Hacker News new | past | comments | ask | show | jobs | submit login
Facebook, Microsoft, Apple Make Year-End Lobbying Push to Curb NSA Spying (bloomberg.com)
138 points by jacquesm on Nov 16, 2014 | hide | past | favorite | 99 comments



Since when do these companies get such a big say in our Democracy? Since when is "Facebook, Microsoft, Apple Make Year-End Lobbying Push to Curb NSA Spying" a headline and not "American people rally the vote to stop sweeping surveillance"?

Personally, I think it's mostly a show to bolster consumer confidence (rant purposefully left out). But let's say it's not. Why should a handful of private individuals be more important for the direction of legislature than democratic consensus AND what's written into law by the Constitution.

A fluffy feel good piece about how the elite are on your side. Bullshit through and through.

I'm not upset that (publicly) these corporations are against surveillance, I'm upset that it matters.

Yes we live in a Representative Democratic Republic. But I don't remember voting for the board of directors.


>A fluffy feel good piece about how the elite are on your side. Bullshit through and through.

These guys aren't the elite. The elite are from a different generation, and different industries. This is part of their play to replace them with the new generations.

And this is the US system "functioning as intended", btw.

> Yes we live in a Representative Democratic Republic. But I don't remember voting for the board of directors.

You don't have to vote for the board, the supreme court and constitution ensures the elite is always to have more say than you.

The US government was structured specifically to contain the power of the propertyless majority against the new propertied elite. You couldn't even vote if you weren't a property holder until at least 1850.

The founding fathers didn't like the UK aristocracy because it was hereditary and corrupt, but they certainly wanted to protect and grow that they and other minority "gentlemen" had collected.

There was a swing to more populist influence for the past century, but now with bipartisan distrust at a high, the Citizens United decision, and the very slow uptake of issues like Lessig's Mayday PAC, we are decades away from having any substantive progress on this. I'd underscore: by design. Give the power to the people, but not so much that the elite aren't first among equals.

(EDIT: clarity)


I would add here that the current compression of wealth into top tiers has exacerbated the situation. The top 1% currently own approximately 70% of assets in America (Piketty); the Walton family's brood will be inheriting wealth that amounts to the combined holdings of the bottom three quarters of black households.

The steeper the gini curve (or better metric), the fewer families compose the elite. The last time America was squeezed this tightly we found ourselves in a Great Depression and tens of millions of people marched the streets. This resulted in a 94% tax on the rich (among other things).

We're finding ourselves there again - slowly. Our Great Recession isn't the final expression of these systematic pressures - Keynesianism can only do so much when macroeconomic failures are but a symptom of societal issues.

The other day I spoke on a bus with a very well-spoken yet disillusioned man who had internalized that no matter how hard he worked he would never be able to join the class of people around him, who were mostly amusing themselves with smart phones. He was antagonistic - a little of it misplaced toward those who had inherited rather than designed class separation - and he was agitated. He struggled to understand how the "land of the free" TM could fix him into a modern equivalent of indentured servitude and who he should be angry at that this condition was his at birth.

The point is well taken that America's roots in Jeffersonian Democracy blesses those who are fortunate enough to arise from the correct vagina or who are given a leg up or are married to such a person. In context of the past four and a half decades there are fewer and fewer blessed vaginas to be born from and more for us chumps.


Most people aren't voting, period. The U.S. just had federal elections a couple of weeks ago, and two-thirds of the country stayed home:

http://www.nytimes.com/2014/11/12/opinion/the-worst-voter-tu...

I get it. The system is broken, and there are no good choices to vote for (when a race is even contested at all), so why bother? Except that the reason why the system is broken in the first place is that no one shows up at any stage of the game.

* We don't show up in local and state elections, where the politicians are elected who draw the maps and gerrymander the congressional districts.

* We don't show up for the primaries, where the candidate who is going to win that gerrymandered district is selected.

* Then we don't show up for the general election. Admittedly, most races are a foregone conclusion by this stage, and there aren't good candidates to choose from. However, even at this stage there is always at least a "lesser of two evils". With only 35% turnout, the outcome could be flipped in even the most gerrymandered of districts if people were simply engaged and showed up.

Money drives the system, but only because the public is so disengaged, and votes for whoever has the funds to shout at us the loudest. I don't know how you break the cycle of cynicism and instill some civic responsibility in the average Joe, but there's never going to be some external savior who swoops in from the outside and magically makes things less corrupt. Is has to come from us.


> I get it. The system is broken, and there are no good choices to vote for (when a race is even contested at all), so why bother? Except that the reason why the system is broken in the first place is that no one shows up at any stage of the game.

The system is broken, but I think it's broken in a different way than what you're suggesting. It's not broken because people don't show up to vote. On the contrary, people don't show up to vote because the system is broken, and it's not just broken because there are only two relevant parties and corporations exert a lot of influence. It's broken because many people correctly calculate that the impact of their individual vote has less value than the cost of physically voting, and even less so than the cost of educating themselves about the candidates and issues.

The democracy in the US is especially broken for more specific reasons (like the two-party dominance and gerrymandering), but democracy in general is a bad way to aggregate the preferences of a large and diverse group of people.


> It's broken because many people correctly calculate that the impact of their individual vote has less value than the cost of physically voting, and even less so than the cost of educating themselves about the candidates and issues.

Agreed but that becomes an issue if everyone thinks and behaves like that. That is, if individually everyone goes through the same thought process concluding that voting is not worthwhile for them on an individual basis what happens is that no one votes. There is an inflection point below which votes do actually matter.

> democracy in general is a bad way to aggregate the preferences of a large and diverse group of people. That may be true. The question then becomes what is a better way to "aggregate the preferences of a large and diverse group of people" ? Perhaps, such an aggregation is not practically possible.


> There is an inflection point below which votes do actually matter.

Yes, that's true. In theory, as fewer people vote, the value of each vote goes up, and presumably there could be some equilibrium reached. Of course, I doubt that experiment would be allowed to complete without the government making significant fundamental changes.

But there's another closely related issue, which might explain why lots of people still vote despite my claim that it's irrational. My claim only considered the costs and benefits of the impact of a vote on the outcome of the election. But there are other benefits that many people receive from voting, namely, the feeling of doing one's civic duty (which many people are instructed to do from a young age) and the feeling of being part of rooting for a group (like a political party). The trouble with this class of benefits is that they are enjoyed by the voter whether or not the voter invests the time to research the candidates and issues (which is much more costly than the physical act of voting, but is ostensibly required according to the traditional civics class explanation of democracy). This theory predicts that voter education on the candidates and issues would be low, which is certainly the case in a few relevant polls I've seen.

> The question then becomes what is a better way to "aggregate the preferences of a large and diverse group of people" ? Perhaps, such an aggregation is not practically possible.

Plenty of suggestions are out there, but they're all obviously considered very radical in mainstream Western political philosophy. Most radical political philosophies you've heard of probably either aren't fundamentally democratic (like propertarian/market anarchism, anarcho-capitalism) or are democratic in a different sense (like direct action or direct democracy in left-libertarianism). For an alternative that is slightly less radical, though still politically unfeasible for any major government in the foreseeable future, take a look at futarchy, which combines democratic voting with (money-based) prediction markets.

http://en.wikipedia.org/wiki/Futarchy


As someone who doesn't vote, let me explain why. It's not because I'm cynical. It's because I'm fine with whoever wins. Both parties are pretty close to each other on the issues I care about. Neither party will dismantle either our military or the welfare state. Taxes are not going to fluctuate more than +/- 5%. Nobody is going to dismantle Obamacare. Abortion is here to stay, legalization of same sex marriage is inevitable, etc. And I think these are all good things and I have no pressing incentive to vote to change the status quo.

I understand that other people don't have the same views and want to see fundamental change. But I think most people really don't want fundamental change. They maybe want to move the needle a bit one way or another, but they're basically okay with how things have evolved to be.

There was a great graphic on reddit the other day showing voter preferences by party. There is little difference between peoples' priorities with the exception of the military. Everyone cares about jobs and social security. Nobody cares about the environment or infrastructure. I find it difficult to look at the US and think anything other than that it closely reflects what your typical voter wants, or at least represents the inevitable compromise between what subsets of typical voters want.


That's not really true at all, is it? Read Reihan Salam's piece in Slate about conservative objections to the ACA. The ACA didn't pass because it was close enough to conservatively acceptable to limp through as a "moderate" reform. Conservatives hate the ACA and see it as a radical reorientation of entitlement spending back to big-budget redistributive federal spending.

So Obama and Pelosi got lucky (thank god) and got a guaranteed issue health reform bill passed. That was a huge change, and it just happened a few years ago.

Bush and Hastert could have gotten lucky transforming social security into a giant subsidized IRA scheme --- which was their stated goal. The social safety net could have been radically transformed into a government block grant to New York financial firms.

Not to mention: the whole disastrous Iraq war.

I think you should probably vote.


The affordable care act barely got out of the Senate with only 60 of the 60 needed votes to stop debate. Al Franken won his election to the Senate by 317 votes.


> As someone who doesn't vote, let me explain why. It's not because I'm cynical. It's because I'm fine with whoever wins. Both parties are pretty close to each other on the issues I care about.

And don't forget that it's comically unlikely that the chance of your vote affecting the outcome of an election (especially a presidential election) is worth the difference in value to you between potential election outcomes.


That's not it. It's unlikely that my individual actions are going to destroy the environment, but I don't litter or run the water while brushing my teeth, because it's important that people as a collective not do those things. With politics, I don't vote not because I doubt that collectively we could have an impact, but because I'm quite happy with the trajectory of things as it is.


I should add that your explanation for why you don't vote doesn't seem compatible with your explanation of why you don't litter. Don't you think that if people collectively didn't vote because they are happy with any likely result, those likely results would get pretty bad? Without my addition (regarding the small chance of your vote impacting the election), it seems like you should (according to your reasoning) still do a lot of research to find the better option and then vote for it, even if the difference between options is very small, because if people collectively did no research and didn't vote, the results would presumably be bad.


I negatively affect the environment simply by existing, and routinely do so to increase my comfort level far above what is "necessary" to survive and even far above the average comfort level of humans. I also tend to refrain from littering and water wasting, and I believe that it is important for people to collectively to likewise refrain, but it is irrational to say that the former is a consequence of the latter, since I only have control over my own actions.


There are many places where some of the things you're assuming are a given - abortion remaining legal, obamacare remaining the law - are most certainly not a given. Perhaps in your county/district/state that you have a single vote influence on they are given (I assume you live in a more progressive area), but the state I grew up in recently had a close vote on making abortion completely illegal.

Yes, that would go against the US Supreme Court's Roe v Wade decision from decades ago.

No, the sponsor of the vote - nor the governor of the state - didn't mind that the legal cost in fighting a decades old SCOTUS decision would be huge. And these supporters are conservatives who are supposedly fans of smaller government... Except when more government would benefit them (also see out of control military spending).

So although perhaps your district will continue to support the items you mention, do NOT assume this is true everywhere in the US. There are concerted efforts to go backwards on many things you mentioned, so it is very important for people there to get out and vote.


Didn't the Bush vs Gore election prove this tragically wrong? Each vote counts. Outcomes _are_ different. I thought this was a hard learned lesson for our generation.

I'm not a US citizen, though.


What about Supreme Court justices? The impact of an individual appointment is only getting larger: http://www.law.harvard.edu/students/orgs/jlpp/Vol29_No3_Cala.... And when you compare the justices Bush appointed to those that Obama did, you can't claim to me that both parties are the same.

Please vote, if only to help shape SCOTUS. :)


>I don't know how you break the cycle of cynicism and instill some civic responsibility in the average Joe

You can't.

>There's never going to be some external savior who swoops in from the outside and magically makes things less corrupt

That doesn't mean people aren't going to keep clinging to that joke of a hope.

Look at Google Fiber! It's people getting excited that one huge corporation is going to save them from the other massive corporations. We read articles about how the tech giants are going to save us from the NSA (oh the hilarity of Google and Facebook being on that list). We all love Tesla because we cling to a hope Elon will save us from dealerships and "Big Auto". Lots of people buy organic in the hope it will save us from "Big Agro" and be healthier. We like reading about battery and alternative energy companies because it's gonna save us from "Big Oil". We like reading about the miracle cancer cure that "Big Pharma" has allegedly chosen to ignore for evil reasons.

All of our media outlets have realized this trend and shifted to printing puff pieces about our favorite "saviors". At this point the average American has zero hope for real citizen motivated change, so we'll keep hoping for a savior that's never going to come right up until the second this ship crashes into the iceberg.



The Gilens and Page study is a must read.


People rarely care about government decisions that do not affect them directly. People are generally blind to secondary effects of any government policy. Price control and Minimum-wage are prime examples.

Facebook or Microsoft are not entities in themselves but they represent their investors which are just people just like you and me. Whatever these companies do essentially represents the will of those people. It makes perfect sense for their lobbying because they are the ones who are likely to get affected in long because of increases cost of their services and reduced credibility.


Downvoted within 7 minutes. Nice going.


When I posted that, the only other replies were fawning about this, and this was as I said instantly downvoted. Sure, it "doesn't add to the discussion", it adds to a discussion about the discussion you don't want to have. Oh well, that's fine, but I stand by my post and would do it again, pile on it all you want. Anyone who thinks this site could possibly be 100% free from PR people has my condolences, and if you think that doesn't matter, then I wonder why you think any of this matters.


I'm with you PavlovsCat. Love the name by the way. I saw your comment and saw it get nuked.

When you wrote it there was the start of a downvote brigade on my comment but it made its way back up.


The American people just went to the polls to demonstrate that NSA surveillance is not something they particularly care about. If you're an anti-surveillance civil liberties type, you might be better served backing the companies that have dollars at stake in opposing surveillance than wait for the voting public to come around to caring about the issue.


If you want to use that kind of dumb lazy argument you could also say that the American people voted against NSA spying when they voted against Obama's administration.

But what people actually voted on was a media hype alternate universe that has little to do with any real issues.


I'd argue that you could lump the NSA debacle into that media hype alternate universe that has little to do with any real issues. For the past year and a half I've heard a lot about all of the awful things that the NSA could be doing with the information collected (e.g. arrests, blackmail, theft, etc.) but I have yet to actually see any evidence of an American citizen actually being subjected to any of them. My guess is that it's because when the newspapers don't have the evidence to back it up, they rely on narrative that brings in the advertising dollars.


How about the US citizen who was killed by drone?


The two (non-violent) US citizens that we know about killed by drones, knowingly targetted and killed without a trial.


I'm assuming that two you're referring to Anwar Al-Awlaki and his son, Abdulrahman Al-Awlaki, since they seem to be the most famous.

Just to get some facts straight, to date there's only been one US citizen targeted and killed by US drones: Anwar Al-Awlaki. As of last year, three other Americans are known to have been killed by drone strikes outside the US: Samir Khan, Abdulrahman Al-Awlaki and Jude Kenan Mohammed. None were specifically targeted - Samir Khan was killed during the strike against the elder Al-Awlaki, the younger Al-Awlaki was killed during a strike targeting Ibrahim al-Banna in Yemen, and Jude Kenan Mohammed was killed during a strike against a compound in Pakistan. All were killed by CIA drones, not DOD drones (NSA is part of the DOD; CIA is not). The Attorney General declassified the reasoning for targeting the elder Al-Awlaki[1], which was ultimately decided at the Presidential level - not by the NSA.

That said, this is beside the point - when the media is stirring up a frenzy about the NSA and civil liberties, they're not talking about CIA drone strikes in Yemen. It's a little disingenuous to lump the two together. It also doesn't go very far in answering my question regarding evidence of harm to US citizens. Maybe I'm out of touch with the rest of America, but I don't see the USA Freedom Act gaining much traction based on public outrage that 3 people over the last decade were accidentally killed by drones while hanging out with members of a militant group that had declared war against the US, especially when the purpose of said bill is to limit FISA warrants and FBI use of NSLs[2].

[1] https://s3.amazonaws.com/s3.documentcloud.org/documents/7031...

[2] https://www.congress.gov/bill/113th-congress/senate-bill/268...


Yes Al-Awlaki and his son were the civilians I was referring to.

It was my understanding that Abdulrahman Al-Awlaki was a targeted kill; I seem to be in error.

I was not aware of Samir Khan nor Jude Kenan Mohammed.

Regarding [1]: the justification was 'immediate threat', however it appears there was no immediate threat in the common sense usage of the term and the justification is askew with the prior drone strike that attempted but failed to kill him (he did nothing after the strike worthy of the label 'immediate' or 'threat').

Furthermore squaring 'immediate threat' with constitutionally garunteed rights is something that the administration has not done (can not do?). US citizens are guaranteed a trial. Principles are worth a lot less if the administration gets to decide when to apply them.

Regarding NSA v. CIA, I admit coming into the conversation without having read the thread. I merely sought to add information to the leaf. Thank you very much for the high quality comment and information.

Regarding damage to US citizens, one reason is that we do know that NSA contractors and employees stalked lovers and rivals and used these capabilities for personal means. There were also reports of nude photo sharing.

There were also several prominent Muslim community leaders with no connection to any terrorists or extreme ideas inside the United States who were targeted by the surveillance apparatus merely for their religious expression. I don't think I need to argue why profiling individuals based on their creed or color causes harm to these classes of people.

Extending this analysis - we do not know how these systems will be used in the future. In particular Nixon left office for spying on a handful of people. What would a Hoover or a Nixon do with the NSA capabilities? The broader point here is that the calculus of damage should not merely be about singular instances of damage today. It's a bad idea to build a nuclear reactor on a fault line. Not because it has already done damage. But because of the magnitude and the likelihood of what it may contrasted with alternatives.

Another example of damage to US citizens is the use of purposefully backdoored services and infrastructure. It is not theoretical or speculative to suggest that these weaknesses may be used by maligned actors: there are several examples today of intercept systems being compromised by interested parties for geopolitical and economic reasons.

Finally, we adhere to principles of civil liberties not just because they are good things on individual bases but also because adopting them as policies gives a net benefit to society (see historical evolutions of Utilitarianism and arguments against forced organ donation). That is one could argue as Bentham did, that rights are nonsense on stilts, except that societies that don't guarantee these rights suffer the pychological consequences of living in a state where no rights are garunteed. To presuppose that all damage must be physical in nature is to be ignorant of the history of the organization of men.


I'll definitely agree that the drone strikes are controversial and leave it at that since I think it's separate topic altogether.

On the other topics you brought up: there were a total of 12 cases reported by the NSA in the LOVEINT scandal, and an additional 3 were said to be under investigation without further details[1]. The violations varied in severity: of the 12 for which details were given, 7 resigned or retired, 3 others had their clearances revoked, 1 was stripped of his promotion and given a 10-day suspension without pay, and the last was given a written reprimand. 7 of them had their cases either forwarded to the DoJ or their military command (or both). Of those 12 cases, only 3 were targeting US citizens - the other 9 were instances of NSA employees abusing the system to target foreign nationals for their own purposes. I stress the word abuse - that's exactly what was going on, but this is also an example of the system working to find bad apples and kick them out. You see the same thing with cops - you expect there to be bad ones here and there. It's the police force's responsibility to identify them and either discipline them or kick them out; it's not indicative of systemic police corruption.

The only report of nude photo sharing was one that Snowden said himself. He made the claim a full year after his initial leaks and never substantiated it with any evidence.

With regards to the Muslim targeting, if you look at the original article[2], every one of the 5 people listed by Greenwald has "FBI" in the responsible agency column. According to the article, there are 7485 e-mail addresses in the list who were under surveillance between 2003-2008 by the NSA, FBI, and CIA. Based on a survey of 5 of the individuals targeted by the FBI, Greenwald somehow concludes that there's systemic targeting of Muslim Americans by both the FBI and NSA solely for their religious views. He gives a half-hearted guess as to why each of them might have been under investigation, but ultimately leaves it an open question. I think it's intentional - he wants you to walk away from the article thinking that because he didn't give a reason, there must not be one. Ultimately, we may never know - several others, however have given their own thoughts as to why[3][4].

> Another example of damage to US citizens is the use of purposefully backdoored services and infrastructure.

Could you provide an example of this? I think I know what you're getting at but I don't want end up assuming wrong, put words in your mouth and waste a lot of time ripping down a strawman.

> The broader point here is that the calculus of damage should not merely be about singular instances of damage today. It's a bad idea to build a nuclear reactor on a fault line. Not because it has already done damage. But because of the magnitude and the likelihood of what it may contrasted with alternatives.

But you don't just avoid building on a fault line because someone says it's a bad idea - you build elsewhere because there are certain standards for safety with regards to building nuclear reactors that have been agreed upon by experts who are intimately familiar with nuclear engineering, and a fault line doesn't meet the standards.

In my opinion, this is where the NSA issue really gets derailed. Most of the articles I've read will explain the technical capabilities of specific NSA programs without going into the policies that limit them. Snowden has stood up and said that so long as they have the technical ability to do something, you can't trust them to follow policy, but his disclosures have shown the NSA auditing their collection, bringing issues up to the FISA court, removing identifying information about US citizens from collection, etc. When no one was looking, they were following the law. If there's been a failure, it's been a failure of insufficient law and oversight.

And this is where I differ from most of the tech community. The solution isn't to take away technical capability because it could be abused in the future, it's to craft laws and policies to limit what the NSA can do with its technical capability and provide effective oversight. I don't think anyone from even before the Snowden disclosures has argued for less oversight.

As an analogy, the police have the technical capability to walk into every house on the city and shoot everyone inside. But they don't - it's both illegal and makes no sense in terms of law enforcement. For some reason, though, everyone seems to assume that given the fact that the NSA has enormous technical resources for gathering foreign intelligence that could be abused, without any further evidence to back up the claim they must also be carrying out the worst possible abuse and doing so for purposes that have nothing to do with foreign intelligence.

[1] http://www.grassley.senate.gov/sites/default/files/judiciary...

[2] https://firstlook.org/theintercept/2014/07/09/under-surveill...

[3] https://www.centerforsecuritypolicy.org/2014/07/09/misleadin...

[4] http://news.investors.com/ibd-editorials/071514-708936-snowd...


Thank you again for taking the time to write an well formed response.

Regarding LOVEINT and nude pictures. I think it's difficult to evaluate whether the punishments are actually worthy of the abuses and it's hard to know what the culture inside the NSA is, and it is also hard to know how widespread these abuses are and what affect they may have. They are examples of citizens being hurt by the programs, but agree that they are not (AFAWK) examples of systemic abuse.

I agree that the trading of nude pictures was asserted without evidence. I don't know what internal documents they would keep on that, and Snowden has thus far been a very well-spoken and trustworthy source of information. I won't claim it as a fact, but this sort of thing feeds into my last point from the last thread.

> every one of the 5 people listed by Greenwald has "FBI" in the responsible agency column

Left hand, right hand. The FBI, NSA, CIA, DOD, CSS, etc work with one another. Did the targeting utilize information or capabilities from the NSA?

I would be very interested if the Muslim leaders turned out to be connected to terrorism. They have not been arrested if they are associated with terrorism - I'm not sure what to make of that besides they are just being watched for their prominent role as community leaders.

Overall point regarding Greenwald. He is an advocate for adversarial journalism. He will accuse the government of more than is certain in an attempt to provoke more information/clarification or force them to contradict themselves (as happened frequently at the start of the Snowden disclosures). People feel differently about this. I feel that it is necessary to combat the other side of journalism which trades media spin and coverage for access and sources and shows its belly to USG on the regular.

> Could you provide an example of this?

Yes. I'm going to copy a list from a Bruce Schneier post (https://www.schneier.com/blog/archives/2014/10/iphone_encryp...).

* The Greek cellphone intercept system was attacked by an unattributed group.

* The Italian cellphone intercept system was attacked similarly.

* China hacked into the Google's US Government request system.

* The Syrian Electronic Army hacked into Microsoft's FBI data request group.

* The US cellphone intercept system has been hacked by unattributed groups.

> And this is where I differ from most of the tech community. The solution isn't to take away technical capability because it could be abused in the future, it's to craft laws and policies to limit what the NSA can do with its technical capability and provide effective oversight. I don't think anyone from even before the Snowden disclosures has argued for less oversight.

I think we'd agree here, but we'd likely disagree on what is reasonable. As things currently stand all data is sucked up and kept for longer than 5 years for later inspection. I think it's reasonable for the intelligence community and law enforcement to track individual users, but I do not think it is a good idea to track everyone all the time and limit only by policy and paper what can be inspected.

I find that surveillance, be it by law enforcement, management at my company, my parents, or by a stalker to impede on my right to be secure in my person. I find that legal compulsion for some private individuals to keep files on other individuals is a circumvention of the spirit of the law - and in fact one applied by the Stasi.

The difference between in-house operations, hiring of private surveillance contractors and legal compulsion on private citizens is a blurry one to me. "No means no."

I also find it 'dirty' that the FISA court (Foreign Intelligence Surveillance Court) should have any say in domestic issues at all. They do not represent the Constitution nor are they are not subject to a system of checks and balances outside of self-policing (I am aware of the review panel suggestions regarding this).

> For some reason, though, everyone seems to assume that given the fact that the NSA has enormous technical resources for gathering foreign intelligence that could be abused

Provided fairly recent systemic abuses of intelligence power (COINTELPRO, etc) I don't think these reactions are particularly absurd. Similar to how journalism may have to be partially adversarial, so does the relationship of men to their governments. Men need to ask what is being done, how it is being done and why it is being done. They need to demand honestly from their governments.

I would also ask that you reply to my last point regarding principles (the 'organ donation' one).

Finally, there are some other examples of individuals who have been harmed.

The founder of Lavabit certainly was harmed for providing an email service - his business is now forever underwater and he was served to go to a jury-less court (with all the stress and financial requirements therein).

The CEO of Qwest (Nacchio) claims that (both personal and business-scale) leverage was used to force the direction of his company and resulted in his indictment and arrest.


Really? The NSA was a ballot issue? It was a wedge issue during the congressional elections?

I wanted to vote against collect-by-default programs. But I didn't see the checkbox.

The parties defined the issues for the voters. The Democratic Party ran on the usual 'get out the vote' and The Republican Party ran on equating officials with the Obama administration and discouraged voting except from their base where they could. Both promised financial change but neither advanced anything concrete enough to be a platform.

And did we want a big item like widespread surveillance to be on the ballot during the national elections most famous for poor voter turnout?

Or maybe you're talking about a different ballot?

> If you're an anti-surveillance civil liberties type, you might be better served backing the companies that have dollars at stake in opposing surveillance than wait for the voting public to come around to caring about the issue.

A philosophical equivalent to tactical/dishonest voting (https://en.wikipedia.org/wiki/Tactical_voting).

You're suggesting that I accept the (presumed) assistance of these corporate leaders. I do, actually. But I also do not accept the fact that this class has the power that it does.

These two things are not actually mutually exclusive.


I don't think the current vote was a referendum on the NSA any more than it was a referendum on guns, as some have alleged. However, we shouldn't discount how the resulting political alliances will affect policy: http://www.nationaljournal.com/politics/the-nra-controls-con...

But when Congress had a 14% approval rating right before being 95% re-elected, you know our democracy isn't exactly letting us vote on the issues.

http://www.politifact.com/truth-o-meter/statements/2014/nov/...


Congress has a 14% rating overall. Individual members have much much higher ratings.

People are quite happy with their individual congresspeople, they just aren't getting what they want overall, because everyone wants different things.


Thanks for correcting me.


The NSA relies on executive orders.

https://en.wikipedia.org/wiki/Executive_Order_12333

Executive orders don't need congress to fix.

Nor are they on mid-term election ballots.

Executive Order 12333 has been regarded by the American intelligence community as a fundamental document authorizing the expansion of data collection activities.[9] The document has been employed by the National Security Agency as legal authorization for its secret systematic collection of unencrypted information flowing through the data centers of internet communications giants Google and Yahoo.[9]

http://www.archives.gov/federal-register/codification/execut...


The NSA is primarily controlled through the executive because that's how Congress wants it; they've gone out of their way to establish laws that provide either sweeping grants of power to the executive, or regulatory/rulemaking procedures that keep Congress from having to make specific decisions about intelligence collection. It's an obvious and deliberate strategy and one that congresspeople are indeed culpable for.


This is nice and all, but what's your point?

The congress-people you are maligning are not in office.

Meanwhile, the president could fix this easily.

If he's goint to use executive authority this make more sense for that authority than immigration.


I don't even know how to parse this comment, let alone respond to it. "The congresspeople I'm maligning aren't in office?" That's not how it works.


look up the date of the executive order footnoted above...

or maybe that's too difficult?

you're too smart to argue from ignorance.


No. What I'd bet is happening here is that you, like many people, don't really understand how an executive order works.

Except in a very specific set of circumscribed cases, the President cannot overrule Congress by fiat. An executive order communicates through the President's own administration how they plan on interpreting the laws written by Congress, and how they will exercise whatever rulemaking authority Congress has delegated to their administration.

If the President is declaring through executive orders an intent to ratchet up surveillance of US citizens, that is very much Congress's responsibility to resolve. The President is exercising rulemaking authority carved out by Congress. That authority --- OBVIOUSLY --- needs to be curtailed.



Loud non sequitur is still non sequitur.


your latin is so intimidating?

https://news.ycombinator.com/item?id=8613572

"NSA's mission, as set forth in Executive Order 12333, is to collect information that constitutes...."


I remain unconvinced that you are not some sort of particularly clever bot.


"12333 is not a statute and has never been subject to meaningful oversight from Congress or any court."


Executive orders aren't subject to oversight by Congress. But their validity depends either on Constitutional or (as in this case) statutory authority.

As I said upthread: the President can issue executive orders like this because Congress has overtly and deliberately allowed him to do so.


So now we agree. But that is the point. The order is lawful.

So you have the following problem:

(1) President <can> supersede an old executive order on his own volition, and without congress's consent.

(2) Congress <cannot> supersede said orders without the president's signature[+]

____________________

[+] unilaterally, unless they have veto-proof supermajority etc


Is your whole point that it takes more than one congressperson to change the law?


I think what he's trying to say is that due to the relatively lower barrier of entry to (1) than to (2) that it is incumbent on the POTUS to resolve the issue over Congress. His perspective is likely reinforced by a sense that Congress will have difficulty making majority decisions as it has been significantly gridlocked. In general Americans feel that of the branches of government the President represents them the most (it should really be the house and possibly the judiciary...)

I think further he is trying to say that the POTUS and Congress that originally published EO 12333 and some associated legislature are no longer in office today - and that this means the current branches of US law have inherited these policies and framework of legal interpretation. I think he means that undoing these traditions would be a departure from accumulated experience, investments and internal processes and thus represents a significant systemic overhall: again raising the bar of difficulty to get something passed.

For these reasons I think sky001 is placing the burden on the President to realign the interpretation of the law with modern storage/processing/collecting capabilities.


The fatal flaw with this reasoning is that every President gets to change their mind. So long as the law of the land delegates this authority to the executive, you'll always have to wonder what internal rulemaking the President has done, or plans to do.

This is well and truly a legislative problem.


The "fatal flaw" is belied by the empirical data

> look up the date of the relevant EO

> count the number of presidents that have not changed it

> compare cost of serveilance today versus the EO date

Technology has changed the meaning (practical ramifications) of the EO.

POTUS can re-ballance the EO without congress.

IF potus is unable or unwiling to do that, what makes you think he's going to sign a law doing the same?

Congressional obstruction-ism is no excuse for his 6 year inaction.


Any President can change their mind about executive orders.

Every President can't change their mind about the limitations imposed on them by Congress.

This is a very simple point. I'm sure you get it. I understand, you're mad at Barack Obama. Fair enough. But getting Barack Obama to play nice doesn't fix the fact that current law regarding surveillance is bad and must change.

"Obstructionism" isn't the problem. This isn't a partisan issue. The law is the way the law is because both sides of the aisle want it that way.


This isn't a partisan issue. The law is the way the law is because both sides of the aisle want it that way.

That's why the article's main/underlying premise is absurd.


ha. that you don't understand me is a compliment.


Good point. We could have voted in more Democrats, what with their demonstrated position against NSA surveillance. Like Pelosi.

Wait.


You'd rather see us all live in an Orwellian surveillance society than have American corporations owned by American shareholders defend America? All right, you'll no doubt get what you want, though ultimately at the cost of the republic you claim to be defending.


Uh, what? No, he'd rather see you all live in a society where you have a say in what's going on.


I find this article interesting in that it describes a direct clash of motives between two major systematic problems in American government at present: corporate capture of politics, and the runaway NSA.

What needs to happen is for both of these forces to be curbed, before they find a compromise that I don't expect to be in the best interest of the people.


> corporate capture of politics

If you look at which companies can actually make things happen in DC[1], it's the ones that are regulated (the reasons for this should be obvious with some thought). Those are not Silicon Valley companies, by and large, but telecommunications firms like AT&T and VZ.

And it's those telecommunications firms that have long-standing surveillance "partnerships" with the NSA, according to leaked Snowden docs, which I wrote about last year here: http://www.cnet.com/news/surveillance-partnership-between-ns...

Here's one reason those regulated telecom companies may not be eager to see reform happen:

"ATT, Verizon, Sprint Are Paid Cash By NSA For Your Private Communications" http://www.forbes.com/sites/robertlenzner/2013/09/23/attveri...

[1] AT&T/VZ/Comcast rolled Google/eBay/etc. on Net neutrality in Congress. Twice. Silicon Valley-backed NN bills were defeated in both the House and the Senate. And heck, Silicon Valley can't even get a permanent R&D tax credit passed. They've been trying forever to get a ECPA reform passed (this has failed). DMCA reform? Over a decade, nothing. They should be heavyweights or superheavyweights but they're bantamweights instead.


Given that the NSA was going to get data from the telcos in any case, you'd rather they got it for free? If there is some sort of behavior you want to discourage somebody from engaging in, the simplest way of doing so is to make them pay for it. Even nominal fees can be a significant deterrent (this is why ads and eyeballs are the currency of the web). Without this monetary friction, there would doubtless have been even more rampant data collection.

Additionally, the link you provided itself says that the money the telcos got from that is a small fraction of their total revenues, so I am not sure how compelling a reason that would be to oppose reform.


That's why I said "one reason."


I don't think it's that much of a clash. These companies are the exception, which makes for a noteworthy article.

There's one sector in particular that has been suspiciously mum about the whole thing. A sector that relies heavily on secure communications and has tremendous influence on the US government: Wall Street.


Yes, this is so true.

It's difficult to be against things on principles when the outcome is desired, but I'd argue that's the only 'right' thing. I.e. lobbying should be condemned even though the outcome may be in line with ones interests (reducing gov-spying in this case).

This illustration comes to mind: https://mayday.us/campaigns/illustrations/be-a-good-politici...


Money. Not altruism or moral compass or even customer demands.

But lost foreign dollars is the wrong argument, right? Restricting the NSA from bulk collecting US citizen data has nothing to do with their legal rights to do the same to non-citizens.

I'd venture to guess that the NSA cares very little how Brazil builds a trans-Atlantic line, they'll still secretly tap it.

And a big HA! for Verizon being sad about the NSA collection while they're unabashedly MITM-ing 100% of its wireless customers.


Of course money. You make the argument that your audience is most likely to hear. And between lobbying and campaign contributions, jobs for their constituents, lost tax revenue and so on... money is the argument Congress is most likely to hear.


If Microsoft cares about privacy, when will they change Skype back to the encrypted peer-to-peer architecture it had before they bought it? If Facebook cares about privacy, why is their signup page not just a redirect to diaspora, friendica etc.? And why can't google split stuff up into subdomains, even if that'd mean no precious .google cookies? Okay, the last two are a bit silly, but I just don't feel like looking up and rattling down all those laundry lists of the ways of how they shit all over privacy again and again, just to eek half a percentage point out of something somewhere, in the name of functionality and convenience as if there aren't lots of more promising and unexplored avenues to improve those.

Of course, none of these companies are monoliths, and I don't doubt that there are people in them that genuinely care. But on the whole, you are really* saying that the companies care about privacy, but just pretend it's about money because Congress is more interested in money than they are? I doubt that, mildly put.


> If Microsoft cares about privacy, when will they change Skype back to the encrypted peer-to-peer architecture it had before they bought it?

A bit off-topic, but Skype's actual voice traffic is still primarily P2P. You can verify this yourself using basic network analyzer tools (I used nettop on OSX) to check the destination address of packets. Multiple times over the last couple of years (after they allegedly moved away from P2P) I verified that a voice call between Skype instances on Mac and on Windows was direct between my network and my peer's IP address.

I did not check if IM traffic is P2P. And it certainly connects to a lot of other remote addresses by default, which I'm guessing is for call-setup via their servers.


I may have been wrong about it, but I disagree it's off-topic. Lip service is one thing, pressuring other parties to give up their snooping is one thing, actually being committed and simply deleting or encrypting as much as they can so the question doesn't even arise, or even considering and talking about the trade-offs required to do so, that would be quite another. So it's all mostly window dressing to me. I believe that they care about their profits, but that's about it.

These corporations actually could afford to find out stuff about their markets by asking people who volunteer, by super traditional means that have been used for decades before the internet. They don't really need your complete life history, they just need a good rough idea, and then be honest engineers and programmers that make the best products they can make.

This "we need to internally probe you to improve customer service" stuff to a large degree is marketing run amok, not really something that is impossible to do without unless you don't subscribe to "the best product wins", which everybody loves to pay lip service to but then tries their best to circumvent.


Well, I am glad Vic Gundotra was fired for example.


I'd be interested to see if the tech companies could push out something to their users to help educate them. Something similar to the news feed notification Facebook pushed out asking for donations to fight Ebola.

The real resource these companies have to use is the attention of their users, not money.


> push out something to their users to help educate them

That is not going to happen b/c it would draw the users' attention to the problem of mass surveillance being conducted (be that explicitly or implicitly) by tech giants for the gov't.


So with all these companies' support what I don't understand is why an IP standard is not being worked on that demands asymmetric encryption. I envision an ideal future where the IP layer is encrypted, possibly with multiple algorithms, the http layer is encrypted separately, and the javascript message passing layer is encrypted still separately from that.

We already know that encryption works mathematically, but human factors get in the way. No one should ever be able to snoop on someone's traffic content in this day and age.


Because the "support" is just a PR move.


"Senator Saxby Chambliss of Georgia, the top Republican on the Senate’s intelligence committee, has said there’s no urgent need to pass the bill. The law authorizing the NSA to collect bulk phone records expires on June 1, meaning the new Congress can wait until then to pass legislation, Chambliss told the U.S. Chamber of Commerce in October."

So this is a public discussion and debate that the country is going to have any way between now and next Fall.

The question then becomes "Why this news article right now?"

Looks a bit like political posturing. If your party is on the way out, you can pretty much propose anything you'd like. Nobody is going to vote it trough, so you get credit for taking a position that you'll never have to live through or defend. It's a win.

Don't get me wrong: I'm all for limiting NSA. I'd just like it to really happen, instead of reading 100 articles like this over the next ten years while nothing ever changes, which is the way this seems to be playing out.

For whatever reason, the establishment, that is, both parties, seem to have secretly decided that it's perfectly okay to have the government sifting through all of our personal lives. I like seeing this lobby group make an economic argument to the Republicans: this is killing our tech sector. I like seeing folks in both parties make a freedom argument: this is the not values our country was constructed on. I even like my personal argument from pragmatism: our country cannot keep operating in such a manner. But all of these arguments seem to just bounce off a stone wall. I hear all kinds of people talking, I see speeches made and bills sponsored that will never see the light of day. I see bills that have a chance of passage that look like they hamstring the government but in fact just allow it to keep doing what it's doing. The only thing I'm not seeing is any real movement here. I'm hoping that will change.


Maybe Facebook should stop trying to bug the entire web if they care about spying so much.


The only people winning here are the ones who studied law, and now are lawyers, lobbyists and politicians…


This article has an an absurd premise.

A Democrat controls the NSA (POTUS).

They don't need to lobby anyone in congress.


I don't understand. President Obama seems to be a great friend to the NSA, and I understand the NSA has greatly expanded powers under his administration. President Obama threatened openly in a press conference to punish whistleblowers after the Snowden fiasco blew up.

Why should we put any faith in President Obama and lobby him to do the right thing now? The opacity, doublespeak and contempt shown to the people by this administration ranks it at the bottom in my book.


Nothing congress is going to pass will become law without POTUS signature.

The premise of this article is>>> that OBAMA will sign {#INSERT_LAW_HERE}.

So why not just sign an (new) executive order? eg.

NSA's mission, as set forth in Executive Order 12333, is to collect information that constitutes "foreign intelligence or counterintelligence" while not "acquiring information concerning the domestic activities of United States persons". NSA has declared that it relies on the FBI to collect information on foreign intelligence activities within the borders of the United States, while confining its own activities within the United States to the embassies and missions of foreign nations

http://www.washingtonpost.com/opinions/meet-executive-order-...


You should probably re-read the US Constitution. It's not really very long.

And, once again: the problem with Executive Orders as a solution to overreaching surveillance is that they are not binding. This administration, and every other one, can revoke them on a whim. The same thing is not true of an actual law.


Then you understand wrong. According to Snowden's documents, the NSA has diminished its powers under the Obama administration (e.g., bulk collection of email headers for feeding their social graph and proposing to end bulk collection of call log data).


The NSA has drastically increased its powers and data collection under the Obama Administration.

1) Snowden said these programs have gotten dramatically worse under Obama. He has said that numerous times.

2) Prior to Obama's election, it didn't have all the tech companies lined up into XKeyscore. That was put into place on his watch.

3) The NSA also was not yet illegally tapping into and stealing bulk data from these companies via interception, to get around collection restraints.

4) The NSA's massive Utah data center was built during his Administration.

5) In 2009 Obama's DOJ admitted to illegal surveillance abuses, and claimed steps had been taken to correct such. They lied of course, they did the exact opposite: they massively expanded surveillance.

http://www.nytimes.com/2009/04/16/us/16nsa.html

6) The U.S. Marshals Service overflight program came into existence during Obama's Administration. The service was initiated in 2007, and the flight program was put into place by the Obama Administration. Worth noting: he also didn't stop it, he expanded the program.

7) The NSA began actively helping other agencies illegally (eg the DEA), via parallel construction, during Obama's Administration. This practice has massively expanded under Obama's watch.

9) Obama also loves to use the Espionage Act to persecute journalists that act to reveal the dirt of his Administration.

10) The Obama Administration continued to lie about the programs. The Obama Administration continued to refuse to admit their existence. The Obama Administration massively expanded all surveillance programs. This is all continuing right now.

11) During Obama's watch, the Stingray device has gone from being a piece of military technology, to being handed down from the Federal level to the local and state level. During his Administration, efforts have been made to expand illegal surveillance from the domain of the Federal Government, and to ensure widespread surveillance at all levels, so the Feds have a greater total access to communications.

There has never been a more abusive surveillance President in US history. And there are another easy dozen items on this list, of abuses by the Obama Presidency when it comes to surveillance.


1) As I've already shown and will continue to show in this post, Snowden's own documents refute this. Snowden clearly didn't have time to look at what the documents he spidered actually say.

2) Xkeyscore is merely a database and does not constitute new surveillance. Snowden's documents show that it contains fewer sources under Obama (no more email metadata).

3) The NSA significantly reduced the scope of its upstream collection under Obama in April 2012. http://fas.org/irp/agency/doj/fisa/fisc0912.pdf&ved=0CB4QFjA...

4) A datacenter does not constitute new surveillance, whether it's built or not (not).

5) Your article says that Obama's DOJ found pre-Obama abuses, once again, the exact opposite of what you claim. Your claim that Obama lied about taking steps to fix this are unsupported by any of your links. Simply stating something does not make it so.

6) There is no proof that the overflights are recording data from anybody other than the targets. You're engaging in wild speculation here.

7) According to my link above, this claim is false. The NSA shut down any ability to assist in parallel reconstruction with upstream data in 2012.

8) There is no 8.

9) Again, false. No journalist has ever been prosecuted (or persecuted) with the espionage Act. http://blogs.reuters.com/alison-frankel/2013/06/24/journalis...

10) More unsourced claims. What expansion?

11) There is no evidence that the Stingray records data from anybody other than the target. http://m.wsj.com/articles/BL-DGB-23163

Where does this leave us? Three counts of reduced NSA powers (email headers and other upstream collection and phone records) and zero counts of increased powers.


1.) ...

2.) Isn't this like saying python doesn't add any new programming capabilities over hand written assembly? Having full-take data in a database, all in one place under the hands on one agency DOES constitute new surveillance.

Also to be clear the XKEYSCORE program uses metadata to search but will return full content in the query response. It is a database with full-take data.

3.) http://fas.org/irp/agency/doj/fisa/fisc0912.pdf&ved=0CB4QFjA... resolves to http://fas.org/404-not-found/ for me. From what I can tell, however, lots of upstream collection has happened during the Obama administration. Would you care to provide another link?

4.) Covered in 2.

5.) Agreed about his link. Let's talk about this one. http://www.theguardian.com/world/interactive/2013/dec/18/nsa...

6.) They are recording the data. But they presumably delete it if it isn't related to their case. It is known that there are no formal safeguards - the deletion of data is enforced merely by policy.

7.) Again we need a new link. But I don't understand how shutting down of upstream data collection could imply no assistance in parallel construction. Could you expand?

8.) ...

9.) You can use the threat to persecute journalists, which is what I believe the parent is talking about. Furthermore other laws are used in its place (e.g. Risen).

10.) > The Obama Administration continued to lie about the programs. The Obama Administration continued to refuse to admit their existence. This is all continuing right now.

Do you agree with these sentences?

> The Obama Administration massively expanded all surveillance programs.

I think the parent is speaking generally about the growth of the budget and capabilities of the NSA during the Obama Administration including the Utah Facility, the renewal of the spying programs and Patriot Act by the administration, and legislature that would have (had it passed) expanded the NSA's ability to look directly at content without having to make requests to corporations.

11.) Back to 6.


I remember you. You're the paranoid conspiracy theorist who shows up in every surveillance post making wildly inaccurate claims. I'll humor you again and stick to one of your stupendous claims: that the stingray devices record all the data sent from every connecting device. Where is your evidence? All the released documents show that it is used to home in on the location of a targeted subscriber, which can be done without recording anybody else's data. Why would they have added the extra technical and legal complexity of doing what you so nonsensically claim?


> I remember you. You're the paranoid conspiracy theorist who shows up in every surveillance post making wildly inaccurate claims.

I encourage anyone reading this thread to look up lern_too_spel and my previous encounters and decide for yourself.

I would suggest this one in particular (https://news.ycombinator.com/item?id=8513528). I would add the "Biden Bill" S.266 to the list of things in the top comment.

"It is the sense of Congress that providers of electronic communications services and manufacturers of electronic communications service equipment shall ensure that communications systems permit the government to obtain the plain text contents of voice, data, and other communications when appropriately authorized by law." - http://thomas.loc.gov/cgi-bin/query/F?c102:1:./temp/~c102y44...:

I would also add 18 U.S.C. § 2703(f): "Required disclosure of customer communications or records" - http://www.law.cornell.edu/uscode/text/18/2703

> I'll humor you again and stick to one of your stupendous claims

How about replying to all of them? In previous threads it was very common for you to pick one fact and fixate on it ignoring the others. I would much rather have a discussion about all of these points.

> All the released documents show that it is used to home in on the location of a targeted subscriber, which can be done without recording anybody else's data.

Please link to said released documents. The Wall Street Journal, which broke the story:

http://online.wsj.com/news/article_email/americans-cellphone...

"The technology is aimed at locating cellphones linked to individuals under investigation by the government, including fugitives and drug dealers, but it collects information on cellphones belonging to people who aren’t criminal suspects, these people said. They said the device determines which phones belong to suspects and “lets go” of the non-suspect phones."

"Also unknown are the steps taken to ensure data collected on innocent people isn’t kept for future examination by investigators."

"Within the Marshals Service, some have questioned the legality of such operations and the internal safeguards, these people said. They say scooping up of large volumes of information, even for a short period, may not be properly understood by judges who approve requests for the government to locate a suspect’s phone.

Some within the agency also question whether people scanning cellphone signals are doing enough to minimize intrusions into the phones of other citizens, and if there are effective procedures in place to safeguard the handling of that data."


Thanks for pointing people to that thread. It shows another one of your crazy claims thoroughly debunked by tptacek and myself that you couldn't be bothered to correct yourself about. That's why it's pointless correcting you. If another user cares to discuss these issues, I'll gladly take them up on the offer.

As for my documents, you linked to the canonical document that broke the story itself. You even quoted the part about how it most likely works. "They said the device determines which phones belong to suspects and 'lets go' of the non-suspect phones." The rest of the article consists of evidence-free speculation about data collection that is not necessary to perform the task that the device is required for.

I'm done. Thanks for the link to the previous conversation. I'll just repost that the next time you respond to one of my comments, so everybody will understand why I won't bother to correct your points.


You failed to link to documents (again), failed to reply to all items (again) and selectively quoted content (again).

"it collects information on cellphones belonging to people who aren’t criminal suspects"

"unknown are the steps taken to ensure data collected on innocent people isn’t kept for future examination"

"scooping up of large volumes of information, even for a short period, may not be properly understood by judges"

"Some within the agency also question whether people scanning cellphone signals are doing enough to minimize intrusions into the phones of other citizens, and if there are effective procedures in place to safeguard the handling of that data."

> If another user cares to discuss these issues, I'll gladly take them up on the offer.

@adventured, the ball's yours.


I don't know much about either of you but would like to add here that you were --- no harm, no foul --- comprehensively wrong about CALEA. The law itself refutes your claims about its impact on software companies, right up front in the "definitions" section.


Haha, thanks Thomas.

I'm half in agreement with you about CALEA, but think the thread missed the larger point. Forests and trees and all of that.

If one were to take my point as a specific claim about only CALEA and as a specific claim only about key (and not data) escrow under a strong letter of the law reading, then yes most certainly I was wrong.

However this interpretation of the thesis is/was an injudicious one. There are laws requiring plaintext access to communications records and computing services records upon lawful request. CALEA does have a section on this (focused on telecommunications, which have been expanded to include digital transport such as VOIP technologies), as does 18 U.S.C. § 2703(f) (which do apply to digital services such as cloud technologies), as do others.

The thread fixated on CALEA - yet from the beginning my thesis was about a constellation of laws and the interpretation of these laws under EO 12333 and the Third Party Doctrine, current political climate and the real world pragmatic implementation of policies in tandem with the private sector (e.g. telecoms in America today do not provide strong escrow-less crypto).

From what I can ascertain for large providers the Department of Commerce streamlines the process. Telecommunications have been streamlined since the late 90s. Internet services are still in the process of being streamlined - PRISM was one of said programs. For smaller providers requests/demands are run when the value of ends supersedes the cost of means. Lavabit is an extreme example of how leverage has been applied to acquire plaintext access to communications.


If a law exists that requires a software company to retain the capability to provide plaintext transcripts of encrypted messages, and to provide those transcripts on demand, you've been unable to provide any citation to it.

Lavabit is exactly the problem with your analysis. The core problem of Lavabit wasn't that that the government compelled Levison to retain the ability to decrypt messages. No, Levison chose to do that, because the market punished real secure message providers for forcing users to install software. (a) If you have the ability to decrypt messages, (b) the government is allowed under current law to exploit that. Now Levison's defenders want to point the finger at the DOJ and surveillance law, insulating him from the consequences of his own (frankly) terribly irresponsible decision to expose his users secrets in exchange for market share.

The original citation to CALEA which people "fixated" on was yours. Your claim was that CALEA compelled software companies like Apple to backdoor encryption. It does no such thing.

No law exists preventing anyone from building a truly secure messaging service. TextSecure and Silent Circle are doing it out in the open right now. A disinformation campaign suggesting otherwise would be harmful to end-users.


What do you think about 18 U.S.C. § 2703(f)?


I think that it says nothing whatsoever about encryption. What am I missing? If you're going to claim something in here could be interpreted to apply to encryption, cite some authority that says so. In the unlikely event that you're right, a lot of big companies are in serious legal trouble.


I included this law in the discussion since it applies to digital services.

What you are missing is that unless encryption is used directly by the endpoints (not added by the provider) by definition (a) holds from your previous comment.

Skype is an example of a communications service (like TextSecure) that offered secure E2E communications but was stripped of that functionality.

Blackberry is an example of a company that has drowned because political pressure to backdoor communications was greater than the market incentive to provide real security.

Apple today stores electronic communication and service records, logs and artifacts from your phone encrypted in the cloud. But it will decrypt for law enforcement upon request. Are you suggesting they do this voluntarily or are they compelled to by law?

http://images.apple.com/privacy/docs/legal-process-guideline...

For the record I am a strong advocate of TextSecure/Silent Circle/others. To be a strong advocate, however, one must be a strong skeptic. So far I do not believe these two projects have been compromised ("CryptoCat" on the other hand...)

I do not believe that there are laws requiring all crypto implemented by every provider everywhere to be subverted. The laws that exist however do ensure that any encryption provided transparently are subverted. When E2E crypto becomes a problem (e.g. Skype) the intelligence community has other ways of dealing with it.

What this means for the surveillance state is that anything that becomes popular enough to represent a non-neglegible portion of traffic will be subverted. Mom and pop can't have secure communications. It's only us cipherpunks who get to have any short reprieve.


I'm lost. You claimed in the previous thread you linked to that CALEA (or, charitably, some other law) required US companies to backdoor their encryption schemes. I said you were wrong about that. You claimed I was merely fixating on the specific law you cited, to the detriment of the more general truth of your argument. I asked you to cite any authority anywhere backing that argument up. Your response is to cite examples of crappy software security, and then to sneakily reformulate your argument so that it applies only to encryption that isn't "end-to-end".

The saving grace of this unproductive conversation is that we at least agree that end-users should reject forms of encryption that don't require them to install anything.


> You claimed in the previous thread you linked to that CALEA (or, charitably, some other law) required US companies to backdoor their encryption schemes.

As a customer, encryption provided by a third party (especially in situations where it is difficult or impossible to provide my own encryption - like how would I provide my own encryption that goes over Skype?) which is designed to be removed upon request by the government is backdoored.

> I asked you to cite any authority anywhere backing that argument up. Your response is to cite examples of crappy software security, and then to sneakily reformulate your argument so that it applies only to encryption that isn't "end-to-end".

Neither Blackberry nor Skype were crappy software security solutions until they were subverted. They were subverted on purpose. It's disingenuous to call them crappy without digesting the context by which they came to remove strong security garuntees. Like the case with Apple (you didn't reply to that) either this subversion was done voluntarily or it was compelled.

My thesis is that the constellation of laws and their interpretation are such that the any products which become leading communication services will be subverted. Through mandatory data ecrow and the TPD as we spoke about earlier, and through financial and political pressures, incentives and (as we know in extreme cases from the Snowden docs) sabotage.

So perhaps it's a vocabulary issue? Companies that will sell in-transit encryption but remove it or store plaintext I would call a backdoor. We agree that this is required by law.

Where we seem to disagree most is the canonical case of Skype. Skype was purposefully subverted and I argue that the constellation of laws we've been discussing were used to do it. I can imagine two other stories one could tell:

1) E2E encryption was removed voluntarily; no compulsion (I would need a lot of convincing)

2) E2E encryption removal was a silly regression that has been noted but not fixed for years (I would need even more convincing)

I would agree wholeheartedly that when it comes to the Skype case there are technically, by letter of law, no laws that force companies to remove or backdoor E2E.

I think here is where we disagree: I think in practice, by the examples we've been able to witness, that broad interpretations of these laws, in conjunction with financial and political pressure are in fact used to leverage changes law enforcement and intelligence community members need.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: