations, but to spy on individuals or small networks of individuals. Torture is another great way of ousting terrorist plots which other nations incorporate into their intelligence gathering process. We choose not to do this because it is unethical and has too much potential for abuse. I see no reason to think that this same logic shouldn't be applied to the dragnet surveillance of the entire planet.
They should certainly separate the US Cyber Command from the NSA. That caused a lot of the current problems. It's also what Obama's own NSA review panel recommended. Putting a big wall between the two should ensure that the powers aren't abused as much, and that the exploits are used only in most important cases, and only outside of US (NSA is still not supposed to attack US citizens, right?!).
I don't know why Obama didn't take the recommendation, but as someone in the military I can tell you it's probably because the downsides outweigh the gains.
From the perspective of civil liberties NSA is the threat because of its extensive capabilities.
But it is exactly that suite of capabilities that makes it useful for USCYBERCOM. You wouldn't expect to see USSTRATCOM without its collection of silos, bombers, and SSBNs, would you?
Splitting up CYBERCOM and NSA would leave the capabilities substantially still in the hands of NSA, so they'd still need to coordinate often (but now it would be much more difficult, reducing military readiness for CYBERCOM). But it wouldn't eliminate the threat to civil liberties from NSA (since those come substantially from the NSA's capabilities).
If you instead give CYBERCOM equivalent capability to NSA (at great expense, mind you), you'd simply have two large octopi that are civil liberties risks, instead of one. And only one of those would be substantially overseen by FISC and Congress, since the President would have direct military control over CYBERCOM's actions. Does this sound better?
Leaving CYBERCOM dependent on NSA for its ability to conduct overseas cyberattack actually makes it easier to ensure civil liberties oversight is implemented and performed, and that NSA can't evade those oversight controls by pawning off an illegal search on their friendly neighborhood CYBERCOM with equivalent (or better) cyber capability.
NSA overall has certainly been successful in stopping attacks.
The major question was the effectiveness of 215 phone metadata surveillance in particular, which is the thing that was hotly debated. But even leaving out 215 metadata there were still about least a dozen plots with actual planning/action taken for them and probably 35-ish more that were detected and either stopped before they reached that point, or verified to have trailed off on their own.
The President is still speaking so I don't know what he is going to announce, but as an american, I don't like the concept of citizens and non-citizens being treated differently when it comes to their rights. The distinction is difficult to make anyway, but the declaration of independence says "We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights..." and does not make a distinction - I don't think we should be able to spy on someone in another country without a warrant any more than we can spy on citizen.
While that's a nice sentiment in principle, it falls apart in fairly obvious ways. Do we enforce our laws on citizens of other nations? When other governments act in ways inconsistent with our constitution, do you think we should use our military to force them to do otherwise (as we have done with our own states)? Of course not.
Our government's first responsibility is to the security and liberties of its citizens and (legal[1]) residents. As much as possible, I'd want it to protect those in ways that also help the security and liberties of those in other parts of the world, but those are not equal obligations.
In any case, being spied on by a foreign country is considerably less bad than being spied on by your own. In the wet dreams of conspiracy theorists, our government spies on its citizens to discover their political views, and then imprisons those with views it doesn't like. There's no equivalent evil that France's government could pull off.
[1] In my view, "legal" shouldn't need to be there, but that's not very realistic.
> In any case, being spied on by a foreign country is considerably less bad than being spied on by your own. In the wet dreams of conspiracy theorists, our government spies on its citizens to discover their political views, and then imprisons those with views it doesn't like. There's no equivalent evil that France's government could pull off.
Arresting you when you have to enter France for business or personal reasons is one possibility.
EDIT: If France has some agents in your country there's a lot of evil they could pull off even without you leaving the country.
I really don't agree that that's equivalent, but I understand your point. Certainly if the power balance were different, it might be a legitimate fear. (If the french government gave me problems, it would be pretty easy for me to find protection from my own government. Wouldn't be so easy if I was in Pakistan, looking for protection from the US, I suppose.)
I do agree we should refrain from mass surveillance on non-US citizens, but I don't think that achieving that is realistic at this juncture. The intelligence community is in excited-puppy mode about all the cool things they can do with the internet[1], and it'll be a bit before they and their elected overlords figure out what's useful, what's not, and how surveillance can be better performed without playing godzilla to the city of rights.
For now, what I think is reasonable is a more straightforward, open disclosure of what and how the NSA monitors.
And now I need to stop commenting on this article until I've actually read the proposed reform in its entirety. (And you all should too. Hah.)
[1] Calling it an "insurance policy", really? "We've never had to use it, but it's too cool to give up."
In my view, the "right" policy is that we will respect the rights of all people, but not guarantee that we will protect the rights of anyone but our own.
For the purposes of NSA surveillance, the U.S. is like the rest of the world; if you are legally inside the U.S., Fourth Amendment protections apply without regard to citizenship.
If you've so much as ever applied for a green card, you are now a "U.S. person" as far as NSA is concerned.
U.S. treatment of non-citizens outside of the U.S. is different in some (not all) ways, that much is true. But other countries take that tack as well. E.g. even privacy-friendly Germany allows their foreign intel agency, BND, to spy on the communications of non-Germans.
One of the biggest problems with this view though is intelligence sharing policies among nations. Even if the US can't spy on American, but the French can, you still have the possibility that some politically connected multinational organization can get information about American political adversaries through their French intelligence connections.
The declaration of independence isn't a legal document. Treating it as such results in facial contradiction, because the Constitution embraces the idea that black slaves are not in fact equal. It's generally a good idea to just ignore the declaration of independence as what it is: idealistic rhetoric.
In any case, it's not a distinction between citizens and non-citizens, but the territorial scope of the Constitution. Just as the Constitution can't create obligations that apply to say the French in France, it can't create rights that apply to them.
And then the Constitution begins with "We the People of the United States..." While the Declaration of Independence is a nice little document about why you should be able to blow up someone else, the Constitution is the one that really matters.
You are entitled to your opinion and I do not entirely disagree. However, I do believe that the US should not be the only powerful nation that does not engage in foreign spying. That puts us at a disadvantage in today's world.
Other countries are spying on the US and the US is spying on other countries - that's the state of things right now. Let's not pretend the US is doing something other nations are not.
There is a difference between targeting spying and collecting data indiscriminately just because it happens to be routed through a server within US jurisdiction.
It's not a question of rights. Every country engages in foreign espionage and treats foreign espionage as a different category of activity from domestic espionage.
Things are slightly different when you're spying on private citizens rather than just foreign governments, but then again the whole point of terrorism is that it involves private citizens instead of governments.
Thirty years ago, the US didn't spy on the Kremlin because people working in the Kremlin had fewer rights than your local plumber, the US spied on the Kremlin because they had a legitimate strategic interest in knowing what was happening in the Kremlin. But the government has no legitimate interest listening to me talk to my wife on the phone. It just so happens that foreign vs. domestic is an easy dividing line between cases where the government could conceivably have a legitimate interest in spying on people and cases where they almost certainly do not.
Obviously they can technically, just like the Army could in theory shoot private citizens.
The NSA has claimed throughout that this is not what they're trying to do. Even their "untargeted" programs (when they can get authority to intercept data without a selector, such as overseas) are not to be used willy-nilly, and even their untargeted programs still seems to involve selectiveness from what I can tell.
E.g. the "200 million SMS messages per day" story from the other day represents ~3.3% of SMS traffic, despite not having selectors attached to that data interception.
Now I don't know that literally every program they have is never being used against private citizens. I would agree strongly with you that they should not be.
But the Internet is packet-switched, not virtual circuits, which means you can't simply install one tap for one IP address. The data needs to be seen before the event, not after it. Sometimes it's not possible to do the right filtering at the selection point itself (I would imagine this is the case with SMS), so you have to do the big data equivalent of map/reduce, and grab everything, collate it, and then filter it to see what comes up.
The problem is that it's a hard problem, with long-standing recriminations when they get it wrong (such as with the 2009 underwear bomber in the USA, who NSA had got shit on for missing completely; it was only luck that his mission hadn't succeeded).
"When a stranger resides with you in your land, you shall not wrong him. The stranger who resides with you shall be to you as one of your citizens; you shall love him as yourself, for you were strangers in the land of Egypt; I the Lord am your God." (Parasha Vayikra (Leviticus) 19:33-34)
Rather than relying on a religious text we can reference rulings, like Boumediene v. Bush[1] and and the US constitution. This article by Greenwald[2] neatly examines the whether constitution protections apply to foreigners.
The cliche cynicism is contradicted by the fact that these rulings led to dozens of trials of Guantanamo detainees, and most detainees have either been released or given trials. The remainder of detainees are a minority that are politically intractable to deal with, but their treatment doesn't clearly contradict the Supreme Court's Guantanamo cases.
Whether or not they are "hard to deal with" is not basis for denying one a writ of habeas corpus. Should we not let a court decide, rather than the executive branch arbitrarily denying these rights?
Taking the fact that there are still people in Guantanamo being denied their rights after a court determined that they should be granted a trial into consideration clearly demonstrates that just because such court decisions have been made does not mean the executive will respect them.
Certainly this means that my cynicism is justified, albeit cliche.
Non citizens living and visiting the US have the same protections as US citizens. US citizens only get special protection when outside of the country; the NSA still isn't really supposed to spy on them then, though technically and legally they probably could.
Technically they obviously could, legally the Fourth Amendment does apply, but for that case the FISC is used to obtain warrants if needed, instead of the normal law enforcement warrant pipeline.
The larger concern is probably simply that as long as any party to a communication is a non-U.S. person outside the U.S., that communication is fair game for the NSA under EO 12333 authority alone.
Legally the Fourth Amendment probably does not apply.
Constitutional protections are provided only within US jurisdiction. If you are a US citizen outside of US jurisdiction, then the government isn't required to extend those protections to you.
The lack of spying on US citizens outside of US borders is more of a courtesy - the government doesn't yet consider it worth rolling the Supreme Court dice.
Thanks for making me double check, seems you're right.
The most restrictive requirement seen in courts appears to be a "reasonableness" requirement judging by the totality of the circumstances involved: http://www.volokh.com/posts/1227548515.shtml
This concept is international and it is not new. It's really puzzling why Obama is specifically singled out for criticism about this general principle.
I don't intend to single him out - I had the same concern when Bush was president, and one of the biggest and most selfish reason I have this opinion is because I don't want other countries to spy on my any more than I want my own to spy on me. I direct this criticism at my government, not the President. And I think this should apply to lots of things, not just surveillance.
It's almost as if you only heard the end of the speech - and the parts of the speech you wanted to hear. Whether you think the proposed reforms are enough is up to you, but they certainly extend beyond "think about alternatives".
> The collection of foreign private commercial information or trade secrets is authorized only to protect the
> national security of the United States or its partners and allies. It is not an authorized foreign intelligence
> or counterintelligence purpose to collect such information to afford a competitive advantage
can you tell me where the change is? The document reads more of a "hey trust me, we're really the good guys"
EDIT: since i can't reply. it's all about thinking and discussing if dissemination and retention makes sense. and reducing people that have access to it. and we may put a special person in charge to take care of these things. but that doesn't mean at&t will suddenly stop feeding data into nsa data centers.
"As nightfall does not come all at once, neither does oppression. In both instances, there is a twilight when everything remains seemingly unchanged. And it is in such twilight that we all must be most aware of change in the air – however slight – lest we become unwitting victims of the darkness."
William O. Douglas, Supreme Court Justice 1939-1975
"Only an alert and knowledgeable citizenry can compel the proper meshing of the huge industrial and military machinery of defense with our peaceful methods and goals, so that security and liberty may prosper together."
It will be extended, of course -- it's a cornerstone of our security establishment at this point. The more realistic thing is to hope for good amendments.
"Regardless of how we got there though the task before us now is greater then simply repariing the damage done to our operations or preventing more disclosures from taking place in the future. Instead we have to make some important decisions about how to protect ourselves and sustain our leadership in the world while upholding our civil liberties and privacy protections our constitution requires."
Regardless of how we got here?
It’s Martin Luther King day on Monday. A day named after the person that got us as a country to make ‘important decisions’ about how to ‘sustain our leadership in the world’ and ‘uphold our civil liberties’.
Mr. President we don’t disregard the individuals that make us examine our weaknesses in order to make our country better, we embrace them as heroes, even if that self reflection is uncomfortable and difficult at the time.
Like most of you here I'm skeptical and disappointed, but what I'm most sick of is their campaign to paint Snowden as a traitor and enemy of the people. An enemy of the government (especially one this corrupt and over-reaching) is not always an enemy of the people, and I hope history remembers Snowden as the brave individual who shone a light on this travesty and forced them into this discussion.
He may not be the "enemy of the people", but is his the enemy of the government. Being for the people doesn't always make you right either, Robespierre believed strong in the Revolution but he and his fellow Jacobins of The Mountain were responsible for the "Reign of Terror" intended to root out counter-revolutionary sentiment "for the good of the people". As only one example, a woman was guillotined for exclaiming "a fig to the nation!".
So let's not pretend that being for the people automatically makes all of your subsequent actions right or moral.
On the other hand, the USG is the one entity chartered by "We the People of the United States", which makes me always at least initially suspicious of people whose plan is to hurt the government (which must almost invariably hurt the people, as long as the government stands).
But independent of whether Snowden is fighting the people or the government, the bigger question is whether his actions have hurt the people. In many cases they have.
Leaking details of NSA attacks on Chinese networks doesn't help the American people. Nor does leaking details about "targeted access operations" (which, since they must be targeted, cannot be used for mass surveillance essentially by definition).
I could go on and on, but the point is simply that Snowden has indeed thrown a few bones with civil liberty implications. But that's not all that he has leaked, and given that he claimed from the beginning that he was very careful in what he selected, it is proper to hold him accountable for his actions, insofar as they do end up being against the American people.
Let me give a facetious answer: Is terrorism the only thing that can harm the American people in the international world?
NSA has a much wider remit than counter-terrorism, and for good reason.
It was not that long ago when European companies were routinely using bribery to land contracts at the expense of American companies, bribes which were sometimes detected and revealed to the world thanks to NSA. When the contract was re-competed without the bribe the American company often won, funny that...
That really was single-handedly THE most boring, uninspiring speech in his entire time in office. There was nothing of substance to it and a real sense that he's not willing to fully accept the mistakes that have been made. His general nonchalance towards issues of privacy is astounding and will go a long way towards shaping how his second term in office is recounted in history books: not good!
I'm not sure I get what he's proposing to change. It sounds like he intends to limit the length of time that data is held, stop spying on friendly foreign leaders, and appoint a few people to new oversight positions. It just sounds a bit empty.
I'm not sure exactly how its going to play out, but the move to limit bulk collection of phone data, keeping the data in the hands of the phone companies or an independent third party, and requiring a justification and approval from a court before the NSA can access the data sounds like a non trivial reform. This limits the NSA's ability to just suck up everyone's data and then determine a justification after the fact.
Asking for it to end is unrealistic. Asking for reasonable limits, and for public knowledge of the general outlines of what is being collected and how it is used, and for proper oversight by the intelligence committees, is much more achievable.
In some sense, who collects, stores, and accesses the data is important. But it seems more important to look at the culture, rules, and oversight in place. Asking anyone to design such a system is daunting.
Let's say, for the point of argument, that specific, limited, legal, accountable collection is the primary goal and we could design a new system to accomplish that. What are some of the best designs of security protocols and entity structures to protect this information? How far can you get with correct system administration policy? I suspect you need quite a bit beyond currently available tools.
> Mr. Obama started off by saying the government could not protect against terrorists and cyber threats without penetrating foreign networks — and protecting against them.
By the logic that arrives to this conclusion, the government can not protect against terrorists and cyber threats without penetrating domestic networks either.
To an approximate degree, yes, except that penetration of domestic networks would not be necessary, merely the normal legal processes from CALEA, MOUs with telecom companies, etc.
The government already does this kind of stuff, only through the FBI instead of the NSA.
You would "penetrate" a foreign network when there is no ability to expect cooperation and no ability to compel.
All of it so far is empty and pointless doublespeak. For example:
> President Obama is announcing that he wants to end the National Security Agency’s bulk call records program as it currently exists.
Why, of course, "as it currently exists" it has a lot of problems. I'm sure the current version can be "ended" and a much more insidious version can be designed.
As of the 11:47 update there is nothing of note in there.
I know he has America's best interest at heart because of all the flags. Had he just had one or two flags, I would have been skeptical. But five! And they are large ones too. Plus a lapel pin for good measure.
I wonder if we will ever have a historical perspective capable of comparing the current NSA/CIA/FBI with the likes of the Dulles brothers and J Edgar Hoover.
EDIT: After having very quickly skimmed the PPD, here's something interesting:
The collection of foreign private commercial information or trade secrets is authorized only to protect the national security of the United States or its partners an d allies. It is not an authorized foreign intelligence or counterintelligence purpose to collect such information to afford a competitive advantage to U.S. companies and U.S. business sectors commercially.
Bascially what they're saying is that, in the name of security, we can do whatever the fuck we want. Good luck trying to stop an agency operating in total secrecy from abusing these powers.