Interesting to get a look at what it's like to be inside the bubble. It's compartmentalized enough that the individual actors can justify their actions by the assumed competence and benevolence of the others.
> I didn't test it, but I'm sure there was automated analysis that prevented or flagged use of US selectors.
The mental leap here is subtle, but substantial. Since I have been told I can't use US selectors , I assume the system enforces this. As such, US citizens have nothing to worry about. However, in the immediately previous paragraph, he noted:
> one employee spied on a spouse
So much for automated analysis, besides not being able to filter out US citizens' data it can't even filter out an employee's direct family. But there's no need to worry citizen, the NSA has a very high-quality workforce.
In the NY Times this morning was a piece noting that the government has concluded they don't know what files Snowden took with him (http://www.nytimes.com/2013/12/15/us/officials-say-us-may-ne...). The most technologically advanced intelligence agency in the history of the world and they have no idea what files were electronically taken by one of their own. One of their own who passed the background check by the way--I don't know why the OP is so enamored with the polygraph.
What's particularly interesting is that some of the recent disclosures don't seem to be visible inside the bubble. Take this assertion, for instance:
"The NSA copy of my emails won't be viewed by police or FBI investigating me about marijuana use, for instance. Law enforcement might get a search warrant and retrieve a copy from Google, but not from the NSA."
In fact, it's been known for months that the DEA receives intercepts from the NSA in such volume that they have an office devoted to handling them (the DEA's "Special Operations Division"). And as for search warrants, the manuals for that office describe a practice of "parallel construction" which involves, not to put to fine a point on it, lying about the ultimate source of the information they're using, with the clear intent of evading judicial scrutiny.
This is an interesting article, thanks for sharing. Your summary does not quite reflect the article though. You say "In fact, it's been known for months that the DEA receives intercepts from the NSA in such volume that they have an office devoted to handling them (the DEA's "Special Operations Division")", which to me created the impression that the NSA was funneling large amounts of information about US citizens to the DEA.
However, the article actually says: "...two dozen arms of the government working with the Special Operations Division, including the Federal Bureau of Investigation, the National Security Agency and the Central Intelligence Agency.", and later that "the Special Operations Division of the DEA funnels information from overseas NSA intercepts, domestic wiretaps, informants and a large DEA database of telephone records to authorities nationwide to help them launch criminal investigations of Americans. The DEA phone database is distinct from a NSA database disclosed by former NSA contractor Edward Snowden." [emphasis mine]
It's quite possible that the NSA passed only occasional information about non-US citizens - it's impossible to tell from that article - if that's the case, then to many people they're acting within their mandate.
I'm not trying to defend the NSA, and I'm deeply troubled by the implications of mass surveillance. But it's important I think to be clear about the claims we're making since otherwise it's easy for people to dismiss us.
Thanks for the close reading. I guess it depends what you think "no domestic intercepts" excludes, and how much you believe that everyone in the NSA follows the rules. Even if most of them do, a few have the tools to become a very big problem --- and the rest of the organization wouldn't necessarily know, since in an organization like the NSA, people aren't supposed to know what's happening in the office down the hall.
To start with the scope of what's available: it almost certainly includes data on US persons "incidentally" acquired in taps on an authorized target. I'm not aware of anything on DEA procedures there specifically, but as for the general rules, see here: http://www.emptywheel.net/2013/11/08/the-intelligence-commun...
Of course, even if NSA analysts know that they have DEA "customers" (as they apparently call the recipients of their intelligence), it might be a breach of the rules to select overseas targets which would be likely to have domestic contacts of interest to the DEA. But given that knowingly breaking the rules in pursuit of an authorized goal seems to count in NSA audits as mere "lack of due diligence", and not classed as "abuse", I'm not sure how much comfort to take from that.
It really depends on how widely it is reported. Government employees even those with clearance are prohibited from looking at the wikileaks cables. If it makes it into the NYT and they see it, then it is ok. But they can't actively dig for it. Direct from the mouths of government employees.
Again, an assumption that a magical unicorn guards the morality of being told what someone can or cannot do should be understood as a non-trustworthy system. Especially one that is referred to as the NSA in very general terms - as they have no control over employees or data dissemination / exfiltration. And, yes, the last statement is fact based on all of the supporting evidence in the public domain. If one thinks otherwise I politely redirect you back to aforementioned magical unicorns.
Outside of magical unicorns, what kind of unicorn should guard things? I'm afraid automated systems don't offer either the coverage or the flexibility to provide what you think should be provided.
Yes, but why can Loren Sands-Ramshaw use a blog, where he critics his employer and also use Kickstarter without getting fired? Not that I want him to get fired, but I worry that he risks his job in telling us this critical information!
Aren't those things, a spy shouldn't have? Is the working strategy, filling the web with disinformation about NSA employees, or is it to never use the web with a real identity for the period of contractual employment?
I mean, from a technological standpoint, every single HN member would love to work for the NSA. Because they have an extremely sophisticated set of technology that people would like to get their hands on. (Well, that's at least what we think they have). Keep in mind though, that in reality only a very small percentage of HN would actually like to work for the NSA! This is not because of the recent revelations, but because the government in general has not a positive image for most hackers.
He's no longer employed by the NSA. He left to play with a startup and some personal coding projects; the last paragraph of his post links to them. Any discussion of his employment there still gets reviewed by the NSA, but that's routine for anyone who does classified work. (And he does say up front that he sought that review, and that they had no problem with him posting what the rest of us read.)
Then it's even more important that we read this blog post in the knowledge that it's the one that made it past NSA screening. We'll never know how many didn't.
What's the legal term? I think it's "double construction"? Where the prosecution knows it's you from illegal means (wiretap/NSA spying) but by that knowledge can go back and construct the legal case in reverse.
It's been rumored that Dread Pirate Of SilkRoad case was figured out that way.
> What's the legal term? I think it's "double construction"? Where the prosecution knows it's you from illegal means (wiretap/NSA spying) but by that knowledge can go back and construct the legal case in reverse.
I think the technical term is either "perjury" or "fraud on the court".
The euphemism, though, is "parallel construction".
It is not necessarily illegal means, but simply means that the government do not want to expose in open court. Perhaps this is because they are illegal, or perhaps revealing the source of intelligence could compromise an active intelligence operation. The NSA does not want its methods exposed in open court. You will probably say that this is because they are illegal. But an equally plausible explanation is that revealing details of their capabilities is of benefit to their adversaries.
The story around DPR getting caught started in him making posts that had personally identifiable information from his anonymous accounts in the very beginning, not from illegal searches.
That's just a really long scraping / pattern-matching exercise of publicly available data, and the reminder that even particularly clever people won't be on point 100% of the time.
Or they did find him illegally and found later on the public pattern-matching exercise to justify their findings. Which is exactly the point of parallel construction.
Yes, this stood out at me too. As soon as I read that statement, I knew the author was either lying or underinformed. Thanks for providing the article.
> It's compartmentalized enough that the individual actors can justify their actions by the assumed competence and benevolence of the others.
I've talked to this before but this denial and self delusion is an important defense mechanism. Sometimes people write blogs and get into apologetic because they feel an internal dull pain of an inconsistency. "Hmm it looks we NSA did all these pretty bad things. I worked for them NSA. Surely I couldn't have worked for the bad guys." and then <proceed rationalizing and defending NSA, might as well put it in blog form>.
That cognitive dissonance, I believe, is pretty powerful. A lot of dark secrets and past transgressions can be filtered so well throw it.
Seriously, you can't win. Here you have an actual former NSA employee giving a first-hand account of his time there -- and not only his account doubted for no reason other than failure-to-comply with known-biases and unverifiable journalism, but some guy is now providing psychological analysis of him as well!
Some know-nothing armchair psychologist who read the NYT is telling this guy -- who has made an honest effort to be utterly transparent -- that he's cognitively dissonant and that comment is going to receive a hundred votes because it makes people feel good about the things they think they know. It's not truth, just an exercise in mass delusion.
The most extraordinary thing about Snowden is not that he took the documents: it is that he sacrificed his whole life to make them public.
And this should make us scared. A guy like Snowden was extremely improbable, and yet he happened. So, what to think about the far more likely case of NSA employees taking extremely sensitive information and selling it privately? How many of those have there been already?
1000 times this. If Snowden could do what he did and the NSA doesn't even know what he took, it is inevitable that a hostile foreign government will infiltrate the NSA. It is also highly probable that there are people in the intelligence apparatus that are abusing their power in some way or another.
There have already been about a dozen cases in the NSA of 'LOVEINT' where employees were spying illicitly on love interests. From what I recall, all of those people volunteered that they were spying illegally on their own, none of them were caught by any internal review process.
Well, following his explanations, you can fail the polygraph and just do it again. The cost of failure is zero, so really just keep trying.
(I personally loved the bizarre mix between cyber war, nukes and North Korea. He seems to have the mindset of a paranoid Stalin, always wary of others when he's the one terrorizing.)
Definitely a bizarre mix, I thought it was a parody a couple of times. To combat the threat of nuclear war with the completely isolated totalitarian state of North Korea we must create and store copies of all global communication... (Of which approximately none will have originated in NK, our intelligence agencies still literally watch NK news broadcasts to find out what's going on in NK.)
Yes, but you don't copy all communications to try and find the astonishingly small number from the most closed-off country in the world. This is how the NSA gets smart people to build something they would never set out to build--an all powerful global snapshot of data.
They tell you about North Korea and your radioactive future. You like big problems and give it your best effort, perhaps thinking that you had a small part in saving the world. Then one day you read in the New York Times that your well intended project doesn't just scoop up communications from North Korean thugs, but what you helped make is collecting communications on everyone. It's helping the DEA illegally bust people. It's helping diplomats illegally snoop on our allies. It's helping keep US companies aware of what non-US companies are doing. Etc etc.
tl;dr Anyone could be a terrorist, everyone must be monitored.
> Yes, but you don't copy all communications to try and find the astonishingly small number from the most closed-off country in the world.
What would your collection proposal be then?
You can't determine data of interest until you have sufficient data to determine if it's of interest in the first place. Even the NSA doesn't have an Oracle computer that can look into the future and figure out what vanishingly small percentage of communications are just the ones they should be interested in. If they did, they could also solve the halting problem and rewrite the history of computer science and time-travel.
Remember, the standard the NSA is held up to is that it should not only be following known bad people who are/might be doing bad things, but to ferret out the unknown bad people. Every time there's a Boston or similar, everybody goes and climbs all over the NSA for "not knowing about these guys"
You can't do that until you have a sufficiently large enough collection of unevaluated data to start looking through.
I'm not saying it's right or wrong, only that it's the reality of the task spy agencies have before them.
I absolutely don't dispute that. I am merely pointing out that there is a small number of messages to intercept. The traffic with the AQ Khan network would be a good example. That said, no, it does not justify turning the world into a surveillance state.
> Well, following his explanations, you can fail the polygraph and just do it again.
He didn't say you had an arbitrary number of opportunities to pass, simply that the screening (of which polygraph was one of many he mentioned) is such that it's not as if NSA analysts are able to simply wander their way into the NSA so that they can then spy on the people.
That doesn't mean people can't make it through all the screenings (just ask Snowden), simply that it's one of many safeguards that are put in place to make it so difficult to land an NSA job for nefarious reasons that the many other layers of oversight and controls should be adequate to prevent gross abuses.
> The mental leap here is subtle, but substantial. Since I have been told I can't use US selectors , I assume the system enforces this. As such, US citizens have nothing to worry about.
I think it's fair to say most rank and file NSA employees are honest and actually do believe in their mission. The far scarier thought is how things may work at an extremely senior level (contractors included), where there's literally nobody there to watch the watchers, or at least challenge them without being fired and blackballed.
That said, "US selectors" shouldn't return the results that they do in the first place. Obviously there's incidental collection, which is unavoidable. But the notion of incidental collection, as with metadata collection, was hijacked and used in public relations messaging as a cover for actual domestic collection programs that intentionally capture the full contents of nearly all domestic communications within the United States.
Despite exceptions such as the article above, this messaging has largely been successful. Even The Guardian and The Washington Post---organizations who publish stories directly sourced from documents leaked by Snowden---routinely fail to underscore the critical difference between actual collection, and "collection" in the sense of mere authorized access to data that's already intercepted and stored. The two have been intentionally conflated as part of a semantics game, and it's working beautifully to mislead the American public about what's actually happening.
> That said, "US selectors" shouldn't return the results that they do in the first place.
Determining if a "selector" is tied to a U.S. person is actually a very subtle and very hard problem.
Let's take a phone number +1 (212) 555-1234
Is this a US selector? It's a selector for a phone in the US, but that's not the same thing as a phone number tied to a US citizen. Let's say I'm following a senior North African pirate with a Maltese mobile +356 2010-1234 and he calls/is called by my number above?
- Should I follow it? Or is it absolutely off limits for me because it happens to be a U.S. number?
- How do I determine if it's tied to a U.S. person?
- What if it's a shared number between a group of associates, all of whom are not U.S. persons except for one?
- Is that number off limits now?
- If it is a U.S. person what should I do with it?
- Pretend it doesn't exist? Turn it over to U.S. Federal law enforcement? Who should I turn it over to? DEA? FBI? ATF? DHS? The Coast Guard? U.S. Customs and Border Patrol?
It's actually a significant intelligence task to figure this out.
However, my statement was not intended to be read in isolation, but in context of "domestic collection programs that intentionally capture the full contents of nearly all domestic communications within the United States." I was referring to the bulk interception and subsequent long-term retention of data on US persons.
The implication of my statement was: assuming this type of collection didn't exist, selectors related to potential US persons (for whatever reason) would simply return intercept data beginning from the time said selector was invoked.
Contrast that to the present, where selectors are capable of retroactively returning the sum total of a US person's digital (and by some extension physical) life for the past 5+ years.
It's commendable that the procedures for accessing the data of potential US persons are so stringent, but at the end of the day there is still an incredibly intimate and detailed picture of almost every single US citizen's private life being retained on a long-term basis.
> The mental leap here is subtle, but substantial. Since I have been told I can't use US selectors , I assume the system enforces this. As such, US citizens have nothing to worry about.
For the life of me I cannot figure out why people refuse to accept the concept of training and policy as being relevant to proper civil liberties safeguards in addition to technical ones.
Imagine applying that idea to any other field, and keep in mind the unintended consequences.
For instance consider from a soldier's perspective "Since I've been told I can't shoot citizens or non-combatants, I assume the system enforces this. As such, US citizens and non-combatants have nothing to worry about." And yet our troops do have issued firearms (at least during things like field exercises and training), and the republic has not fallen to a coup. There are missile siloes dotted throughout the Midwest, yet no rogue junior officers or missileers have launched ICBMs at people.
You're missing his greater point, which seems to be that it didn't even occur to him to "test the interlock" since he knew that by law and by policy, it was wrong to even try. He also made quite clear (if you'd bother to read to the end instead of cherry-picking quotes to declaim) that this doesn't mean such technical controls can't or shouldn't be strengthed, merely that there is indeed a "culture of compliance" among the analysts instead of a bunch of voyeurs.
> > one employee spied on a spouse
> So much for automated analysis, besides not being able to filter out US citizens' data it can't even filter out an employee's direct family. But there's no need to worry citizen, the NSA has a very high-quality workforce.
Is it really your claim that a workforce must be 100% perfect in every way for an organization to be legitimate? Even the anarchists don't try to claim that there won't eventually be murderers amongst them, nor is there anywhere else in the real world where spouses are always exceptionally nice to each other in everything they do. Just ask Ashley Madison.
> The most technologically advanced intelligence agency in the history of the world and they have no idea what files were electronically taken by one of their own.
They also haven't solved the Halting Problem.
But anyways I know I'm going to be speaking to an uncooperative crowd but perhaps you all should consider the high-level points of his "peek inside" and then discuss the ramifications of that, instead of always drilling down into the weeds. Many of the same arguments used here could be used with equal logic toward every large civilian IT concern, which would tend to devastate the need for things like YC capital. :P
> Imagine applying that idea to any other field, and keep in mind the unintended consequences
The difference from other fields, is that the consequences in other fields are public. If a soldier shoots someone, that someone is dead and can prompt an investigation.
If someone in the NSA abuses his powers, it is very likely that nobody will ever know. Or be able to know. No investigation will be triggered, and even if one is, it cannot possibly gather any evidence.
> If someone in the NSA abuses his powers, it is very likely that nobody will ever know.
But this claim is only a concern if an analyst can unilaterally abuse his power and never be caught. Are you saying this type of surveillance capability would then be acceptable if proper accountability and oversight safeguards can be emplaced?
If anything this should be one of the easier things in the world to do, putting audit trails on computerized systems is hardly "pro league" stuff.
But either way, you say that the consequences will at least be public in other scenarios. But that's not really true either. People get shot every day in this country; how do you know that any given shooting wasn't from a soldier? How do you know when the government lets a contract that they actually fully complied with the Federal Acquisition Regulations? How do you know that when a Congressman votes against his normal voting habits, whether that vote was due to his conscience or due to someone else's wallet? How do you know that when the NSF gives one scientist a grant and refuses another, that it was done in the public interest?
You don't know any of this, as a rule, and yet many of those are much more impactful on the average citizen, even if we assume the existence of lapses in oversight.
As far as I can tell with government IT, your data will always be at more risk of being leaked to cybercriminals via hacking or stupidity (the latter has happened to me already!), than be at risk of being looked at by a rogue NSA agent.
I thought the track record of the US Government on the matter was pretty clear:
1) Write down the law
2) Break it
3) Retroactively make the violation legal
Wrt to what oversight exists, well... the fact that they have no idea what material Snowden took with him is telling. But that's not what I'd be the most worried about. How hard would it be for the White House to ask information about a specific individual for "national security" reasons?
> But either way, you say that the consequences will at least be public in other scenarios. But that's not really true either. People get shot every day in this country; how do you know that any given shooting wasn't from a soldier?
I'm not a US citizen, but I would think murders are investigated by the police. It's usually difficult to hide.
> How do you know when the government lets a contract that they actually fully complied with the Federal Acquisition Regulations?
I suppose there are audits? Not to suggest that abuse does not exist, but I assume there is some oversight.
> How do you know that when a Congressman votes against his normal voting habits, whether that vote was due to his conscience or due to someone else's wallet?
You certainly don't, but you can make an educated guess.
I'm not sure what you're trying to say here. That the NSA doesn't need any form of oversight, and can be 100% trusted with the power to snoop on everybody belonging to any country (knowing - in case you thought "I don't care about these dirty foreigners as long as they promise not to look at US data" - that nothing prevents them from asking another Five Eyes member about your whereabouts without breaking the rules)? From the same government which gave you Guantanamo, extraordinary rendition, warrantless wiretapping and extrajudicial executions-by-drone? Their definition of legality is terribly elastic.
> I'm not sure what you're trying to say here. That the NSA doesn't need any form of oversight, and can be 100% trusted with the power to snoop on everybody belonging to any country
That's not at all what I'm trying to say. In fact I would argue very strong oversight is needed, but I'd also argue that very strong oversight is possible in the first place, which means that oversight (or not) is not the proper reason to argue about the very existence of the program in the first place.
In other words, the program(s) are either required or not. If they are required, determine the needed level of oversight and install it. If it's not required, then it's not required and discussions about oversight are simply redundant.
>If someone in the NSA abuses his powers, it is very likely that nobody will ever know.
You mean, besides his family, friends, and loved ones when he loses his job and potentially ends up in prison. You're underestimating the amount of training and internal oversight that occurs.
Folks have lost clearances and jobs. I don't know about prison time. But I do know the fear of these things happening is a motivating factor not to cross the line. But I'm just some guy...
The problem here is that you trust the organization to police itself, whereas it has little incentive to actually do so effectively.
The cases of caught individuals seem to have gone under-punished, as they sound worthy of prison time.
Also, even if the NSA polices against personal abuses, why would it police against systematic abuse for government's purposes against the constitution?
Self-policing does not work well, especially without elaborate mechanisms to enable it to work, and especially with a combination of secrecy and lack of oversight.
I'm not saying I trust it to police itself. I'm trying to suggest that the environment in which NSA analysts work does have a (positive) material effect on their behavior. Non-systemic transgressions are not common. When Snowden said he was able to check Obama's email, that angle was lost.
Now, systemic problems are a different issue. But the article we're all talking about here is written by an analyst from his own perspective.
This reads like it was penned by someone who's never heard of the Stanford Prison experiment or Milgram's research. When I read "I have a very high opinion of my former coworkers ... NSA employees are the law-abiding type ... You take a long automated psych test that flags troubling personality traits," I take away "the NSA is full of the kind of person who won't look at the big picture, who will follow orders without exercising critical thinking, and who can be counted upon to be a Good German."
The problems that the HN crowd (speaking broadly) has with the NSA and related entities, are systemic problems. They are not about, "is act X legal or not," they are not about "was this particular incident harmful or not." They are about root of the thing: about the high-level agenda, about the strategies, about the ideas. It does not in the least address these concerns to say "oh, my coworkers are fine folks, we work hard to obey the law, there are scary people out there!" This says nothing to the counterarguments of "we shouldn't have to trust you" (really, you could say that the field of cryptography is about replacing situations where you have to trust a human with situations where you only have to trust math), "the law itself is a problem," and "you haven't proven that you are doing more or better compared to other ways we could push back against scary people."
As with any government agency, the more they insist that they must not be held accountable, the more accountability we should jam down their collective throats. The first sign of someone who can't be trusted with power is that they ask for more of it.
I take away "the NSA is full of the kind of person who won't look at the big picture, who will follow orders without exercising critical thinking, and who can be counted upon to be a Good German."
That is exactly right. Employees of intelligence agencies are selected primarily for loyalty, not critical thinking. Most people find that hard to believe, especially those inside who tend to have a very high opinion of themselves. In intelligence, recruiting independent minds is a mistake.
Yeah well back then we had actual opponents. North Korea are crackpots, and some fundamentalists prefer living with goats in caves to comfortable air travel, but never in a million years will those cranks be the threat that the Axis or even the Soviets were.
Do you believe that China isn't a worthy enough competitor in electronic espionage? Or the occasionally conflicting interests with Russia and other countries?
The main job of NSA isn't to support short-term military operations in whatever location they're fighting today, they have to ensure that if they suddenly need to focus on country X, then they already have years/decades worth of collected intelligence.
Obviously North Korea isn't near the threat of the Soviets/Axis, but I'd say they have a very real capability to destabilize, at the very least, the Korean Peninsula (non-violent dissolution), and at the most all of SE Asia (A nuclear attack/violent dissolution)
There was an article about how they prefer to hire Mormons. It was interesting because this was before it was revealed that the largest NSA DC was to be built in Utah.
Wow, way to throw an entire religion under the bus to "prove" that the NSA is only looking for mindless zealots.
I have heard intelligence and law enforcement agencies like Mormons for things like being bilingual (many have learned a second language while serving a two-year mission full-time) and being drug- and alcohol -free.
Disclosure: I'm a Mormon. I can't blame people too much for thinking we are all unquestioningly loyal zombies, but I think we all know it's not really a fair point if you're trying to make a logical argument.
The article is basically irrelevant. Someone said intelligence agencies select "primarily for loyalty, not critical thinking." Someone else wondered how this can be known. You said because they like to hire Mormons. (Maybe you didn't mean "because", but I can't imagine any other implied connection between the post you replied to and your own.)
See why it's offensive? at least without well-cited statistics demonstrating that many Mormons are more loyal than average and will not think critically if following an authority figure? It's like someone said banks value greed, and you answered "Yeah, because I read an article that they prefer to hire Jews." I don't know, maybe I'm reading too much into your post.
In context, you were taking it as read that Mormons are known "primarily for loyalty, not critical thinking" (not your quote, but from grandparent post) and assuming that is the only conceivable reason a government agency could want to have them. I doubt that a well-written article you read used that kind of presumptuous, circular logic. It probably just said intelligence agencies like to hire Mormons.
The apparent incorruptibility of Mormons' moral righteousness make them ideal candidates for the nation's law enforcement and intelligence agencies.
Mormons are disproportionately represented in the CIA. A recruiter told the Salt Lake Tribune that returned Mormon missionaries are valued for their foreign language skills, abstinence from drugs and alcohol, and respect for authority.
>See why it's offensive?
Why should I be so sensitive to what offends you when I am simply referring to something someone else wrote?
Thanks for the article, but you still don't get it. It's not the words you said, or the existence of an article that said them first, it's that you said them in a context that seemed to circularly "prove" both that Mormons are known "primarily for loyalty, not critical thinking", and that NSA values those personality features above anything else, all under cover of an accurate statistic from a reputable article. If you care to understand or to convince me, look at my hypothetical Jewish thread analogy from last post and explain why it is either a) not offensive/illogical, or b) is not a fair analogy to the thread here. (To be honest, I probably would have said nothing if you had targeted another group, but I still would have found your post illogical and prejudiced.)
Either I am completely crazy here, looking for offense, or you can't empathize very well. I feel that I really don't care or get offended if individuals think I or any other Mormons are just loyal robots or gullible fools, or NSA et al. like hiring us for it, but it's totally illogical (and offensive to the spirit of healthy, honest discourse) for you to cite either as if they're a proof that the NSA only wants loyal robots. And maybe that is a completely misunderstood characterization of your original comment, but all your replies have been doing are re-emphasizing the parts I don't disagree with and seemingly ignoring the real issue. I'm not even demanding an apology or anything, but some sort of recognition of my real point or a nuanced rebuttal would be nice.
Minor nitpick: at cryptography you are not trusting math, because it has not been mathematically proven that no algorythm exists to break a certain crypto method in five seconds on an off-the-shelf processors given only the cyphertext (except possibly for one-time pads with their drawbacks).
But after hardworking experts try and fail for years to break a crypto method, you can somewhat trust that attackers won't find it either.
> As with any government agency, the more they insist that they must not be held accountable, the more accountability we should jam down their collective throats.
Did you read the same essay I did? He didn't argue for less accountability (indeed, he argued for more). He did argue that the capability had to remain in order for the U.S. to maintain its ability to survive in the ongoing shadow cyber battles.
I agree with you that the high-level concerns are the real key, but you seem to working at it in the opposite direction. You have a specific end in mind, seemingly independent of any high-level examination of the effects of achieving that end. Then you say that the high-level things (law, trust, comparisons, etc.) should be arranged to meet the specific end.
Rather I'd argue it from the other direction, just as I have from day 1 of all of this: Does a country need to have the ability to monitor the goings-on of electronic communications (including the Internet) for its welfare & national security purposes? If so, what capabilities are needed? Is "pre-emptive self defense" needed (or even allowed)?
Do the totality of these capabilities introduce a risk towards civil liberties, or otherwise conflict with law? If so, can they be mitigated, must the law be changed, or should the state simply abdicate its security/welfare reponsibility (noting that it would be only the US doing the "abdicating" here)? Can the state employ other capabilities that can achieve the same essential effect with less risk on civil liberties?
Some of these questions you touch on, e.g. "you haven't proven that you are doing more or better compared to other ways we could push back against scary people.", but many are ignored completely as it is simply assumed that absolute privacy on the Internet is sacred (but only for the NSA; criminal organizations, other nation's intelligence agencies, and the local cypherpunk wardriving around are obviously not a threat), even while absolute privacy on the old landline phones was never a reality.
The best argument I've heard so far has been that the sheer scale of this type of network surveillance, along with its near-undetectable nature, makes it different in kind. I actually agree with that viewpoint, but I also think that this matter of scale makes it possible to install good oversight and accountability if the capability is actually needed. It would take probably at least 10 people just from a "command + control" sense to launch a U.S. nuclear missile; there's no reason even better accountability, oversight, and specific legal guidance and safeguards can't be baked-in to a one-and-only central monitoring system.
But the question is whether we need the capability, and no one seems to want to take a specific answer as to why the U.S. (and the U.S. alone) can survive without it.
"Even if you are not a citizen of the Five Eyes, you shouldn't be worried about your data being viewed unless you're involved with a group of interest, such as a foreign government or violent organization."
Huh, so:
- My best friend's dad was a spy in the CIA
- During the 70s and 80s my dad worked with Russian scientists (also ones from Poland and other Communist Bloc countries). Ecology stuff, mostly.
- I've been in "interesting" circles in the crypto arena, and know people who are almost certainly under surveillance.
So, how likely is it that my email is read, that my phone records are looked at, and so on? What are the chances that I'll have trouble the next time I cross a border or try to board a plane? One percent? Fifty percent?
Am I going to get my Name on a List because I've said that we need to stop allowing the NSA to build more data centers? That I think that Dianne Feinstein needs to be removed from office?
I don't do anything that interesting and my life is quite frankly pretty boring; my personal concern about any damage from someone looking at my emails to Mom is small. But I'd still like the government to get a lot smaller in this area because I'm afraid of what things will look like ten years from now, when data mining the innocuous stuff you did fifteen years earlier gets you Special Treatment at those DUI stops.
The "developed capacity equals intent" bullshit works both ways.
You have a great point, and the TL;DR of OP's entire post is "Unless you're doing something wrong, you have nothing to worry about."
Which is the slimmest argument I ever hear in favor of these pervasive civil rights violations.
I've never been a terrorist, never given any information to a foreign enemy, hell, I've barely ever even broken the law. But I do have a personal interest in Russia, speak Russian, and have been to Russia 14 times.
Am I on a list somewhere? Maybe I have done "something wrong" in the eyes of some automated, arbitrary algorithm that's connecting the dots of US citizens around the globe?
> Unless you're doing something wrong, you have nothing to worry about.
A nice comeback is to ask the accuser to apply similar standards as a universal principle. I mean if NSA didn't do anything wrong why worry about Snowden leaks. Or why doesn't Google show us their search algorithms?
If there is anything to learn here, it is that a specific enemy is not necessary. You could get back-roomed for having said "I like Froot Loops" in a private email a decade ago. It could be /arbitrary/.
> "Even if you are not a citizen of the Five Eyes, you shouldn't be worried about your data being viewed unless you're involved with a group of interest, such as a foreign government or violent organization."
This really is a key quote. Even if OP's assertions about the NSA are totally correct, even if all security protocols are followed to the letter, the problem still remains that they have a tremendous amount of power that can be used to target anyone deemed an enemy of the state.
I think a lot of contention on this issue revolves around how much you trust the government to appropriately designate enemies of the state. Many people believe the government is responsible about this, and that it will only go after people who a reasonable person would consider "dangerous." The problem, of course, is that the United States doesn't exactly have the cleanest track record of appropriately focusing its wrath:
(And yes, I know COINTELPRO was FBI, not NSA... I believe it's still an instructive example of government overreach.)
Anyone who defends the NSA on the grounds that it only targets those who are worthy of targeting needs to convince me that another COINTELPRO will never happen. I would actually welcome such an argument, since it would make me feel a whole lot better about this.
It doesn't even have to be on the level of COINTELPRO. See here:
> The history of the FBI Lab hasn't been without controversy. Dr. Frederic Whitehurst, who joined the FBI in 1982 and served as a Supervisory Special Agent at the Lab from 1986 to 1998, blew the whistle on scientific misconduct at the Lab. In a subsequent investigation, it was found that evidence had been falsified, altered, or suppressed, or that FBI agents had testified falsely, in as many as 10,000 cases, resulting in many false convictions. More than a decade later, cases were still being overturned because of this massive fraud.
So, an interesting question is, how many people do you think believe that all COINTELPRO targest in fact were 'worthy of targetting'? For some targets, the number of people who today think they were 'worth of targetting' may be way different than the number who may have thought so at the time. (If MLK was held in as high regard 40 years ago as he is now, he would have had a lot less work to to do).
Am I going to get my Name on a List because I've said that we need to stop allowing the NSA to build more data centers? That I think that Dianne Feinstein needs to be removed from office?
Beyond the monitoring, the deeper point of Big Brother in the book "1984" was the worry about whether what you were doing made you subject to punishment. Foucault also covers this in his discussions of the panopticon, where it is one thing to have a mechanism for constant and pervasive surveillance, and quite another when the windows of surveillance are tinted so you can never know whether the collection is being aimed at you.
Is this the best defense of the actions of NSA employees publicly available?
He spends a lot of time denying pervasive surveillance puts us in a panopticon where the FBI and other LEAs can observe everything we do. And never mentions parallel construction once.
He tries to justify a Cold War sized, and then some, security state by invoking North Korea.
This is a big bowl of very weak sauce.
The director's standard of candor is "least untruthful."
I really don't care what a mid ranking employee says about what the NSA will and won't do. EVERY revelation where people in this forum have given the NSA benefit of a doubt in the form of "they could, but they wouldn't" has max'ed out at "would do, did do, and trying hard to do it more" once more revelations have emerged.
"Project MINARET was a sister project to Project SHAMROCK operated by the National Security Agency (NSA), which, after intercepting electronic communications that contained the names of predesignated US citizens, passed them to other government law enforcement and intelligence organizations."
- http://en.wikipedia.org/wiki/Project_MINARET
The NSA has a history of sharing intelligence with LE, to state that the NSA is not a LE agency is extremely misleading, if not an outright lie. Not only did the NSA do this in the past but the Snowden revelations show that they continue to do this.
There's also little analysis (here or elsewhere) of the consequences of widespread data warehousing. Why pay agents to listen to personal calls, when you can stockpile intel for the day you might need it, and analyze it via algorithm?
I foresee a day when every American has a dossier, a smear campaign, and a law enforcement attack plan on file, in case they decide to "make trouble" for the powerful. It's highly probable we're there already. Look at the history of harassment against MLK if you don't believe me. Even if they're not doing it now, sweeping up all the data in perpetuity guarantees that they'll do it later.
(I may disagree with this guy fervently about the NSA, but I'm extremely psyched to try his mayo. Good for him for transitioning into something useful.)
It would be great to see a cheerful launch page for a satirical startup that automatically generated smear campaigns for governments against persons of interest. "We use of the expanded information capabilities of our client agencies to maximize the plausibility of our allegations!"
Pricing!
$8,000: General fear, uncertainty, and doubt (duration: 2 months)
$15,000: Complete discrediting (duration: 6 months -- best value!)
$50,000: Overturn their life with "Anonymous"-style harassment (e.g. triggered by c pornography "revelations" -- duration: two years)
The dossier exists in the form of all the collected communications. Moores law and Gustafson's law will allow your entire life to sliced, diced and trolled for breaches of the law in seconds. Lazy, deferred evaluation of the police state.
Why. The only (vaguely) scientific argument the paleo diet has against legumes falls apart when you're just extracting the oils (which is not where the "toxins" are). Apart from that it'd just be an organic no-preservatives mayonnaise, and that's already widely available.
It's just another example that this guy will swallow anything you tell him with sufficient amount of authority.
On one hand, I completely buy his assertions about China's pervasive hacking attempts/successes and that the NSA is our best tool for stopping them.
On the other hand, you're right on the money about parallel construction. In my book, that's the one thing that sent the NSA "over the line." It's good to hear that many NSA employees take the police/military distinction seriously, but we know for a fact that some higher-ups don't and he didn't mention the most egregious case of this, not even once. Also, he invoked the "it only happened if they get caught" assumption while commenting on the frequency of abuses, which is highly suspicious.
How can you defend a program in a public way like this without having the most basic understanding of what we know about it? Parallel construction is one of the basic story lines that has come out of the Snowden leaks.
They painted fascism with an American flag, and you ran it up the pole.
In a way its' embarrassing for the NSA to get a defence that is written by such a rube. But at the same time, the general public doesn't seem to be concerned, so perhaps it was unnecessary in the first place.
I could be wrong, but I think there is a bit of cognitive dissonance in your statement. I think you are slowly coming to realize that your actions were wrong; that you do need to defend them. The bad news is that you you fucked up, and you owe the Americans you pretend to care about an apology.
If you'd never heard of parallel construction before today, that seems to powerfully undermine your credibility. Why should we take you more seriously than someone who says "I was a secretary at the NSA for years and I never heard of anything bad happening, therefore nothing bad happened"?
"I was in the Computer Network Operations Development Program, and my office was S32X: Signals Intelligence Directorate (S) > Data Acquisition (S3) > Tailored Access Operations (S32) > Special Tactics and Techniques (S32X)."
I think it is reasonable to say that he is slightly more informed to speak on these issues than a secretary.
It's really not surprising he hasn't heard of parallel reconstruction, considering:
Also, there's no need to be so hostile. It's simply his point of view, and by the very nature of the restricted work environment at intelligence agencies, it's not reasonable to expect him to have a complete picture.
To quote the very post of his that you're replying to:
"You're right, abuses probably have happened more often than those caught."
He's hardly saying nothing bad ever happened, or that all abuses are known for that matter.
Credibility and scope are two different things. His claims can have limited scope and still be credible. I don't see any reason to doubt his character.
Come on, "left hand isn't aware what the right is doing" isn't just plausible, it's standard practice at any organization larger than a dozen or so people.
He never claimed to have more than anecdotal evidence regarding the NSA. He never asked to be taken more seriously than, as you so derisively put it, a well-placed secretary (actually, I suspect a secretary would have a much better high-level picture of what was going on, but I don't think you intended an actual comparison).
I'd like to thank him for adding his perspective to the discussion. Even though I'll be keeping my opinion, it is good to know that in some (most?) parts of the NSA, the culture of taking jurisdiction seriously still pervades. It could be a lot worse, and absent this admittedly anecdotal evidence it's difficult to know what to believe.
But it plausibly is just what a purports to be - a portrait of the mentality of a rank and file NSA employee (I don't see any evidence that he's even "mid-ranking" if "mid" means middle management). That mentality seems to be a fusion of "surveillance doesn't matter if you have nothing to hide" and "America is under siege".
The thing is, it is good that the NSA has a lot of sincere employees are not now simply there for the power. It seems like this means instances of surveillance abuse are only period rather than constant. This puts them above the level of local police, who tend to have a fair of "ex-high school bullies and wanna be bullies". Yes, that's good but given the NSA's unchecked power, if an "institutional drift" towards the cynical use of power began in earnest, there isn't much people could do legally to stop that. And that is very bad.
The most dangerous are the Cynics who pretend to be True Believers, they are the prophets who know damn well that the eschaton isn't here but that there will be money to be made in the reconstruction. Some folk don't mind how small the pile is as long as they can stay near the top of it.
EVERY revelation where people in this forum have given the
NSA benefit of a doubt in the form of "they could, but they
wouldn't" has max'ed out at "would do, did do, and trying
hard to do it more" once more revelations have emerged.
I find it increasingly scary how people continue to defend the NSA's actions in the face of these escalating revelations. It almost feels like Stockholm Syndrome.
This blog post does nothing to answer the fundamental questions that the Snowden leaks have raised. This man basically argues that, with few exceptions, everyone that works for the NSA is a true American and a patriot who only has your interests at heart and what is a little spying amongst friends anyway. Follow that with some scary hints about cyber war with nuclear responses to further raise the stakes (and the fear) to justify their dragnet surveillance police state. This man is a moron if he can't see that constitutional protections were not created to protect us from good people but bad people who can gain control of such a system in the future.
Moreover, if what he says is true that we are facing real dangers then the government has the obligation, in a free society, to reveal these threats and explain what they are doing about it. The method of using such secret threats as a basis for increase police powers and (implicit) suspension of constitutional rights is not proper for a free society.
If the result of the so called "war on terror" is a gutted and shredded constitution then I'd say the terrorists have won.
"Moreover, if what he says is true that we are facing real dangers then the government has the obligation, in a free society, to reveal these threats and explain what they are doing about it. "
Could not agree more. To make good decisions as a nation, we need good information. When everything's classified TS/SCI or above, most Americans are denied an accurate description of reality on which to base their decisions and their votes.
Bad guys may do bad things to us regardless of whether their conduct and methods are revealed to all or classified into invisibility. If the NSA revealed everything it knows and does, it would in the near term, wreak embarrassment and economic damage on some parties, but in the longer term would help us craft a better country.
By analogy, nobody would keep money at a bank that couldn't be audited. Why would you entrust your society's core values of privacy to a completely opaque government entity having no independent oversight?
I think that giving credit to the terrorist, and saying that they have won, is wrong.
The kind of paranoia that defense forces have operated under has always been there since WWII. The only thing different now it that people are a lot aware of what could be/is happening.
If we commit suicide by destroying the constitution and the freedoms it embodies then the terrorist goal of destroying America is achieved. I see your point though, they would not deserve credit for our failure to stand up to an internal threat, so consider it poetic license to dramatize my point.
There is no such thing as 'terrorists'. It is wrong to imagine that there is a group of evil doers [I am an ESL and this expression always cracks me open:)] that is (1) organized and (2) focused on an agenda to harm United States. If you think so then you fell victim of the greatest fallacy pulled by the government.
The deterioration of your way of life is not due to some struggle with imaginary bad people, but due to the evolution of your government, which is becoming more fat, arrogant, detached from reality and self-centric. NSA is a natural spin in such evolution, where you transform from Huxley's Brave New World to an outright 1984.
"We all know that it's illegal to look at a US citizen's data without a court order. I use the term "look" deliberately: the Agency makes the distinction that looking at data is surveillance, while gathering it from locations outside the US is not. We gathered everything, and only looked at a tiny percentage of it. I am okay with this..."
This is more perverse NSA interpretations of the law.
Collection is the crime.
It does bother me that the NSA asserts a right to hold copies of my GPG-encrypted messages indefinitely. It bothers me more that my web traffic, address book, or phone metadata ends up in a government database even if only temporarily.
I don't care if Google's computers were abroad or not, but they belonged to an American company.
The United States government penetrated the network and intercepted the communications of an American company. That's one of the most egregious violations of the 4th Amendment that the American government has ever committed. Don't pretend this is something that is right.
The NSA had no legal right to spy on me, and they did -- even if you say it's likely no one looked at the data. I don't care. Collection is the crime.
First off, congratulations for coming forward and giving what sounds like a honest account of your experience at the NSA. You haven't chosen the easiest forum to air your views, and that takes courage.
However, I can't disagree more with your views. You don't mind if [your] emails are copied to an Agency database and likely never read and because from a technical standpoint it would seriously impair our ability to spy if we couldn't gather everything. Really? You may be familiar with a certain Richard Nixon. How would you feel if a similar character came into power tomorrow? Imagine all the wealth of information at hand. All this... without independent oversight. The only thing you need is to make sure a second Snowden comes forward to explain how you're spying on your opponents. And I can't even begin to imagine how much this juicy information means in terms of economic intelligence. Of course, you cannot push this angle too much, because it would mean the end of the cooperation with your partners. This wonderful agreement you have to keep the free world safe. Thanks, but no thanks. I don't want security at this price.
History is littered with examples of power without accountability. And we don't need to go very far... just read any history book about the CIA. I'm sure their personnel is mostly composed of law-abiding patriots. This ends up the same way anyway: coups against democratically-elected governments. Drugs. Assassinations. Torture. And don't tell me that times have changed. The Guantanamo inmates are laughing at you. The Bagram inmates are laughing at you. Even John Yoo is laughing at you.
And that's only looking at it with the eyes of an American citizen, which I'm not. But in the end, what difference does it make? NSA, GHCQ, DGSE... Aren't you all cut in the same mold? You certainly sound like you believe in what you are doing. I'm sure STASI agents did as well, but they were never this successful.
No offense to OP, but this reads like propaganda to me. It feels like someone at the Pentagon realized they weren't winning the war of the minds of hackers, so they encouraged some of their own to blog about their experiences.
I hate to sound like a tin hat wearing conspiracist. I really do. But I wouldn't be surprised if there was some sort of concerted effort by the NSA to encourage a dialogue with hackers on platforms like HN.
Sorry for the paranoia OP. Glad you enjoyed your time at the NSA.
I set up an account to reply to this comment; I have an informed opinion.
I expect that the blog post is sincere. If the NSA or another government agency wanted to manipulate the discourse on this or a similar site, however, they would (not could, would) do so by setting up a large number of active accounts over a long period of time. These would promote articles without triggering voting ring algorithms.
For the last couple of years I have been an active participant in a part of the blogosphere that is inspired by Unqualified Reservations, a contrarian ("(neo)reactionary") blog. I recently discovered that many of the (active and quite long-standing) blogs and commenters in this online community are fraudulent. It is the situation described in Wikipedia's article on COINTELPRO: "pseudo movement groups run by government agents". This includes people with whom I've had email and even a Skype conversation.
Since the realisation, I've managed to have a little awkward and plausibly deniable dialogue with these "bloggers" and "commenters". The message seems to be that they view neo-reactionaries as a group of potentially violent dissidents whose memes, if they were to spread, would lead to serious public disorder. So it's a political broken windows theory, in which the NSA or FBI are guardians of public opinion (although I happen to be English). Apparently they have been watching closely and collecting "data" for over a year.
So, mtgentry, I don't think you are too paranoid at all. (Although I would have done until quite recently.)
I recently discovered that many of the (active and quite long-standing) blogs and commenters in this online community are fraudulent.
Realizing the potential awkwardness of this request from a stranger considering your message, is there anything publicly published about this particular situation?
Did the possibility ever cross your mind that the fake accounts and users are simply an attempt by a very small fringe group to bulk up their numbers and look like a more legitimate political concern?
Really? why should anyone trust in anything coming from the NSA when you are systematically lying again and again? why should we listen to anything you say when historically, part of your strategy is to try to influence the PoV of society || specifics groups?
Specifically: how are you so sure about what the NSA is doing? in your article you say that the NSA does not do SI on US citizens without a warrant, but how can you really know that if you are just another worker? I don't think you can... but hey, you seem like a smart person so why are you making that kind of statement?
> I was not asked to write this, nor guided in its contents by the government.
I find this hard to believe, especially coming from someone in your area: if there is no way for us to verify this statement, then how relevant can this comment be for us?
why should anyone trust in anything coming from the NSA when you are systematically lying again and again?
That's a bold claim - do you have any evidence that lorendsr, who is by his own admission no longer employed by the NSA, has been systematically lying again and again? Or that historically, part of his strategy is to try to influence society or specific groups? Or are you claiming that part of the NSA's employment process is the removal of independent thought and plugging into the collective hive mind?
> That's a bold claim - do you have any evidence that lorendsr
I meant "you" the NSA, not lorendsr... I don't know him.
But yeah, sorry if my distrust of people who say they worked for a government agency that has as its main PR policy lying and manipulating public opinion sounds harsh... I'm just a bit angry because I'm not a US citizen and I know that my use of pgp,otr,tor,i2p,self-signed certs is enough to make some powerful organization start registering every single move I do on the Internet.
Did your post have to go through some sort of internal review before you were allowed to publish it? I find it weird that you're allowed to blog, let alone blog about the NSA.
See bottom of post: This essay was deemed UNCLASSIFIED and approved for public release by the NSA's office of Pre-Publication Review on 11/21/2013 (PP 14-0081).
Hmmm... where do we find out about all the CLASSIFIED blog posts? NSA internal forums? Any place where there's a summary of these reviews as metadata, hence leaving the content "CLASSIFIED" ? Who is watching the watchers?
The government tells you what is classified and what isn't.
If you have ever been privy to any classified material, you will have made the decision to self-censor that information, to keep the essay unclassified. In other words, you will have removed information that the government told you it didn't want published.
Granted the control wasn't overt, but the government has influenced your writing via your past and the controls that were embedded when you went though your initial security induction.
If it works differently to this, please do explain it to me, as I would be interested to know.
I just mean that I wasn't told what to write by a USG PR person. The only thing I heard from the NSA about it was that I didn't have to redact anything.
I don't disbelieve you came up with all those points yourself, btw. Maybe you've never even seen that PDF hand-out. However, you couldn't have reworded this obvious piece of propaganda any better, if you did.
How would they encourage "internal" blogs though - asking directly would most likely raise flags, or a flood of insincere blog posts that would counter the desired result.
What I'd be more interested in is how much this issue is being discussed internally. If these discussions are allowed, or even surreptitiously encouraged, then I'd take that as a possible internal propaganda push, subtle as it may be. What's in the conscious mind gets written about, hence you'd see these kind of "justification" posts.
If there was very little internal discussion, or it was frowned upon, then I would expect much less of these blog posts, as it would potentially undermine your career...
They've also been saying "and we're not allowed to look at it without a court order, either." The laws and authorities that allow them to conduct their activities were all written by elected representatives. You can say the NSA might someday want to look at it, but it's kind of equivalent to asking what the point of having a constitution and laws is if they might changed sometime in the future.
I'm honestly gobsmacked by this blogpost... that anyone in a democracy thinks that hovering up all the data, will be safe from repercussions down the line, regardless of leadership.
I see a lot of negativity in this thread, but I think a lot of folks should stop for just a moment and consider the opportunity that's presenting itself: a former employee of the NSA is posting online about his experience and is an active member of HN. He doesn't appear to be in a position where his continued employment with the government would be an issue (he's apparently got his own business), so he doesn't have to worry about talking frankly about his experience, positive or negative (although I'd image that he's still under obligation not to reveal anything classified).
Just about everything we've seen about the insides of the NSA have come from only one source. Snowden was only employed there for 3 months, and has publicly stated that his primary reason for seeking employment there was specifically to gather information on NSA surveillance systems[1] - in order words, his opinions on the NSA were solidified before he joined. To top it off, Snowden is not available for interview.
I'm not even saying you're required to believe him. I do, however, think an insider's perspective has been sadly lacking from most of the conversation that's been going on. I don't expect journalists to have a complete understanding of all of the details regarding these programs and systems that have been leaked - they've never worked with them.
So, lorendsr, thank you for your contribution. Don't let the flat out negative comments get to you. I hope your post encourages others with a background in the NSA to share what parts of their experience that they can. Everyone else, please take advantage of this opportunity to ask questions, gain any insight that you can and don't just dismiss him outright.
Huh? An intelligence officer is exactly the type of person who wouldn't "appear to be in a position where his continued employment with the government would be an issue" while actually still being a government employee. Who's to say that he isn't still working with the NSA?
I'm far from a routine skeptic but c'mon ... This post sounds like a PR message.
Well, theoretically he could still be an intelligence officer. Claiming to be a former NSA employee who got out to start up a mayonnaise company is a frankly strange and unusually high-profile cover to work under. Maybe someone can order some mayo from him and tell us if he's legit.
That's what I was thinking - he is a fake and is using NSA to get you to his Mayonnaise. Honestly, those declassified numbers at the bottom of his post do sound made up.
If the US citizens like to be spied on by its own agencies, fine for me.
As a German citizen I'm not so happy that German citizens, politicians and companies are targets of spying of unprecedented scale and depth. As a consequence we (and others, too) will have to scale back the use of US hardware, software and services. Privacy, data security, confidentially etc. are not provided. A German company would be stupid to store data on servers reachable for US industrial espionage. It's really tough to avoid that - given that the US surveillance and spying is also done directly in Germany in a large scale.
Additionally we should also deny the US the capability to plan their targeted killings from Germany - for example from the US military central command for Africa - which is located in Germany. From there strikes with armed drones are planned and controlled. Unfortunately the German government does not seem to be willing and/or able to prevent that...
I am horrified by this essay. It's overwhelming how much disturbing information is in here. I am deeply saddened that someone so young has had their beliefs so strongly influenced.
Some of the most disturbing passages:
> it would seriously impair our ability to spy if we couldn't gather everything.
It is saddening to hear someone so young say this.
> I am an American patriot. Patriotism to me simply means that I care about the US and its future.
How often is the word "patriot" used internally in the NSA? Who is building up this false hero, blind to his own oppression? A synonym might be a "justifier" or "oppressor" or even more simply "someone who has not yet been oppressed."
The rest speak for themselves:
> The NSA copy of my emails will only be viewed if the Agency can convince a judge that I might be a foreign agent.
> The vast majority of unauthorized retrievals of US-person data are unintentional.
> ...the rare cases of unauthorized data retrieval were ... regular employees illicitly viewing communications for personal gain
> XKeyscore ... was an analyst tool that I had access to.
> NSA employees are the law-abiding type.
I am scared to respond to this article. How easily could I be labeled a "foreign agent"? Does criticizing the system mean I'm working for another country? Did the NSA try to demonize Snowden as working for the Russians? Everything you have written has only increased my fears. To hear the blind loyalty to the system that comes from the NSA's own employees means that nothing is safe.
I hope that later in your life, as you grow as a person and a citizen, you see the evil in the system you colluded with, and experience a deep regret about your actions. The same regret that lay citizens feel when we learn our tax dollars have built a criminal entity. The regret that we did not try harder to stop it, to read up on laws like the Patriot Act and protest more. The regret of our collective ignorance that has built the tool to intrude on everything we do.
Thank you so much, kind American intelligence guy, for having the grace to not look at USA citizens emails, all the while not even mentioning foreigners, who should apparently just lie down and take it.
As a US citizen, I assume foreign countries (esp. China) spy on me. But I don't go around bitching about that. Why? Because the US will protect me. China cannot hurt me.
On the other hand, when the US spies on me, I am much more threatened, because nobody can protect me from the US. If the US turns against me (for instance, for supporting the Tea Party), declaring me part of a "violent organization", I'm in real trouble.
tl;dr compain about your own country spying on you, not other countries spying on you
I think you are missing a point: US (cloud) companies do business with for example European companies/customers. The leaks suggest that all data a non-US customer stores with them is fair game for being snooped by NSA etc. without any judge or due process. This turns "complain about your own country spying on you!" into "Don't do business with an American company if you care for legal protection/are not stupid". But please continue to pretend that economy is confined by national borders.
> The leaks suggest that all data a non-US customer stores with them is fair game for being snooped by NSA etc. without any judge or due process.
I agree.
> turns "complain about your own country spying on you!" into "Don't do business with an American company if you care for legal protection/are not stupid".
I agree. As a US citizen, I was quite upset when my employer started mandating Gmail use, and this was before the Snowden leaks.
Foreign companies are obliged not to use US cloud services, just as US companies are obliged not to use Chinese ones.
That is all water under the bridge now. There is no going back.
So you are not actually rebutting anything I said.
U.S. law has never been compatible with E.U. data protection law as I understand it though, even before Snowden. The Europeans can't seriously have thought the U.S. wasn't engaging in surveillance (and indeed, they did know otherwise, with ECHELON), so what can be said for that other than "caveat emptor"?
Until multilateral treaties are passed dictating how one national jurisdiction will handle the data of another then every EU business using a US cloud service has just been using wishful thinking. And again, this was true even before Snowden.
Except that unlike with China, the US is allied with some of the foreign countries spying on you and assisting them in their data collection, and quite likely even using the results of that spying themselves. Likewise, I'm in the UK which is allied with the US and assists them in spying on UK citizens.
Not just lie down and take it, the foreigners should be re-assured that their communications are also shared to the USA's best friends:
> If you are a citizen of the UK, Canada, New Zealand, or Australia, you may also be glad, because everything the NSA collects is by default shared with your government (the default classification is TS//SI//REL TO FVEY, or "release to five eyes", which are the aforementioned countries and the US).
You are missing the important aspect of it, and that is, just like their citizens are fair game for us, we are also fair game for them.
I would be highly surprised if those agencies are _not_ allowed to "look" at our data, since they won't be breaking any "laws".
Fuck everything about finding loopholes and skating on the edge of what is legal. NSA has repeatedly lied so far, never apologied for it. A lie would come out and bam! exposed by Snowden's docs. It was spectacular to watch.
The bottom line is, I am more scared and afraid of our NSA than of the Chinese bogey men or "cyber warriors" out there. I have not seen anything but lies, trickery and dishonesty come out of their mouth. I think they are traitors and unpatriotic.
They are betraying fundamental principles this country is founded on. I can see how slimey mafia lawyers would want the laws re-interpreted to fit their clients' purposes ("well, it depends what 'is' is, your honor"), I don't want out government doing the same. It technically might be legal it doesn't mean it isn't shitty.
I am not one either. But I still have to obey the law.
Maybe that's not what's implied by that statement? But if not, what on earth is meant (more exactly, what was the author's intent in saying something that seems obvious and irrelevant if taken at face value; what am I expected to infer?)?
I meant that the NSA is only looking at your information if a judge suspects that you are a foreign agent. It will not look at your information to determine whether you have done something else illegal, which is what it would do if it were part of a police state.
>One current federal prosecutor learned how agents were using SOD tips after a drug agent misled him, the prosecutor told Reuters. In a Florida drug case he was handling, the prosecutor said, a DEA agent told him the investigation of a U.S. citizen began with a tip from an informant. When the prosecutor pressed for more information, he said, a DEA supervisor intervened and revealed that the tip had actually come through the SOD and from an NSA intercept.
>Wiretap tips forwarded by the SOD usually come from foreign governments, U.S. intelligence agencies or court-authorized domestic phone recordings. Because warrantless eavesdropping on Americans is illegal, tips from intelligence agencies are generally not forwarded to the SOD until a caller's citizenship can be verified, according to one senior law enforcement official and one former U.S. military intelligence analyst.
Except it wasn't and isn't. And that is the problem. Generally should be always, but we now know it's not.
And then to add to the list. "Collect" should mean "obtain" and not "use", and "metadata" is actually a subset of, and not different from "data". And "transcripts" and "summaries" are actually a form "content". "US Citizen" mean's a person who lives in the US, not "51% likely based on this metric", and "direct access" does not depend on who owns the land in which the particular section of cable is buried. And the list goes on. These words mean something, and when 'always' slips to become 'generally' - we have a problem. And when the one doing the slipping is a titanic behemoth of the size of the NSA, with as little accountability as already exists, we have an even bigger problem.
When the words used to assure us are twisted and misused, then the assurance does little. Trust is hard to earn back. Especially when we intelligent owners (US citizens) of the mechanisms and powers are not given access to their actual processes, or even their legal justifications.
And most important of all, hold people accountable if they're wrong about the "imminent action."
Same with torture and other unethical activities. Think you can save the city from nuclear destruction by torturing the brown-skinned guy? Sure, go for it. But you'd better hope you're right, because (at least in a just world) that's the only way you're staying out of prison for the rest of your life.
If I run a program to look at communications and it decides that I may have done something of interest, would you look at my file then? Where is the separation between collecting and "looking" when various pieces of code automatically determine interest and connections?
That's an overly narrow construing of the word "information". As you well know, metadata and location bits are considered "information" by anyone except the pen & trap zealots.
This guy is essentially validating the actions of the NSA because he calls himself a patriot and even admits he doesn't care about other countries other than his own: The United States of America. As an Australian I find this kind of attitude disgusting and I think it highlights a massive problem within the agency itself.
While I am somewhat more lucky than others being in a country that is part of the Five Eyes agreement, what about those not in a country that has signed the agreement? It doesn't make me feel any safer because it seems the concept of borders and rules in the intelligence game do not exist.
There is a lot of downplaying, "but your data is in a big database and nobody will most likely ever look at it", "only the NSA can see this data" — while this might be the case, if for whatever reason I found myself in a position of power, this kind of harvested information could be used to blackmail or destroy me. Just because it's not being used now doesn't mean it won't be used later.
While this is probably the only validation of the NSA's actions I can find that is somewhat backed by someone with experience working for the agency, it honestly sounds a little too safe and doesn't really address any of the concerns people have.
As an American, I think it sucks that we are spying on everyone. I don't like being spied. I don't like you being spied on. My interpretation of the constitution would read that for any information to be collected on anyone would have to get a court order. The constitution limits the powers of the government, not the people. And "the people" in the majority of the contexts is EVERYONE, all of us, all people everywhere. It is only by convention that the Supreme Court allows this shit to continue. The "ok to spy on foreigners" thing is farce. It is not ok, and I don't even understand how it continues to get promulgated.
If it takes a 50k strong Federal Corp of Judges to look at every single case, so be it. At least we could decide.
If anything scares me, its that. I know what he has written straight afterwards, but it still makes the hairs on the back of my neck stand up. Its all very well the author trying to define the word to suit their own purpose, but Im afraid its not that easy to get others to accept it. Try using your own definition of the word "Nigr", and see how that flies.
"Patriotism to me simply means that I care about the US and its future."
Yeah, and that is the problem. What is meant buy the "US"? The land on a map? The political system? The people who are also "patriots" and claim to care about this "US", and its future, yet do evil? Do you care about them? Every one uses the word patriot to justify their actions, good or bad.
That the author misses this, but still insists on still using the word suggest a dangerous and blinkered ignorance. TBH, it stinks of years of gentle brain washing. I'll never forget how Bush Jr used the notion of patriotism to garner support.
Im sure the author think he is well meaning, but this honestly reads like loyal, patriotic PR.
The author claims to be a patriot but I would like to ask him how can he justify mass surveillance and/or entrusting a government agency with so much power while forgetting the Fourth Amendment which was enacted just for this purpose. There is a reason that such protections exist because it is almost certain that people in power will exploit them. And yet, he claims to be a patriot while being oblivious to the basic civil liberties and the Bill of Rights that the United States was formed on.
What in the Fourth Amendment speaks to electronic communications? The Fourth Amendment speaks to a person, their home, and their effects.
Even things like postal mail do not technically fall under the Fourth Amendment. Rather, they fall under separately-passed Congressional law, and USPS regulations.
For instance, did you know that the addressee of a letter may authorize the USPS to open the letter in a sorting facility without a warrant, even if the sender was not asked?
Likewise, did you know that if you send a first-class letter but forget to put a stamp on it, that it is technically "unsealed mail" and a USPS employee may open the letter to inspect it for mailability and postage determination, and also "as expressly permitted by federal statute or postal regulations"?
So certainly the Fourth Amendment was intended to keep the government out of your personal stuff and away from your person, but everything else that people attribute to it is done without much evidence. Even in the real world there's not as much Fourth Amendment protection to communications than most people realize, once they leave your house.
@"What in the Fourth Amendment speaks to electronic communications? The Fourth Amendment speaks to a person, their home, and their effects."
The Fourth Amendment also protects people's papers from warrantless search and the Crown's abuse of the privacy of papers when executing its "general warrants" were a huge driver in the adoption of that Amendment. Private electronic communications are "papers" in that context, a "gift" of a paper from one to another.
But more importantly, the question you ask is phrased too narrowly in context. The First Amendment protects the right to communicate privately, free from government scrutiny. And the Fifth Amendment forbids the government from taking private property without due process and just compensation.
Roll all three of those amendments together and you should begin to comprehend that Congress, in establishing criminal penalties for interception of the U.S. mail --- a topic you curiously omitted --- stood on very firm constitutional ground when it did so.
Your notion that U.S. mail is protected only by federal statute simply blinks past the fact that our federal government is a government of only limited powers, allowed only to do what is permitted by the Constitution, with all other powers and rights reserved to the States and the People; i.e., a "mail" law can not lawfully exist without Constitutional authorization for Congress to enact such a law.
Also missing from your U.S. mail analogy is any analysis of a basis for believing that eMail should have any less protection than the U.S. mail. It is a criminal act for a government official on their own decision to open a letter to read the contents except in narrow common sense situations, such as a letter that is missing or has an invalid address. Why should eMail have any less protection?
> Private electronic communications are "papers" in that context, a "gift" of a paper from one to another.
Except that would tend to imply that the 1s/0s of a digital communication can in some way represent a physical property of some sort which can warrant legal protection. Normally that viewpoint is completely abrogated by hacktivists since it leads inevitably to DRM and other IP-backed shenanigans.
On the contrary, the "paper" is duplicated and transmitted over third-party infrastructure, and normally to a third-party provider and then from there the "paper" still sitting in the user's computer RAM is finally forgotten by the software or saved to disk as a backup. But the copy sent to Google or FB or the ISP or whoever belongs completely to them, "gifted" or not. While the "intellectual property" and copyright will belong to the user, the "bits" belong to Google or FB or the ISP and so lose Fourth Amendment protection.
And it's better this way! The idea that one can exponentially and magically propagate property on hard disks around the world is almost laughably impossible. My point instead is that whatever protections are required for our electronic communications (either stored or in-flight) need to derive from positive statute law, not by people arguing the nuances of a Constitutional Amendment written while the "discoverer of electricity" still breathed! This is especially true since the interpretation of the Fourth Amendment which somehow corrals the government into getting the intended effect will necessarily require the invention of legal principles which will go against us in the future.
> But more importantly, the question you ask is phrased too narrowly in context. The First Amendment protects the right to communicate privately, free from government scrutiny. And the Fifth Amendment forbids the government from taking private property without due process and just compensation.
The First Amendment gives no such privacy right. Simply stated, your speech itself is protected, not your ability to privately communicate. There is a privacy right inherent in being able to associate (without the advocacy group being forced to make public its membership list), just like there's an privacy right in being able to petition anonymously. But there's no general right to privacy in the First Amendment and I'm surprised you'd make that error with a J.D. If anywhere there's a "right to privacy" against searches of this nature, it is in the Fourth Amendment (consider Katz v. United States, as modified by Smith v. Maryland).
But I'm even more worried by your reading of the Fifth Amendment. Your talk of "government taking private property" by copying 1/0s (not even on the wire necessarily, but even through things like PRISM) is EXACTLY what we've been fighting against with private companies.
A person may have signed an agreement with Google that gives Google the right to make copies of their email for delivery, but each ISP along that route signed no such thing. Are they all liable for transient IP theft then? Should a hacker copy that email unknowingly while cracking an ISP system, should they be charged for Copyright Act violations in addition to CFAA violations?
> Roll all three of those amendments together and you should begin to comprehend that Congress, in establishing criminal penalties for interception of the U.S. mail --- a topic you curiously omitted --- stood on very firm constitutional ground when it did so.
I mentioned it elsewhere, but that wasn't the topic anyways. But even there you've messed up the Constitutional principles. The reason Congress has power to regulate USPS has underpinnings entirely different from any of those 3 Amendments.
For starters, Congress has the power to regulate USPS by 2 specific clauses in Art. I, Section 8, detailing that Congress has the specific power to: "
- establish Post Offices and post Roads;, and
- To make all Laws which shall be necessary and proper for carrying into Execution the foregoing Powers..."
In other words, Congress was specifically granted the power to setup the postal system of the U.S., subject to its other Constitutional constraints. So should Congress choose to further constraint the government as regards the postal service that is always their right. Congress must be at least as restrictive on the Government as the Bill of Rights demands, but they can choose to be more restrictive on their own.
But additionally, even if we weren't talking about the USPS, Congress has the right to regulate the Government in any fashion it wishes (again assuming it stays within the boundaries laid out by the Constitution) because of this clause from the same section:
"... To make Rules for the Government and Regulation of the land and naval Forces".
In fact it's only because of this positive direction from the Constitution that Congress is able to regulate, as the Tenth Amendment quite clearly states that any powers not specifically enumerated as belonging to the federal government are reserved to the states, and to the people.
> Your notion that U.S. mail is protected only by federal statute simply blinks past the fact that our federal government is a government of only limited powers, allowed only to do what is permitted by the Constitution, with all other powers and rights reserved to the States and the People; i.e., a "mail" law can not lawfully exist without Constitutional authorization for Congress to enact such a law.
Holy shit, now we agree again, will wonders never cease. But now you're inconsistent with yourself, which I'll leave you to correct however you choose.
> Also missing from your U.S. mail analogy is any analysis of a basis for believing that eMail should have any less protection than the U.S. mail. It is a criminal act for a government official on their own decision to open a letter to read the contents except in narrow common sense situations, such as a letter that is missing or has an invalid address. Why should eMail have any less protection?
I never once claimed that email should have no protection. All I've ever claimed is that it's not magically inherent in the Fourth Amendment, which speaks (on the whole) to private property and "a man's home is his castle", but not to what happens once you tell a third-party (especially a disinterested/neutral third-party) your little secret. If it were otherwise Congress would not have had to pass laws making it a crime for a government agent to open mail, engage in landline wiretaps, intercept electronic communications unless for foreign surveillance, etc. etc. etc.
> Paul E. Merrell, J.D.
Oh look, an AUTHORITY... should I link in all the opinions I find congruent to my viewpoint from a "real" J.D. or is it possible that your interpretation of the Constitution and the law is not binding simply because you and your J.D. say so?
“Patriotism, n. Combustible rubbish ready to the torch of any one ambitious to illuminate his name. In Dr. Johnson's famous dictionary patriotism is defined as the last resort of a scoundrel. With all due respect to an enlightened but inferior lexicographer I beg to submit it is the first.”
Sorry lorensr.me. "Trust me, they're good guys" is not an argument, and in the current context, it can only be read as a small piece of damage-control astroturf.
Or rather, the NSA's perfidy has left us with no other safe default assumption, so we have to ignore on sight. The data is tainted. All of it.
The NSA copy of my emails won't be viewed by police or FBI investigating me about marijuana use, for instance. Law enforcement might get a search warrant and retrieve a copy from Google, but not from the NSA.
I seriously don't understand if OP has written this article in satirical sense, because to me there is no logic there.
I am a foreign national, I and my company uses services provided by a US company (email etc.), and this gives right to you guys to collect and ready my emails?
tldr; of your article is this:
"Oh ! he is a foreigner, fuck him. What he can do? ? He can't vote to get us out of power. So, it's ok and about the persons who can vote to get us out, they can't do anything because we know every little dirty secret of them. Oh ! one more thing, we are so good we promise we don't look at these dirty secrets. Although cases where a employee uses this 'secure' system for personal use, ya that do happen. Trust Us."
What fascinates me is how the principle of warranted search and seizure can be so completely ignored in the presence of an easy, painless way to seize and search information. It's really that simple: you either believe it's right, or it's wrong, and the possibility of doing it at a large scale is truly orthogonal to the question of what is right.
What is not in doubt is that the data from a panopticon used by a benevolent organization would be a powerful protection. But that same argument could have been used to subvert the 4th Amendment. Indeed, that argument could be used to subvert every amendment in the Bill of Rights, since a benevolent actor, by construction, would only subvert those rights with good reason.
The lack of thoughtfulness about what the Constitution means, and how it applies in a world where government wishes to piggy back on ubiquitous corporate surveillance (and extend it), is fascinating. One can imagine the creation of a new police robot that knows when you are not in your home, and which lets itself in, reads all your documents and catalogues all of your belongings, disturbing nothing. Would that be okay?
Even if we accept that the NSA is comprised solely of benevolent actors practicing perfect discretion, and will remain so for the indefinite future, the mere act of collecting "everything" is an enormous hazard. OP recognizes as much:
CBS reported that in 2007 the US suffered an "espionage Pearl Harbor" in which entities "broke into all of the high tech agencies, all of the military agencies, and downloaded terabytes of information."
What's to stop this from happening again to the NSA? They couldn't even implement audit trails internally -- there should be huge doubt as to the agency's competence in securing their data.
Also, OP, did you not hear about parallel construction? How do you rationalize your statement that the NSA "is not a law enforcement agency" in light of this?
This is why I don't believe the president's assertion about the employees of the NSA being innocent of wrongdoing or anyone's assertion of them being "good guys".
This is apologia for crimes against the world and the American people. This is saying, "If you don't have anything to hide, you have nothing to worry about." This is demonstrably filled with lies and misrepresentations, whether intentional or through ignorance of what the rest of the NSA beast has been up to (but, if he has followed the Snowden leaks with more than passing interest, he would know he's lying in blatant and obvious ways).
I'm sure this article is meant to quell fears about NSA spying practices, but it only makes me more angry and more fearful. It confirms something I suspected but didn't want to believe: The entire organization from low-level analysts on up to the leadership (who will repeatedly lie to Congress to serve their ends) is corrupt and will exhibit little or no remorse even when caught red-handed, and will spread astroturf and refuse to acknowledge that their behavior crosses lines that should have never been crossed by a US agency.
I'm getting close to believing that starting any online service in the United States is unethical, because of what it will do to its users.
While I do not agree with much of the sentiment, I enjoyed the article.
My question to the OP: even if you believe that at the moment abuses are rare and that your colleagues are trustworthy and law-abiding, does the capability and level of information concern you in terms of the potential for future abuse it enables?
Potential future abuse, whether due to laws becoming more permissive or a radical in-agency culture change that led to more people ignoring the law, is certainly concerning. As are current abuses. I just believe that the capabilities provided under the powers currently given to the agency are worth the abuses and potential future abuse. If I thought there was much chance that in the future, law enforcement and intelligence would not remain separate, my decision would change. I would prefer to live in a free unsafe state than a police state.
How do you answer questions of the NSA's known past involvement in targeting political figures such as Martin Luther King[1], US journalists, and US antiwar activists? The NSA was known to pass this intelligence to LE.
MINARET was used in the 60's and 70's. It led to the passing of FISA, which made it illegal to look at or pass on US citizen data unless a judge suspected them of being a foreign agent.
The NSA did these things both pre-FISA and post-FISA. For example:
* 1980-present. MAIN CORE, which is shared between CIA, FBI, NSA, Contains data on 8 million Americans and is used by LE. http://en.wikipedia.org/wiki/Main_Core
And these are just the cases we know about, they are likely only the tip of the iceberg.
Lorendsr, given this evidence and your previous statements that, "If I thought there was much chance that in the future, law enforcement and intelligence would not remain separate, my decision would change.", are you considering changing your decision?
I don't believe the NSA should be giving data (or even just "tips") on citizens to LE. It's either illegal or done under a law I don't know about. Do you know what this is talking about?
>FISA surveillance was originally supposed to be used only in certain specific, authorized national security investigations, but information sharing rules implemented after 9/11 allows the NSA to hand over information to traditional domestic law-enforcement agencies, without any connection to terrorism or national security investigations.
No, and I had not read that article, thank you. I do not know the law, if any exists, that allows that, although it violates most readings of the 4th Amendment.
The legal principle is that once the government legitimately comes into possession of evidence, it doesn't have to "pretend to have not seen it".
What this means is that if a given surveillance transcript is obtained legally (which is easy to do for foreign communications, even if a U.S. person is a party to the conversation), that it can be legally passed to LE. Once LE knows about it, they don't have to "close their eyes" to any U.S. nationals on the transcript, similar to how the police are not required to ignore evidence in plain sight (even if it wasn't listed specifically on the warrant).
By this route it is possible to pass incriminating evidence to LE about U.S. nationals even without a warrant, as long as one of the parties to the communication in question is actually a foreigner.
"But I digress – the rare cases of unauthorized data retrieval were not polygraph-trained foreign spies trying to infiltrate the Agency, but rather regular employees illicitly viewing communications for personal gain."
There are articles suggesting this is happening many thousands of times per year - shouldn't each of these 'regular employees' be put on trial? They have committed serious crimes.
> Even if you are not a citizen of the Five Eyes, you shouldn't be worried about your data being viewed unless you're involved with a group of interest, such as a foreign government or violent organization.
Is the US Tea Party considered a "violent organization"? (It's not, but that's a separate issue.) If not, can you guarantee that it won't be labeled as such under some future administration? The IRS is already targeting the Tea Party, so we have reason to believe that certain US political actors are not interested in abiding by objective laws.
If not, why do you defend the NSA?
Though I'm a US citizen, I'm sure one of the other Five Eyes countries can be employed to spy on me.
TLDR: Don't worry. We have civil liberties orientation. You can trust us.
The author understands their is a misconception at play, but it's not that the public thinks NSA agents aren't upstanding or law-abiding, it's that NSA agents think their idea idea of patriotism is broad enough. It's telling that he dismissed an examination of patriotism, because that's the root of so much discord over civil liberties and national security.
There are two major currents of patriotism in this country. The first is that we take pride in our accomplishments, and we must defend our borders, protect our treasure and lives, and maintain the status quo. The second is more idealistic, that we take pride in having an open (vulnerable, ever-changing) society, and we must defend our democratic identity, promote participation, protect individual freedom, and be skeptical of concentrations of power. The first is practical, easy to quantify (and therefore appealing to a data-thirsty culture). The second is strategic, asks more from the average citizen, and rests on an understanding of alternative forms of society (what is lost when we prioritize security and order over those "inalienable" rights).
Ideally, the NSA would be staffed by patriots of the second type. They'd embrace 'public service' as having deep reverence for the public (not just their physical safety, but their liberties as well), that appreciates the philosophical underpinning of democracy (including it's necessitation of vulnerability and cultural evolution), and that prides itself in taking on their intelligence goals while ardently building checks and balances. They'd never just ask how they can get the information, but how it can be done in a way that proudly upholds American values. With bureaucracy you'll always have some amount of inefficiency and misalignment with top-level goals, but a pervasive culture can go along way.
The key thing that worries me about it is even if no-one reads all those emails that are stored, what if they are mined for data and used to make predictions?
Last.fm can guess the type of music I like about 25% of the time, Google can guess the type of information I'm interested in around 70% of the time (figure based upon potentially ambiguous web searches I do). Neither of those services have very much metadata from me about their respective subject areas.
If the NSA/GCHQ/5 eyes are hoovering up all this metadata about pretty much everything I do online, that's a ton of information to start mining for patterns - whilst legitimately say that no employees are reading it.
What sort of predictions can they make? What's the accuracy of it? When do they start acting on the predictions thrown up by the system? And who polices that?
I think it was important for the citizens to know what powers they have given the NSA. They did not have an accurate sense of that before Snowden. But he released a lot more than that, much of which will hurt the NSA's capabilities.
Thanks for your response. I'd question whether the American people having given the NSA those powers - it's more like:
Lawyers working for the NSA have deemed certain methods of data collection as being in accordance with US law, as voted for by elected officials within the context of a not great two-party democracy.
One of the most concerning things about the selection process for who gets into the NSA, is that it all but guarantees a lack of diversity of thought within the NSA. There are probably very few people with opposing viewpoints so most projects that would be considered dubious by the diverse population in the US can go completely unchecked within the agency.
For example, the author mentions the following:
They examine your 127-page Standard Form 86, in which you
include lists of your illegal activities, foreigners you
have worked with or befriended, and where you have lived
and traveled in your life and with whom.
The fact that someone is capable of truthfully filling out such a form is a huge flag that the person has had remarkably little exposure to the rest of the world. They are probably poorly traveled and grew up and lived in places with few if any immigrants. I don't know how someone who grew up in NYC, San Francisco, Washington DC or Los Angeles could possibly ever fill out such a form truthfully or completely. Anyone from such cities would have come in contact with and befriended so many people from other countries over the course of 18-22 years of living in such a diverse metropolis that any attempt to fill out such a form would be incomplete and could contribute to being rejected.
Don't fight it. Just let it take over. Stop struggling. Once you'll have stopped struggling, it won't hurt anymore. You won't feel any difference anymore. And it will be like it was never different.
Bend over and shut up we are good peeps and the others that will rape you if we "pull-out" would be much worse.
Sad to see a programmer be so lost. Kudos for the post but if the NSA was squashing terrorist attacks daily with evidence of their efficacy they would be screaming it from the roof tops.
Snowden proved the implicit insecurity of information aggregation on such a massive scale and if he had access so will nation states... the one that I fear most is my own county.
It's what psychopaths usually say to their victims. If you hear it (or think you're hearing it), the person/organization you have in front of you is of psychopathic nature (it should be stopped at all costs).
Other translation: If we let them rape us, then we deserve it.
>in 2007 the US suffered an "espionage Pearl Harbor" in which entities "broke into all of the high tech agencies, all of the military agencies, and downloaded terabytes of information."
Man, I would hate if an entity downloaded my information! Poor agencies. But it's probably fine, I mean, those "entities" couldn't look at terabytes of information. It's probably just sitting in a database somewhere. So, nothing to worry about.
Some trendy buzzwords in the title, no relevant information in the post, just opinions,... Imho it's just a disguised advertisement for his kickstarter campaign.
It smells like some Terry Gilliam inspired fascist utopia where a mid level tech in the security apparatus shills for the state/employer while hocking their caveman mayonnaise.
It must indeed have all of the electrolytes. Big brother would put THAT on his bun!
The unexamined life isn't worth living or watching. Those with nothing to hide offer nothing of interest.
On the other note. If you want good mayo: http://www.eff.ca/featured_products.html order from these guys. I am sure they can ship to your door, they do distribute in the USA as well, however, not sure to which cities.
I found the polygraph stuff disturbing. The fact that the NSA takes polygraphs seriously (despite presumably knowing there's little scientific evidence supporting their use and knowing that lots of spies have had no trouble passing them) makes me think the NSA must be full of gullible morons.
Does the NSA weed out polygraph non-believers during their hiring process? So far as I know, the main "valid" use of polygraphs is (a) to trick/intimidate people who believe in them into telling you a more thorough story, (b) to acquire a "scientific" seeming reason to do or believe what you already wanted to do or believe going in.
Note that this blog post has been vetted by the NSA PR office, and so should be taken with the same grain of salt that one takes with all NSA-approved communications, recalling that the NSA has admitted they will lie to Congress and the Supreme Court if it suits their mission.
"This essay was deemed UNCLASSIFIED and approved for public release by the NSA's office of Pre-Publication Review on 11/21/2013 (PP 14-0081)."
If the author is indeed the patriot he claims he is, would he be so kind to explain why the Bill of Rights thought it necessary to have this:
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
What makes the NSA different from the police or other law enforcement agencies? And why should we trust them? There is a reason restrictions exist on the power they have. This article is nothing more than propaganda.
If the NSA was engaged in hacking people's personal computers then the Fourth Amendment would definitely apply. Anything else is fair game and has been fair game (even the postal mail, which is protected by statute law and not the Fourth Amendment).
This is interesting to read, but I have one very important question:
Why is a distinction made between US and non-US people? Why do some systems automatically ignore all US IP addresses?
What makes me a potential criminal, and Mr. Smith not? Why can he read my email without a court order, but not from someone from Nebraska? Why does my physical location, or proxy server for that matter, matter?
I think the only reason is because it's simply in the US law, so it doesn't really say much. It's just one of those things that are the way they are. But then...
why does he keep bringing it up as "you shouldn't be worried because we don't look at data from the US"... if I'm not from the US? Does this mean I should be worried that he is really reading my email if it has certain keywords? I could become an intelligence target because of keywords or activism in certain groups, merely because I'm not using a US-based proxy server?
This is trivial - the whole purpose of foreign intelligence is to help the interests of your country while disregarding or actively harming the interests of everyone else. They have no obligation whatsoever to protect (or even refrain from murdering) others, but they do have an obligation to protect their own citizens, so they have restrictions for that.
The only two valid reasons for NSA not to capture all the foreigners email is if (1) it's too costly (and it probably isn't); and (2) the goverment decides that the PR harm is greater than whatever they gain from having all the email (and it probably isn't either).
> I use the term "look" deliberately: the Agency makes the distinction that looking at data is surveillance, while gathering it from locations outside the US is not. We gathered everything, and only looked at a tiny percentage of it. I am okay with this distinction both because I don't mind if my emails are copied to an Agency database and likely never read and because from a technical standpoint it would seriously impair our ability to spy if we couldn't gather everything.
I'm not mad at NSA they're just playing their role, they're grabbing everything they can. But, it should serve as a reminder of the goals we should all (civilians) strive for: encrypting everything. I think lot of individuals are working on these problems right now and I'm confident great tools and protocols will soon be created/improved.
edit: downvoted for proning mass encryption, great.
It is interesting as a view into the naive and uninformed [1] view of those inside.
I suspect the screening selects for compliance and maybe against questioning authority plus the people applying May self select in that way.
Note that this was approved by the agency and therefore may have been through a filter process that removes other reports with more critical views before publication. (I am not suggesting that this author is anything other than genuine but if it was a critical view could it have been published).
I don't doubt that storing everything helps find threats but the price is far too high, whatever difference it makes.
[1] he hadn't heard of parallel construction - https://news.ycombinator.com/item?id=6910972 (he may have deep particular knowledge in some areas but his understanding of the overall agency appears poor.
I spent four years in (2 years longer than the OP), but worked on a substantially broader swath of intelligence areas and in much more policy-oriented positions, and I can tell you that the vitriol that's been displayed on HackerNews is incredibly tiresome to see, because you are all missing a very key point about how the NSA conducts business (which I've pointed out in previous posts).
The key point is this: the NSA does not create policy for its operations. Those are written into law through executive, legislative, and judicial processes, and the three should theoretically balance each other out, which the public currently deems as not doing a sufficient job of balancing. The NSA acts as an instrument -- the employees (to include the director) are directed through a system of reporting and feedback, and determine how best to act in order to obtain more positive feedback from customers of the reports.
This isn't some theoretical system I'm talking about -- it's a database of reporting with attached feedback. The feedback shows who consumed the report, whether or not the party found it useful, any enclosed comments about the report, and how high up the report went. If my report made it into the president's daily brief and more information about the reporting subject is desired, that will show up in the feedback, and thus I have my "direction".
How does this translate into real world operations? Here is a theoretical conversation between Mr. Policy and Mr. NSA:
-----------------------------------
Mr. NSA: Here is some information I found about country X, which might indicate that they're conducting operation Y.
Mr. Policy: I would like to learn more about operation Y, and country X's intentions to expand it.
Mr. NSA: I don't currently have the capability to expound upon operation Y, unless you grant me the authority to access datastore Z.
Mr. Policy: We took a vote, and you have access to datastore Z on a thirty day trial basis, but then must shut down operations if nothing of value is found.
Mr. NSA: Here is the information you requested about operation Y and country X's intentions.
Mr. Policy: This information was not useful in directing policy, therefore datastore Z is to no longer be accessed.
-----------------------------------
From this, I think you can extrapolate my point. Do you blame the scalpel for being too sharp, or the surgeon for handling it incorrectly?
So 'only following orders' is the defense here? And these orders (e.g. hacking Google's SSL endpoints, big data mining) originate from politicians? (And to call scrutiny 'tiresome' when the director baldly lies to congress frankly just compounds the general air of unchecked arrogance.)
> unless you grant me the authority to access datastore Z
NSA analysts accessing datastore Z is not the problem, and never was.
Datastore Z is the problem. According to the leaked documents those datastores contain data of U.S. citizens which the NSA couldn't have legally intercepted and stored without a court order.
E.g. the NSA cannot legally acquire copies of John Smith's email header fields and store them into datastore Z without a warrant defined by the 4th amendment.
Mr. Policy: I would like to learn more about Citizen A, but Mr. NSA is strongly prohibited from accessing data specific to citizens of this country. Unlike many rules this prohibition actually is taken seriously, with major consequences for anyone caught violating it.
Mr. GCHQ: Bob's your uncle. Would you like that in .zip or .tar format?
Interestingly enough, 60 minutes will have an "Inside View" of the NSA tonight. This just keeps getting better… I'll be sure to absorb this message and the probable similar message that will be broadcasted to the masses tonight.
Yeah, buddy, I'll believe you… just keep telling me over and over and it will sink in eventually. ;)
"People who build security tools" are in the set of people under active monitoring and exploitation by governments. I'm personally far more concerned about China and Russia and others than I am about NSA, but if I were Nadim (who I believe is personally not a target of NSA, but by virtue of Cryptocat most definitely is), I'd be quite concerned.
I was actually waiting for the big reveal in this ... "x, y are good, but Z is not, and is why we have the problems we have now." I guess not having that is why it went through publication review.
I'm always surprised about how posts like this bring out the real nutjob part of HN that sort of sits there and lurks dormant waiting to pull out unprovable conspiracies any time something like this gets posted. I'm not talking about the folks who disagree with the OP, or what the NSA does... I'm specifically talking about the rather uncomfortable level of crazy that squirrels out in these "discussions".
There are some posts here so outright loony that I actually feel a bit uncomfortable having an account here.
The Agency is an intelligence organization, not a law enforcement agency.
Monstrously disingenuous. The term "parallel construction" apparently means nothing to him.
In 1991 the USSR dissolved and the Cold War ended. The world let out a sigh of relief, safe in the the knowledge that humanity wasn’t crazy enough to destroy itself. That security we had is gone. North Korea has nuclear weapons and is threatening to fire them at the US.
I'm missing the part where collecting my email and phone records will help with this problem.
The author may believe he or she’s a patriot. I disagree. I don’t believe someone who acts to subvert the Bill of Rights which states
“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”
is even remotely close to being a patriot.
> Many are concerned about the NSA listening to their phone calls and reading their email messages. I believe that most should not be very concerned because most are not sending email to intelligence targets.
> Email that isn’t related to intelligence is rarely viewed, and it’s even less often viewed if it’s from a US citizen.
“Rarely” is pretty meaningless. The NSA has repeatedly tried to compare the number looked at with the number of intercepts. Of course they’re only looking at a tiny percentage. But if I were to only steal one-in-a-billion dollars in the US or only kill one-in-a-million people, I’d still be doing something immoral.
> Every Agency employee goes through orientation, in which we are taught about the federal laws that govern NSA/US Cyber Command: Title 10 and Title 50.
Yet evidence seems to show that they've willfully found ways to interpret the laws in ways that the authors of the laws think is illegal.
> We all know that it's illegal to look at a US citizen's data without a court order.
But the NSA has a special non-adversarial court that rubber-stamps whatever it wants. (And it still happened)
> I use the term "look" deliberately: the Agency makes the distinction that looking at data is surveillance, while gathering it from locations outside the US is not. We gathered everything, and only looked at a tiny percentage of it.
The problem is that the 4th Ammendment makes no such distinction. They were wrong in collecting it in the first place.
> I am okay with this distinction both because I don't mind if my emails are copied to an Agency database and likely never read and because from a technical standpoint it would seriously impair our ability to spy if we couldn't gather everything.*
He may not mind, but many other people do. I respectfully ask that he, Mr. Clapper, and Gen Alexander give us all their data in case we later do find what they were doing was illegal.
> The Agency is an intelligence organization, not a law enforcement agency.
> The NSA copy of my emails won't be viewed by police or FBI investigating me about marijuana use, for instance.
“A secretive U.S. Drug Enforcement Administration unit is funneling information from intelligence intercepts, wiretaps, informants and a massive database of telephone records to authorities across the nation to help them launch criminal investigations of Americans.
“Although these cases rarely involve national security issues, documents reviewed by Reuters show that law enforcement agents have been directed to conceal how such investigations truly begin - not only from defense lawyers but also sometimes from prosecutors and judges.”
> The NSA copy of my emails will only be viewed if the Agency can convince a judge that I might be a foreign agent. And the judges aren't pushovers.
During the 25 years from 1979 to 2004, 18,742 warrants were granted, while just four were rejected. Fewer than 200 requests had to be modified before being accepted, almost all of them in 2003 and 2004. The four rejected requests were all from 2003, and all four were partially granted after being submitted for reconsideration by the government. Of the requests that had to be modified, few if any were before the year 2000. During the next eight years, from 2004 to 2012, there were over 15,100 additional warrants granted, with an additional seven being rejected. In all, over the entire 33-year period, the FISA court has granted 33,942 warrants, with only 11 denials – a rejection rate of 0.03 percent of the total requests.
> They won’t spent time on my private love letters.
It's quite interesting to me that someone who has worked for the NSA can write such an article and not have heard of William Binney and Thomas Drake's experience with the NSA. Ethical, upstanding people my ass.
The surveillance's purpose is not to catch criminals or terrorists, as evidenced by the recent confiscation of some NZ citizen's electronics at the airport. He had attended a meeting on mass surveillance, and is therefore considered a troublesome, unharmonious little peasant, and must be kept in check or made an example of. That is the point here. It's about power, and maintaining it through whatever means possible.
The US is showing clear and abundant signs of being a police state - there's simply no denying that anymore. So what does it matter what their rule books say about spying on people, when even the Constitution has been calmly disregarded for years?
"Here are the official guidelines for spying on people! Remember that spying on US citizens is restricted because that would be kind of naughty, but foreigners are fair game."
It's just ridiculous. But again, it's certainly not about catching terrorists. This level of surveillance would make Stalin just shit himself with joy.
It is really nice to get a coherent, human view from inside the security and intelligence community. To the best of my knowledge, the article reads as an honest and true account of security service culture of integrity and professionalism. Kudos to him, and kudos to his colleagues as well for their restraint and their service.
I am pleased to see him hint at the exposure and vulnerability of the general public to surveillance by third parties, when he describes of the ongoing battle to dominate electronic systems, being waged by various nation-states and criminal gangs around the world. (I refuse to use that horribly juvenile construction "cyber-war").
However, we still have some way to go before we fully confront the magnitude of the problem, and are able to formulate a sensible and coherent response.
Our military forces and security services are rightly part of our response to this vulnerability, but they cannot be the only tool that we deploy. Societies that lean to heavily on their armed forces and security services quickly feel the negative effects of their reliance, no matter how well-intentioned, well-disciplined and professional the servicemen and servicewomen may be.
Civil society needs to step up to the plate also. The problem is difficult, and the response needs to be multifaceted and broad. As engineers, we need to make our systems more secure and more trustworthy - and we need to make tools for the creation of secure and trustworthy systems ubiquitous.
For example, I am writing software for advanced driver assistance systems & autonomous vehicles -- I need to think very very carefully about how I can make my software secure and robust from attack; I need to educate my colleagues about the risky environment that we will be operating in, and together, we need to come up with standards and processes to help us ensure that the software we create minimises the risk posed by malicious actors.
Email that isn’t related to intelligence is rarely viewed,
and it’s even less often viewed if it’s from a US citizen.
Every Agency employee goes through orientation, in which we
are taught about the federal laws that govern NSA/US Cyber
Command: Title 10 and Title 50. We all know that it's illegal
to look at a US citizen's data without a court order.
I can rewrite this to:
We are indoctrinated to believe that we shouldn't really
invade the privacy of US citizens, and it is highly unlikely
that we might mistakenly or otherwise read your private emails,
however, if you aren't a US citizen then fuck you, you are our
enemy, you have no right to privacy because you weren't born
in the land of the free. Oh yeah, fuck you twice, cos we can.
Ha ha
> If you are a citizen of the UK, Canada, New Zealand, or Australia, you may also be glad, because everything the NSA collects is by default shared with your government
He spends the whole post telling us its okay to trust the US and then completely throws that out the window by saying 4 other countries have all of our data too.
Note that this is either an imposter account, or the author themself is mostly unaware of the publicly-divulged NSA abuses -- let alone any non-divulged abuses.
2. There are real threats we need to protect you from
3. So everything's OK
Commentary:
I believe the first two of those statements. And if the people at the top were also ethical and earnest, I'd believe all three. But, as Angela Merkel can attest, the people at the top do not respect boundaries.
I stopped reading after the patriot paragraph. I don't like concepts that divide people and patriotism is inherently bad for the world. It brings only war and pain.
I love my country but I never met a patriot that could think straight.
So you read two sentences and felt qualified to post a comment about the article anyway? You're nitpicking.
> I love my country but I never met a patriot that could think straight.
If you bothered to read more, you would realize that you/OP are talking about the same thing: "I care about the US and its future". You merely disagree on the means to that end.
> I do not believe that their information-gathering powers should be curtailed. Such restriction would not only hinder the Agency’s ability to gather intelligence, but also impede its ability to wage cyberwarfare.
@ "Every Agency employee goes through orientation, in which we are taught about the federal laws that govern NSA/US Cyber Command: Title 10 and Title 50. We all know that it's illegal to look at a US citizen's data without a court order. I use the term "look" deliberately: the Agency makes the distinction that looking at data is surveillance, while gathering it from locations outside the US is not. We gathered everything, and only looked at a tiny percentage of it. I am okay with this distinction both because I don't mind if my emails are copied to an Agency database and likely never read and because from a technical standpoint it would seriously impair our ability to spy if we couldn't gather everything."
lorendsr has far too much confidence that what he was taught about the governing law is correct. The governing law is far broader than the two titles of the U.S. Code he cites. The 4th Amendment, for example, protects against not only warrantless searches but also warrantless seizures. That line is first crossed at the gathering point, not at the point that the data is viewed. Put another way, the Amendment prohibits warrantless gathering of the haystack that includes private communications, not just the warrantless search of that haystack for a given needle. http://www.law.cornell.edu/constitution/fourth_amendment And that is only one example of his legal naivete.
> lorendsr has far too much confidence that what he was taught about the governing law is correct.
I'm not sure that's a justified assumption. In the quote you present, he explicitly notes that what he was taught is a distinction the Agency makes, not one written into the law, when he says (emphasis added): «I use the term "look" deliberately: the Agency makes the distinction that looking at data is surveillance, while gathering it from locations outside the US is not.»
So, if I'll meet someone who wanted to work more on personal coding projects and start a company and is making a mayonnaise as his first product - I'll know the guy must be from NSA!
He only describes his view from inside the system NSA. But it is the outside which really worries me. Governments and legal boundaries can change. DHS and TSA were such changes. And both agencies have a big impact on the lifes of citizens and visitors.
OP admitted, that NSA already gathers data of US citizens. But the current legal boundary prevents analysts to just add a "selector", except when it is allowed by a (secret) court. So the data is already there with the technology to query or filter it, which is a bad thing in itself. But it is a tiny change in the law, that would make it legally right to include US citizens' data into the query.
Looking back at DHS, TSA and the overall militarization of the security forces, it is not hard to imagine that NSA is an easy pick for a reactive government responding to the next terrorist threat.
BTW. When have government institutions ever been dissolved? Isn't that a lot harder than creating new ones or changing the rules in favor of more control?
There's lots of condemnation of the poster, and the NSA practices and some of the murkier parts of this article. I thought I'd tip in with some explanations as possible while staying outside of anything classified or naughty.
- "It's compartmentalized enough that the individual actors can justify their actions by the assumed competence and benevolence of the others."
It's compartmentalized a bit more than the OP lets on for mostly security/separation of concerns/need-to-know reasons. For example, a Air Force analyst who is cleared to view TS//SI material won't have access to the NSA systems directly. Some of the NSA systems have external (Intelligence Community (IC)) facing equivalents that omit quite a bit of the information that less scrutinized IC analysts shouldn't have access to. w/r to the information the NSA collects, NSA employees and contractors are held to stricter standards about how that material is used and treated. An analogy, a minor commits a crime and his record is sealed. The local court employees who handle the record, the judge etc. have really nothing that prevents them from leaking that information to an overzealous cop or lawyer or some such other than the standard to which their held for their job. It's more or less the same thing with the NSA.
> The mental leap here is subtle, but substantial. Since I have been told I can't use US selectors , I assume the system enforces this.
Actually, one of the higher standards the NSA employees are held to, and I believe they sign something to effect is that it's outright illegal for them to do so and even one misuse could result in loss of employment, clearance (a death sentence in IC heavy employment areas) and possibly time in prison as a felon. This is taken very seriously and I've never known an NSA employee to not treat this rule and US citizen data as radioactive to them.
> Definitely a bizarre mix, I thought it was a parody a couple of times. To combat the threat of nuclear war with the completely isolated totalitarian state of North Korea we must create and store copies of all global communication...
It's easy to generalize, and if the world worked as simply as the model you propose here, then things would be much better for everybody, but it simply doesn't. For example, to uphold various sanctions regimes, by law, the U.S. must know if a business has connections two hops out that are linked to any bad activity. For example, how did Kim Jong Il buy all his whiskey? It's outright illegal for a U.S. company to sell to the North Korean government. Okay, so they sell to an overseas distributor who then sells to the North Korean government. Turns out that's illegal as well and the government must take action to not allow the U.S. whiskey maker or the distributor to operate in the U.S. any longer. Okay, so the whiskey make checks out their distributors finds one who doesn't sell to NK, but one of their customers does. Same deal, it's illegal for anybody in that chain to operate in the U.S. After that, the chain becomes so long it's not worth looking into and Kim Jong Il was eventually able to get his whiskey.
Just talking whiskey and North Korea here, but you can guess it goes for all kinds of goods and countries under various sanction regimes. So how do you propose things should be collected? Collecting only on North Korea gets you nowhere, it's everybody else who may or may not be supplying whiskey to the Norks that makes things much harder and requires a much larger collection apparatus.
> It's helping diplomats illegally snoop on our allies.
Good! Our allies are most definitely snooping on us! Spying and espionage is sometimes called the second oldest profession for a reason. There's been no time in history that two countries aren't doing a bit of spying on each other, most especially at the diplomatic level.
> In fact, it's been known for months that the DEA receives intercepts from the NSA in such volume that they have an office devoted to handling them (the DEA's "Special Operations Division").
This is a problem. In general, the work the IC does in collection does not hold up to LE scrutiny. Having worked on both sides of the fence, LE is both more difficult in some cases and easier in others to work in. For example, you need a warrant to gather phone records in LE, but you can share those records more freely once you have them. In the IC the opposite is true, you can pretty much get whatever you need, but it's virtually useless if a criminal approach is taken. That's why it's often simpler to blow up the target then to arrest and try them. Parallel Construction is an investigative focusing approach that saves LE from getting collection warrants that go nowhere. The IC approach is to find the connections or whatever, then help LE figure out where to focus their warrant-based approach in doing the same collection from their side. Scrubbing U.S. Persons IC data and reusing it directly for LE is highly illegal for all of the participants involved.
> Well, following his explanations, you can fail the polygraph and just do it again. The cost of failure is zero, so really just keep trying.
Actually the penalty after enough tries is no clearance which means no job and a permanent record that you were denied a clearance...which pretty much deep sixes any attempt in the future to get one. In some parts of the country, like the Washington D.C. area, that's virtually a career death sentence.
> During the 70s and 80s my dad worked with Russian scientists
> So, how likely is it that my email is read, that my phone records are looked at, and so on? What are the chances that I'll have trouble the next time I cross a border or try to board a plane? One percent? Fifty percent?
Assume it is collected but probably not read, but not for the reasons you gave above. There's just simply not enough manpower to read everybody's email, and it's a useless thing to try to accomplish. Now suppose one of the guys you email also emails somebody who's "nefarious" in some way. Then yeah, maybe your email is read. And if all you talk about in your emails are things that don't involve an armed insurrection against the United States you'll probably be filed into the "don't give a shit" bucket and the analyst will move on.
A common thread here is that everybody who's worried about their email being read seems to assume that whatever they're doing is important enough for it to get read. Trust me, it isn't.
> For example, how did Kim Jong Il buy all his whiskey? It's outright illegal for a U.S. company to sell to the North Korean government. Okay, so they sell to an overseas distributor who then sells to the North Korean government. Turns out that's illegal as well and the government must take action to not allow the U.S. whiskey maker or the distributor to operate in the U.S. any longer. Okay, so the whiskey make checks out their distributors finds one who doesn't sell to NK, but one of their customers does. Same deal, it's illegal for anybody in that chain to operate in the U.S. After that, the chain becomes so long it's not worth looking into and Kim Jong Il was eventually able to get his whiskey.
He just bought it retail. There was a great interview of Kim Jong-Il's sushi chef awhile back, the way he gets ingredients is the chef makes trips abroad to foreign markets and buys whatever he needs from wherever, presumably paying cash. If you're willing to pay the price premium and take care of packing and shipping yourself, you can buy anything you want to, legally, without anyone else knowing.
> He just bought it retail. There was a great interview of Kim Jong-Il's sushi chef awhile back, the way he gets ingredients is the chef makes trips abroad to foreign markets and buys whatever he needs from wherever, presumably paying cash. If you're willing to pay the price premium and take care of packing and shipping yourself, you can buy anything you want to, legally, without anyone else knowing.
Right. Most nefarious actors just buy most of their stuff retail. Figuring that out, from whom, what was purchased etc. and if it violates some sanctions regime is one of the things the NSA might participate in, handing off the findings to the State Department of the Commerce Department or whoever for action. The action being that participating companies would not be allowed to do business in the U.S. and would be monitored for further sanctions violations in case other U.S. involved companies want to do business with the retail outfit that sold the whiskey. No big deal if you're Mom & Pop liquor store in Italy with no U.S. involvement. But who knows? It could mean that your supplier is a U.S. based company and may not be allowed to supply you any more in the future.
In practice nobody gives a shit about a few cases of whiskey, but the same practice might be used for large shipments or for items that are undesirable for North Korea to obtain.
How would the NSA monitor retail purchases made with cash? I guess if they wanted to get all Bourne-happy, they could monitor flights out of NK, then send somebody out to watch Kim's flack go buy whatever in Beijing. (probably where he get's most of his crap) But you're getting pretty far outside the realm of SIGINT. I'm sure the NSA would LOVE to be able to track this stuff, but realistically speaking they can't.
> Assume it is collected but probably not read, but not for the reasons you gave above. There's just simply not enough manpower to read everybody's email, and it's a useless thing to try to accomplish.
What frightens me is how long until it is technically feasible to parse it all? With the NSA level of investment, surely having that corpus will be incredibly juicy over time as more mechanized means of analysis come available.
> Anyone who defends the NSA on the grounds that it only targets those who are worthy of targeting needs to convince me that another COINTELPRO will never happen. I would actually welcome such an argument, since it would make me feel a whole lot better about this.
You raise a very good point. I don't think there are many in the IC who would have a problem with more (and better) oversight...it helps them feel more legitimacy in what they're doing. All that being said, assume that there will be another COINTELPRO or similar. It sucks, but to be perfectly honest with you, you aren't important enough to convince one way or the other about it or about approving of the various collection programs the NSA is running. If half of the comments here are to be taken at face value, almost nobody on HN knows enough about the issues involved to be consulted or for their opinion to be considered. I'll draw a parallel here to the outcry over technology centered court cases or software patents, an opinion often given here is that engineers or software experts should be involved in deciding those cases because the layman doesn't know enough about it to have an informed opinion. It's just as true with IC issues. What's troubling is that oversight is via Congress, who until the last election were likely laypeople themselves. So the expertise to properly evaluate, oversee and monitor what's going on simply isn't there.
> This reads like it was penned by someone who's never heard of the Stanford Prison experiment or Milgram's research...
You bring up good points. One of the issues with the IC is one of internal monitoring (as we're all now seeing). Who watches the watchers? There's notionally a number of very serious laws, or committees and counter-X professionals who are supposed to be doing this, but to be honest. Once you're cleared and stuck on a project, there's really very little day-to-day oversight of any kind. I personally would welcome a higher level of scrutiny, but I think the equation of "spend manpower watching watchers" vs. "spend manpower looking for bad guys out in the world" has, and will continue to, balance on the later.
> If you'd never heard of parallel construction before today, that seems to powerfully undermine your credibility.
He only worked there for two years on a single program. I challenge anybody here who works for any organization larger than 3 people to have perfect knowledge of every single thing their organization is doing. Unless you work on the bits that interface with the LE community you'd probably never have had opportunity to know anything about it. I bet he also doesn't know the details of companies the NSA contracts to do their plumbing or handle their trash.
> The NSA has a history of sharing intelligence with LE, to state that the NSA is not a LE agency is extremely misleading, if not an outright lie.
I don't think you understand what a LE entity is, the powers and limitations that LE organizations operate under or how they differ from IC organizations. Saying the NSA is LE because they cooperate with LE is like saying the Department of Agriculture or Labor is an LE agency because they sometimes have to cooperate with LE.
> It's good to hear that many NSA employees take the police/military distinction seriously, but we know for a fact that some higher-ups don't...
This is true, and it's particularly vexing to work in the IC and have senior officials asking you to participate in outright illegal activities. It doesn't happen often, but I've seen both people ruin their careers saying no and those that want to keep their job and say yes. It's usually under the auspices of "helping out to stop bad things", and it's very hard to say no when activities are couched that way...despite very many of the people on here talking publicly about their very righteous and moral high ground, placed in the same position, the vast majority of HN users would want to stop bad things from happening even if it meant crossing the line a bit here or there. Because, honestly, if you choice is help stop innocents from getting killed vs. sit on your hands because of some futzy law someplace that ties your hands, most of us would feel like we'd rather take the immediate action to stop the bad guys. "Mission Expediency" is the word of the day when it comes to these matters.
> No offense to OP, but this reads like propaganda to me.
I can confirm that this represents the mindset of most of the people I've worked with in the IC. It does take a certain kind of personality to sign-up and go through all the hassles involved with getting employed in the IC and that self-selection seems to attract a certain kind of personality type.
> But I wouldn't be surprised if there was some sort of concerted effort by the NSA to encourage a dialogue with hackers on platforms like HN.
There really isn't, other than to not discuss classified information. Keeping track of what's classified and not when you spend near a third of your life and half of your waking hours dealing with only classified things is complex enough that most people just don't engage with the "unclean" public.
> What I'd be more interested in is how much this issue is being discussed internally. If these discussions are allowed, or even surreptitiously encouraged, then I'd take that as a possible internal propaganda push, subtle as it may be.
Discussions about these issues, in the way that they're being discussed here, are not terribly common. The milieu of working in the IC just doesn't lend itself to these kinds of topics, in these kinds of ways, as focuses of conversation. Mostly what's discussed is the lines you aren't supposed to cross and the penalties for crossing them. But more often then not, casual conversation is about anything other than IC topics. After a hard day of spying, you really want to just engage in something else.
Bizarrely, discussing Snowden might be tricky inside of the IC because you might discuss something that was leaked that you technically don't have a need-to-know for. So specific cases like this are not often serious topics of conversation.
> Really? why should anyone trust in anything coming from the NSA when you are systematically lying again and again? why should we listen to anything you say when historically, part of your strategy is to try to influence the PoV of society || specifics groups?
OP is not the NSA. OP was an employee for a couple years and can only comment about what he specifically knows about, just like anybody. Take what he says with that context.
(ex-)Employees can write about anything, but if it involves IC related topics, they have to submit to a review before publication. All those various books about life in the Spy world or Special Forces etc. all went through similar reviews.
> There are articles suggesting this is happening many thousands of times per year - shouldn't each of these 'regular employees' be put on trial? They have committed serious crimes.
Quite often they are. The minimum penalty is loss of clearance and job (which is a career death sentence in the IC), and depending on what they did and if the agency feels like it's a good expenditure of resources, some kind of criminal prosecution may be involved.
e.g.
- Employee sees if his own cell phone number has been collected (violates rules regarding looking up U.S. persons): probably a firing, but not worth criminal prosecution
- Employee starts a side business and starts monitoring communications of his competitors to get a leg up, probably a firing + prison time.
> Thank you so much, kind American intelligence guy, for having the grace to not look at USA citizens emails, all the while not even mentioning foreigners, who should apparently just lie down and take it.
Foreigners don't just "take it", they have their own nation's intelligence apparatus collecting against their foreigners. Let me know when there are mass protests against foreign collection in the rest of the world and maybe then your complaint will make some kind of sense. Until then it's just bitter complaining about something you knew all along anyway. It's kind of the point of Intelligence.
> Why is a distinction made between US and non-US people?
Because, at least in the U.S., there's a distinction between IC and LE entities -- this is not a distinction shared by most countries. LE deals with domestic events and U.S. people, while IC deals with non-domestic actors and locations. There's a bit of overlap, for example, a U.S. citizen doing bad things in a foreign country gets a bit of both, or a foreign national in the U.S. But that's generally where the line is drawn. U.S. law doesn't apply outside of the U.S. and it shouldn't. Can you imagine the world if the U.S. suddenly decided that France had to apply by all U.S. laws including the U.S. Constitution? If people think New Zealand cooperating on
> What makes me a potential criminal, and Mr. Smith not?
The reverse is true of U.S. citizens w/r to other country's intelligence apparatus as well.
IC agencies generally aren't looking for criminals...meaning they aren't looking for people who broke U.S. law. They're basically looking for threats to U.S. soil, citizens and concerns. LE agencies look for law breakers. That's one of the reasons why the trials at GTMO are such a mess, guys were wrapped up and sent off to Cuba for interrogation based on "Intelligence" but not using information collected as part of a criminal prosecution. IC and LE really do operate under very different methods (at least in the U.S.).
> I am a foreign national, I and my company uses services provided by a US company (email etc.), and this gives right to you guys to collect and ready my emails?
Yes. Look at your question from a different angle, under what legal regime is the U.S. not allowed to do so? Or the contrapositive, what are you doing to prevent your country from spying on U.S. Citizens?
> If an employee had a contrarian opinion to the NSA would it be declassified like this one?
Yes. You can check Amazon yourself for books by former NSA employees who don't side with the Agency. Their books were all reviewed by the NSA for classified information, but not for dissenting opinions.
> Do you think Snowdon's revelations had any beneficial impact, or is your view of them entirely negative?
Disappointingly no. At least in my circles, Snowden is not mentioned in polite terms. The likely outcome will be no change in NSA collections or capabilities, but automation in system administration, better collection of auditable information on IC employees and more compartmentalizing of the activities even further.
> My question to the OP: even if you believe that at the moment abuses are rare and that your colleagues are trustworthy and law-abiding, does the capability and level of information concern you in terms of the potential for future abuse it enables?
I'll toss in my answer too. I think it is serious cause for concern. But the kind of work the IC does is hard and I'd say impossible to get right. Anybody who thinks the kinds of work that most of us do in our day-to-day businesses is hard have no idea how really difficult the industry is. In a normal business, if you get things wrong you might get sued or shut down. In the Spy industry? countries might fall, nukes might loose and people might die. Doing that kind of work in balance with people's rights, or at least not negatively impacting truly innocent people is among the hardest things to do in the world.
> "All that is necessary for the triumph of evil is that good men do nothing."
Doing nothing would be for the U.S. to not spy at all, which is a sentiment shared by many in this forum. And then bad things would certainly happen for the U.S. because no other country would do the same. Sometimes doing the right thing really involves doing hard things that don't feel good. I won't make any apologies for it and nor should the OP. The kind of work that the IC and the military does, make no mistake about it, is ugly ugly work. It is very important though that this public debate be held often, and constantly. The IC/Military construct is like a huge guard dog. You want it a bit mean and angry, but you don't want it to bite you, the mailman or the neighborhood kids...it's not so bad if it goes after the occasional solicitor or burgler. So it's very important that you keep a constant eye on it and keep it in check. Because it will dig up your yard, chew up the sofa and otherwise misbehave.
Another NSA muppet to the rescue. First one was a geek - easy to beat up. It was pretty quickly escalated to someone from PR dept - a fact twisting arrogant smooth talker. You guys are pathetic and frightening. Better stay quiet if you don't want people to hate you even more.
Did the government somehow manage to predict 746 days ago that they would need to have a PR flackey describing the workday of an NSA analyst to clean up for Snowden? I mean, that's some pretty special prognostication, right there.
Well anyone worth their salt should have known something like Snowden would happen eventually. Even if they didn't it would be smart to start infiltrating communities that they thought they might want "cred" in later.
> Analysts don’t care about what’s going on in your life.
Only until they do
> the Agency makes the distinction that looking at data is surveillance, while gathering it from locations outside the US is not. We gathered everything, and only looked at a tiny percentage of it."
"Cheer up, we're just collecting everything about your private life, we're not looking at it...mostly!"
So, besides a lot of fear mongering about Cold War and Nuclear Weapons (yes it is fear mongering, and mostly irrelevant to the debate, given your average citizen, whom you're spying on, is not about to go detonate one), what you have to offer is anecdotal evidence of your own time at NSA, who are all supposedly highly intelligent and trained individuals who can do no wrong. And what you're saying is that essentially, we're supposed to feel at ease because you don't care about our lives.
...and of course, your post is approved for publication by the NSA.
One thing that always bothers me is the assumption that we dislike the NSA because we're worried about them reading our personal emails and looking at our photos, and.. "you know.. our Instagramming". We should know it's not about anyone going through the process of reading our communications, it's about having automated systems hooked up to them, keeping them, and having the ability to use them. The human and electronic pieces of this system can act on you and change your life, even without you ever knowing about it.
Being hooked up to machines like this is losing a large part of our own power as a check and balance in our own government. We won't do it. If this program is "necessary" to fight terrorism, will i be considered a terrorist if i continue to disagree? What if i become very effective at disagreeing?
I believe that most should not be very concerned because most are not sending email to intelligence targets.
It's not just directly to intelligence targets. Can someone remind me what 3 hops from a base group of 117,000 targets is again? We're not talking about a home handwritten address book, this is linkedin, everyone i sold shit to on craigslist, everyone i've ever contacted. Heads per hop is like 100, at least. Anyway, should that group be concerned?
The Agency is an intelligence organization, not a law enforcement agency.
So what? Just because there's a boundary between the NSA and everyone else doesn't mean they aren't exploiting the same broken interpretation of Terry v Ohio to build systematic unreasonable-unarticulated-suspicion writ-of-assistance privacy violations. We disagree with the principle, not just the NSA. AT&T works directly with the CIA, the CIA works with the FBI, sharing on that side is just a cluster.
And I would prefer a world in which spying was unnecessary. But humanity is not there yet.
No one disagrees that intelligence is necessary. We disagree with being wired up to management and machines that can (and always will) easily make mistakes. Privacy is a right, violating it to feed the machine is already diminishing us.
More sources on how RAS is being used by these different agencies. Note that an initial RAS queries are what pulled the data in to the more easily queryable "corporate stores".
Morning session of civil liberties review, 21:07, 23:04, 37:00
26:20 is an insane defense of writs of assistance by Brad Wiegmann. Actually explaining why the effectiveness of stop and frisk is an excellent example of why the NSA should follow similar policies.
If he's so "patriotic" and so proud of him being a cyber spy, why didn't he jump out earlier to defend NSA's position? Why did he only come out and write an blog a few months late and around the same time as CBS 60 minutes NSA interview? I say this is a NSA propaganda.
One of the earlier statements by government spokesmen was that they're only collecting meta-data and no one should be concerned about that. Fine. Then every top-level NSA employee, and anyone else involved in the data collection process, should immediately and publicly publish THEIR meta-data. That means detailed phone bills showing what number they called, when, and for how long. That means to "to" and "from" plus timestamps on all email sent and received. That means the recipient name and address of every piece of Postal mail sent. We don't need to see the content of those communications, just the meta-data. Because that's harmless and not really private, right?
I can't help but observe, with a sort of grim humor, that this fellow's resume now consists of international unwarranted espionage that threatens to upend the very foundations of our constitutional republic...and organic mayo entrepreneurship.
> everything the NSA collects is by default shared with your government
So... does that mean that even though the NSA supposedly doesn't analyze American communications, their colleagues in other countries can?
Also, while it may be reassuring for Americans to know that US IP addresses are not allowed in searches, how reassuring is it for Canadians, Mexicans, Germans, Australians, etc? Does this not harm both our reputation and business interests?
In general, this article assumes agents of the government are, and will continue to be, law abiding and respecting of citizens rights. Is that likely to remain the case in 20, 50, 100 years? How about after a major terrorist attack?
* even though Congress was lied to/mislead about the scope of the NSA's programs, by none other than the Director of National Intelligence [1]
* despite the fact that the NSA hastily rushed to justify an invasion of Syria with misleading data [2]
* despite the fact that the NSA helped produce evidence to justify the false invasion of Iraq [3]
* despite the fact that the NSA helps to subvert crypto software and backdoor services, which makes people and businesses less safe against electronic warfare (despite the fact that al-Qaeda is at least aware of the need for building their own crypto, even if what we've seen so far is possibly crippled by stupidity) [4][5]
* even though the NSA were unable to catch the Boston bombers (even though the ФСБ warned the US multiple times about the brothers, they were tied to Chechnya, had jihadi content on their social media profiles and were already tied by association to a homicide) [6][7][8][9]
* despite the testaments from former Intel folks that mass data collection doesn't work and that Gen. Keith Alexander is incompetent [10]
* despite Alexander being unable to come up with problems the NSA's mass surveillance has solved without lying [11]
* despite the fact that Alexander is a monumental douche who used taxpayer money to have a Hollywood set designer make his office into a re-creation of the Starship Enterprise [10]
...we should be "reassured to know how capable and thorough your cyber spy agency and military command are." We should rest assured that our electronic communications being scooped up and stored couldn't ever possibly be used for nefarious purposes against a citizen of the US, that it isn't a gross violation of a person's right to privacy and dignity and that even the majority of the NSA are kind-hearted people looking out for America's best interests in the big, scary world full of North Korea's and Muslim radicals and that my virgin, uninitiated mind just doesn't understand. This isn't all just a big, dumb, out-of-control bureaucratic freak-out or an attempt to instate a Stasi-esque intelligence regime.
Fuck you and your condescension, Loren. You are a coward and a liar, unless there is some grand plot the NSA has helped unravel, Clancy-style, that you just can't tell us about (I will apologize and retract my statements when it comes to light).
Fuck you and your condescension, Loren. You are a coward and a liar, unless there is some grand plot the NSA has helped unravel, Clancy-style, that you just can't tell us about (I will apologize and retract my statements when it comes to light).
I won't even do that. I've read enough history to understand that losing a few planes and buildings once in a while is no big deal compared to what eventually happens to a country governed by the ethos exposed in the Snowden documents.
Data is provided by ISPs and big companies like Google and Facebook.
Now, if you ask someone working for a ISP or Google if they hand over information to anyone, of course they'll say that they don't and haven't heard of someone doing it.
But of course they wouldn't have heard of it, one person with access is enough to rsync or sftp it to the NSA; no need for the others to know about it. They are needed to their jobs with clear conscience. I assume its the same in the NSA on the other side of the 'relationship'.
The same phych screening process the author took probably also selected the guy is doing the abuse.
> Email that isn’t related to intelligence is rarely viewed, and it’s even less often viewed if it’s from a US citizen
I stopped here. The words "rarely" and "less often" should both be "never". If the answer is not never, congratulations, you just helped ruin the world. Engineers and developers should be using our powers to help the world, not help corrupt governments spy on their own citizens. I only wish there were a way to strip credentials from technical people who aid an enemy so they can never work in this field again.
What bothers me most about the NSA stories is that all the damage control seems to be revolving around not pissing the US citizens off because their data is collected.
What about the rest of the world? They just have a carte blanche to tap everything from everyone 'regular joe' from outside of the US can't do Jack Shit about it, other than help invent newer and stronger encryption methods, since all our governments have their arms up the US's ass.
A Congressional declaration of war would, by law, put an exceptional amount of wartime powers in the hands of one person, the President of the United States. For what are hopefully obvious reasons, Congress has not chosen to go through with that.
On the other hand, they have passed an "Authorization for the Use of Military Force" which is still current, authorizing military action in Afghanistan and wherever AQ or other terrorists groups might be found.
The worst thing about such pro-spying articles is that they are policy arguments, when the real issue is one of Constitutional rights. I don't really care what policies individuals or groups support. That's the whole point of a Constitution. It protects liberties from even majority rule taking them away. What part of the Fourth Amendment is unclear? Don't like it? Then pass a new goddamn amendment.
What do you think of the NSA tapping datacenter traffic, gaining access to company source code, passwords, and everything else companies incorrectly assumed wouldn't be sniffed? Was that justified? How do you know that data didn't get into the wrong hands, other than assuming every coworker was trustworthy.
If you are not a terrorist or a foreign government official or work for a large corporation or bank or travel or communicate with people in certain countries or use certain keywords in your communications you have absolutely nothing to worry about.
... the cognitive dissonance is strong in this one.
> I am an American patriot.
> Patriotism to me simply means that I care about the US and its future.
> We all know that it's illegal to look at a US citizen's data without a court order. I use the term "look" deliberately: the Agency makes the distinction that looking at data is surveillance, while gathering it from locations outside the US is not. We gathered everything, and only looked at a tiny percentage of it. I am okay with this distinction both because I don't mind if my emails are copied to an Agency database
That very last bit, is that also a symptom of "patriotism", or more like a justification to tell himself "this was my job, I believe I do right, so my job was right, because it was my job, which is right".
(then again, his ad for "paleo mayo" does show that this person has a habit of buying into beliefs as long as they are backed by sufficiently authorative-sounding sources)
> NSA employees are the law-abiding type. Firstly, the lawbreaking type isn't likely to want to work for the government. Secondly, if they did apply, it is quite unlikely they would make it through the clearance process.
Yeah, actually, "law-abiding" is not really the word I'd describe for the sort of people this process attracts ... More something in between "gullible" and some of the less positive interpretations of "US Patriot".
> While the efficacy of polygraphs has been questioned, and while I'm sure given sufficient training and natural psychosomatic control one could beat them, I think they're fairly accurate. They may yield some false positives (I, for example, initially failed when I said, "No" in response to, "Have you ever given classified information to a foreign entity?" – this is before I knew any classified information – and had to fly back to DC for a second attempt a month later), but I believe false negatives are rare.
Aahahaha, yes, and so do horoscopes! Can you believe this guy?!
They could have had a psychic in a sufficiently impressive suit "evaluate" him, and he'd still have bought into it.
> Even if you are not a citizen of the Five Eyes, you shouldn't be worried about your data being viewed unless you're involved with a group of interest, such as a foreign government or violent organization.
Whut? So anyone involved with a foreign government, such as their politicians, should be worried.
By extension, all citizens relying on that government should be worried.
Doesn't make sense. But then, I can decide what not to worry about by myself.
Finally,
> it would seriously impair our ability to spy if we couldn't gather everything.*
> * I am not permitted to say why this is the case, but it is true.
Fine. But the problem is not so much having to take his word for it, it could very well be true. The problem is, your current situation is wrong, very wrong. It obviously needs overhaul, and without talking about the "why", you can't have a discussion about fixing it, either. He himself admits he is unaware of the "big picture"--all the while stating that whatever it is, he's probably okay with the implications.
I'm pretty sure that even if I did know all the things he knows but isn't telling us, I'd very much disagree with that notion.
> The NSA is our best hope in this war. In my mind, the Agency’s continued dominance of the Internet is absolutely worth [whatever]
Remember, patriotism doesn't mean he doesn't care about people outside the US, just as long as the NSA gets to dominate the entire Internet.
yeah, all that juicy data, just sitting there. trust us. we won't touch it. neither will the fbi. or the cops. they don't care that you smoke weed. really.
except they do care. and they want that data. and they will get that data. you can bet your fucking LIFE on it.
if it's there, it will be used, and very possibly by someone with less than good intentions. how the hell could anyone convince themselves that this isn't true? it's mind boggling.
look at mccarthy era politics. THAT CAN HAPPEN. IT DID HAPPEN. IT WILL HAPPEN AGAIN.
I don't know if Loren is sincere, or if he's part of a disinformation campaign. Either way, I don't believe his reassurances. I think NSA surveillance is first and foremost a tool to control the American citizenry. The next Martin Luther King, Ralph Nader, or Daniel Ellsberg isn't gonna stand a chance.
@"I don't know if Loren is sincere, or if he's part of a disinformation campaign."
Those two states are not mutually exclusive in their entireties . It depends on what information he's been fed and believes. What is undeniable is that NSA has launched a Christmas disinformation campaign via staffers[1] and earlier, its extended family.[2] (Documents are at the bottom of the pages.)
The comments in this thread (and every other Snowden-related revelation in the last six months) have made it clear you are incapable of appreciating the magnitude and complexity of this scope of issue. The comment threads have been dominated by narrow, small minded thinking, bereft of any considered thoughtfulness. I quit reading your comments on these posts long ago, because they were a worthless echo chamber of self-righteous arrogance. I thought maybe, perhaps, this post would elicit better discussion. I should have known better.
Even after six months, I don't yet have a well-formed opinion on the topic. It's incredibly complicated and encompasses considerations most of us can barely comprehend. In an essay on the topic, Mike Hayden (ex USAF General, ex NSA director, ex CIA director) said: [1]
it takes a special kind of arrogance for this
young man to believe his moral judgment
on the dilemma suddenly trumps that of two
(incredibly different) presidents, both houses
of the U.S. Congress, both political parties,
the U.S. court system and more than 30,000 of
his co-workers.
The HN collective deserves the same chastisement.
I expect more of HN than I do a typical forum. I dismiss the "not like the old days" cynics. Please don't prove them right.
> it takes a special kind of arrogance for this
young man to believe his moral judgment
on the dilemma suddenly trumps that of two
(incredibly different) presidents, both houses
of the U.S. Congress, both political parties,
the U.S. court system and more than 30,000 of
his co-workers.
> "You will deal with a person who doesn't have those clearances only from the point of view of what you want him to believe and what impression you want him to go away with, since you'll have to lie carefully to him about what you know. In effect, you will have to manipulate him. You'll give up trying to assess what he has to say. The danger is, you'll become something like a moron. You'll become incapable of learning from most people in the world, no matter how much experience they may have in their particular areas that may be much greater than yours."
To be clear, I think this is a highly complex issue and needs a lot of careful thought. I'm not at all suggesting General Hayden is wrong. I am suggesting that he doesn't believe an open, democratic debate about it serves any purpose.
To be more precise, the most misleading thing in the first quote is the bit about trumping two presidents, congress, both political parties and the courts. Plainly, given what we now know, a large proportion of these mentioned have been misinformed and not allowed to consider and debate what has been happening. And I include the courts here, thanks to parallel construction.
Also on the same lines, about the lack of debate, David Foster Wallace:
I don't think you should be surprised that most of Hacker News is currently upset and only considering one side of the story. This is the debate that everyone has needed but has been suppressed up to now. Naturally, it rebounds stronger when it finally comes.
> I didn't test it, but I'm sure there was automated analysis that prevented or flagged use of US selectors.
The mental leap here is subtle, but substantial. Since I have been told I can't use US selectors , I assume the system enforces this. As such, US citizens have nothing to worry about. However, in the immediately previous paragraph, he noted:
> one employee spied on a spouse
So much for automated analysis, besides not being able to filter out US citizens' data it can't even filter out an employee's direct family. But there's no need to worry citizen, the NSA has a very high-quality workforce.
In the NY Times this morning was a piece noting that the government has concluded they don't know what files Snowden took with him (http://www.nytimes.com/2013/12/15/us/officials-say-us-may-ne...). The most technologically advanced intelligence agency in the history of the world and they have no idea what files were electronically taken by one of their own. One of their own who passed the background check by the way--I don't know why the OP is so enamored with the polygraph.