Yes, I sincerely believe that. Think about it. And please, think honestly about it and don't just dismiss it out of hand.
I can give you one example of where controls have been shown to work right off the top of my head: the U.S. military itself. What's to stop the Combatant Commander in charge of USNORTHCOM from taking over the government by force?
At least with this we can use technical measures as well, apply the best crypto modern literature (and, you know, the NSA) has to offer to keep data-at-rest safe from rogue analysts while requiring accountability controls for its use in an investigation.
The problem has been that there don't seem to be many such controls that aren't policy-based in nature. That's a problem. But it's not an insurmountable one either, if we decide to solve it.
You realize that the NSA is a branch of the military don't you?
When the NSA breaks the 4th amendment, goes before Congress and systematically lies about their activities, it is in a very important sense an extra-constitutional military coup happening before our eyes.
I'm well aware of where NSA falls in the government hierarchy.
What part of the 4th Amendment are you saying they broke? It's not PRISM.
It might be 641-A style interceptions, except that those aren't actually covered by the 4th Amendment.
The Verizon phone data might be close, but that's also considered fair game according to the courts. And besides, that has a separate court order anyways, doesn't it?
Remember when the Daily Show played and they ended with the idea that it was surprising that what the NSA was doing wasn't illegal (i.e. that it should be illegal)? Hard to call following the law as it's been explained to them a coup...
> What part of the 4th Amendment are you saying they broke?
The part about "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated"
and "no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized"
It is not OK to just "seize all the data" and "search it later if we feel it's relevant".
> Remember when the Daily Show played
No, I don't watch that show (or any TV really).
> Hard to call following the law as it's been explained to them a coup...
The US Constitution is the highest law in the US. If an action violates the Constitution, it is illegal, by definition.
Thank you for repeating the 4th Amendment to me. What program broke it? Because the courts have held quite consistently that information shared with a third-party is no longer private. Even the "reasonable expectation of privacy" phone booth case is quite different from "Hi Facebook, here's private message for you to send to my friend, oh and all of your advertiser networks and data mining algorithms"
Congress has normally patched that up as new technologies have been introduced by making privacy a legislative requirement (but still not a Constitutional right). But they haven't done that for the Internet yet.
ECPA is the closest thing, but it specifically exempts FISA surveillance (though it does still require a court order if I'm reading 18 USC 119 correctly). While I do agree that Internet usage should probably be considered as de facto reasonable expectation of privacy on the wires I'm not sure that the law is at that point yet.
"Reasonable expectation of privacy" itself was essentially invented by the Supreme Court, so it's not as if there's no precedent for adding restrictions on government surveillance, but I'm not seeing the shortcut around the Constitution here except for 641A types of activities (assuming those are not being done under FISA auspices).
Information shared to a third party that the first party could no longer deem under its control, that is what is no longer considered secret.
This means that yes, the government has perfectly readable access to everything I post on Twitter. That's fine. This does not mean that they have access to the contents of my Livejournal posts that are not shared. While it is a factual assertion that I have shared them to a third party, another, better interpretation is that I have shared them to a contracted vendor with whom I expect privacy, even where I know that they may not be able to access it.
There is case law on physical proxies. If I am the renter of a storage locker or facility that has a lock on it (password), then I have a reasonable expectation of privacy there, even though the storage facility is clearly a third party. Because I have a contract with them, and in that contract, I do not grant wide-open access to my belongings, the storage locker is an extension of my papers and effects.
I get that you and we all have different interpretations of what we would expect privacy to mean. But the government only has the one that it has to go by, the law, and the law was made much more expansive by the USA PATRIOT act and only brought back in a little bit by the 2008 Amendments. I could have sworn that the Supreme Court has had a chance to strike down part of the USA PATRIOT Act by this time and hasn't.
I like your analogy on physical proxies, but I didn't need convincing that information given to a third-party on the Internet deserves a "reasonable expectation of privacy" (up to the limits of the privacy policy itself, though...). I just don't think the law agrees at this point, which is why I'm pushing back against people with the idea that everything the NSA has ever done is illegal.
The law needs fixed, once and for all. I think most of us agree at least in theory that there is a need to handle counter-terrorism and domestic law enforcement so we also need to decide what "features" (if any) are built-in for that.
And then we need to decide how far those laws extend to cover those from outside the U.S.
"But the government only has the one that it has to go by, the law"
Technically, the 'one thing' to go on is the Constitution. Any law that violates the Constitution, plainly read, is not a law at all. No citizen is obliged to abide it, no court is obliged to uphold it, and no agency is obliged to enforce it.
Obviously the world exists in far less black and white terms, but at least portions of "the law" that they are following have been deemed unconstitutional by the courts, which should cast a long shadow of suspicion on the rest of the provisions.
This is why we ought be thankful that Snowden spoke up. Too many people derive their morals from what is or isn't legal, and too many people would accept unconstitutional infringements to the constitution that makes them feel safer. To paraphrase Neil deGrasse Tyson, "I don't fault people for being willfully ignorant, as long as they know they're making a tradeoff for mental comfort - I don't want to be them, but I understand it whenever I can't fall asleep because I'm worrying about the state of things" -- what polls on this issue have shown is that far too many people just want to be governed kindly, which is either an indication of a dumb, complacent society that has lost its fierce American spirit, or is an indictment on all people unilaterally.
"A republic, if you can keep it," implied that there would be work involved. What we've shown over the past few decades is that, as a citizenry, we aren't willing to put that work in.
I'm not going to limit my view to an incomplete set of documents written by no-credibility liars and rubber stamped by secret courts. When multiple independent sources, people who actually worked there, come out and say "no it's far far more than even that, they're on a mission to collect everything", I tend to believe them.
So you tell me...
What was the "program" authorizing Room 641A?
How many other "fiber taps" are there? (as alluded to in the PRISM doc)
What data is being collected?
Or rather, what data is not being collected?
The fact that we don't know the answers to these questions because they are being deliberately withheld from us means that we are not "secure against unreasonable searches".
641A? Probably ECPA in conjuction with FISA. Likewise for fiber taps. The real "innovation" there is how much domestic data is allowed to be captured by accident and then minimized later. Might meet with the letter of the law, but definitely not the spirit!
> The fact that we don't know the answers to these questions because they are being deliberately withheld from us means that we are not "secure against unreasonable searches".
Well, the lack of an answer to this isn't what is violating the 4th Amendment. If they answered "we record everything" you'd have your answer but would presumably still feel that your rights are being violated.
Room 641A is in an AT&T facility in San Francisco, not Hanoi. The contents of the communications that have, according to the Klein testimony, been vacuumed up by the NSA in 641A are confidential communications made by Americans who have every reasonable expectation of privacy.
I'm surprised you think, without citing any authority, that 641A and its ilk fail to implicate the Fourth Amendment. The 9th Circuit ruled in December 2011 that a lawsuit against the NSA over room 641A could continue, and it's currently underway in federal district court.
There are also separate lawsuits underway against Verizon for the phone logs.
Well, San Francisco is right on our Pacific Coast, no? That would seem the perfect spot to place something dumping foreign traffic en route to the U.S. before it becomes domestic (assuming the San Francisco facility is the first domestic terminus for those international fiber links).
Obviously such links could include communications by Americans going overseas. This has always been an issue with law enforcement and national security investigations, intended to be solved by "minimization". This is a concession which has not been held to be illegal or Unconstitutional, to my knowledge.
Mind, the way the NSA is using that law at 641A is something I would strike down as being prejudicial to 'reasonable expectation of privacy' overall, but then if it was up to me any "common carrier" would imply a 'reasonable expectation of privacy' by definition.
So hopefully we'll see something concrete come out of the case against the NSA (assuming Congress fails to act first). But at it stands now I think even 641A might be meeting the letter of the law, via FISA (where all the gloves are off), but not the intent or spirit of the law.
It's remarkable that you think the NSA vacuuming up everything that flows through a domestic AT&T facility, per the Klein affidavit, merely "could" implicate Americans' private communications. Why not stipulate that it "will?" Also note that subsequent reporting has said that similar taps are in place at similar facilities, not just in San Francisco.
You might be right that 641A has been blessed by the Sec. 702 amendments to FISA. But the immunization for providers is not absolute; if requests go beyond what the law clearly permits, they're still vulnerable. Look for more litigation on this point.
The lawsuit you're referring to is Jewel v. NSA (http://en.wikipedia.org/wiki/Jewel_v._NSA) under Jeffrey White. I found it interesting that White initially shut down the ISP mirroring Wikileaks, and later reversed his decision less than a month later. From what I hear, it's very rare for federal judges to reverse their decisions. I think this has some potential.
Trust is the central issue, as you are correct that no Snowden leaks have demonstrated illegal activity. Without trust, it's just as easy to argue that the next president can use our secret weapons and will only be prevented from starting a nuclear war because of political policies. We trust the government with enormous power (including enough weaponry to destroy the entire planet and enough surveillance to defend our national interests).
@mpyne: Thank you for the dose of common sense in what has become an unrecognizable hyperbole circus over the last few weeks.
> What's to stop the Combatant Commander in charge of USNORTHCOM from taking over the government by force?
Are you serious?! The US armed forces are comprised of AMERICANS. They're hardly going to turn against their own democratically elected government, it completely goes against everything they believe so strongly enough as to take up arms to protect. That is what is stopping it, not some regulatory checks and balances.
You are missing the limits that simple practicality has on each scenario.
There is an enormous difference between a military coup and the kind of risks the NSA databases create. A military coup requires tens if not hundreds of thousands of military to agree that potentially killing their neighbors and maybe even own family members is a necessity. For the NSA databases to be abused all it takes is a handful of motivated actors to quietly blackmail specific individuals. Not unlike the FBI tried to do with their surveillance tapes of Martin Luther King.
You mean like the background checks and audit trails that prevented Snowden from absconding with all those documents?
Background checks don't stop people who think they are righteous and audit trails are only as good as (a) the audit policies and (b) the auditors. Snowden was pretty explicit with his claims that putting down any half-assed justification was enough to satisfy the auditors.
Get it up to a couple of hundred and we'll talk. But if you think you can do that simply through process rather than physical design, we won't talk - process can not address the problem of turnkey tyranny.
And in your view, the US army hasn't already been asked, and complied, to shit all over those things, repeatedly? Some soldiers speak out, a whole lot kill themselves, but where is the resistance you speak of?
> it completely goes against everything they believe so strongly enough as to take up arms to protect
Of course this is true for many people. But for all? How many people go to the army because it's a job, or paid for education? How many people could make more in another way, but chose to join the army because they, as you say, so strongly believe in defending their countrymen and the constitution?
I don't mean to say there aren't many brave people who joined the army for all the right reasons. It doesn't even matter what the army is used for, I still respect those people even when they're misled. But exactly because of that I also have to acknowledge the sadists in their ranks, the people who want to be with the invincible team etc. Those exist, and with good enough indoctrination and good enough technology, those are all you need.
Also, the conscience can be routed around by deception just fine; yeah, there's all these idealistic people signing up for the army... and then they get drilled, and some of them start considering civilians as something else entirely pretty fucking soon.
And then there is the not minor fact of increased automatization and focus on robotics. In my worst expectations, the job of the American soldier of today is mostly to keep "the establishment" afloat for long enough until it can kick out the ladder under itself for good.
How do you propose to upgrade the standards from "least untruthful?" Our current safeguards are the butt of that particular joke. The reason you need to beg people not to dismiss the idea out of had is that dismissiveness is all we gave gotten regarding this matter so far.
Well you could make the system(s) themselves report the truth and take the human analyst or supervisor out of the loop completely.
For the rest, there's all sorts of possibilities; 2-man concept, independent review by a supervisor, randomized blind audits by auditors who are themselves double-checked by randomly assigned auditors, periodic audits & surveillances of the analysts themselves to ensure procedural and policy compliance, the list goes on and on. There's not exactly a shortage of government agencies that can be raided for "best practices".
But... I think the reason I have to beg people to not dismiss the idea out of hand is that the conclusion is already mostly formed for many of us. Certainly I would hope that our default reaction to hearing that a massive Internet surveillance program is going on would be WTF??!. But that doesn't stop me from wondering if it can actually be done in a way that does not endanger free society and still protects individual liberties.
And even if it can be done, it would still need to be shown that it's useful to do. But I think many of us have foreclosed on the very idea.
I do want to appreciate your attitude here. I'm sure all those things you mention can and would be gamed, but at least you try to keep fighting instead of giving up. Reading some comments about the PRISM case on HN makes me feel like we should just lay down and die while the world shreds itself apart.
Seriously?