Email : GPG/PGP (The End!)
Web : Tor (Browser bundle)
Voice/Txt : RedPhone, Silent Circle, Cellcrypt, TrustCall, TextSecure
Data : TrueCrypt, Scramdisk, PGPDisk
We can all pretend this is still a Democracy (it's not and never has been; it's a Representative Republic and our representatives are mostly evil and/or stupid) and think those who have power will relinquish it voluntarily or you can actually do something about your own privacy.
Edit: Dear God, I feel like I'm turning into Stallman! (Which, on closer inspection, may be a good thing)
Email: PGP-encryped.
Browsing Traffic: Routed through Tor
Voice/Text: Encrypyed.
Other Sensitive Data: TrueCrypt Hidden Partition
Seeing your interrogator pull out a rubber hose,
and realize that none of that matters: Priceless
----
| think those who have power will relinquish
| it voluntarily
Yea. It was pretty crazy when the Secret Service sided with GW Bush and the Marines sided with Obama, and Bush made his last stand to retain the Presidency at the Oval Office. I don't look forward to when/if Obama is voted out of office...
Pretty sure you misinterpreted what OP meant by "power". Sure Bush left office when his term ended, but Obama continued a lot of the policies we thought were going to be ended, keeping the NSA in a greater position of power than it should be. That's the power that hasn't been relinquished.
> If the people in office get voted out, they leave. If they didn't, we might have a problem.
No, as evidenced by the our current situation, we still have a problem.
>Yea. It was pretty crazy when the Secret Service sided with GW Bush and the Marines sided with Obama, and Bush made his last stand to retain the Presidency at the Oval Office. I don't look forward to when/if Obama is voted out of office...
I feel stupid. What are you talking about? Or is this a joke scenario or something? Sorry if I'm being daft.
>>If the people in office get voted out, they leave
This is dangerous that after they and someone replaces them the story repeats like a record player in a lop, only with louder volume. (I wish I could think of a better analogy)
Well, I mean, the scenario you're describing where a leader becomes a tyrant and is deposed of by their successor is basically a totalitarian dictatorship.
I think that's a bit of a (very large) stretch. I think the "President" and the military are separate enough in this country that we don't run a huge risk of "THE GOVERNMENT" (ie, a "leader" and militia to empower them) could or would act as a cohesive force against the US.
Usually when you see this, you see fractioned militia that support the next successor or what not.
Remember that PGP does not encrypt headers, so it doesn't hide the recipient list, the sender or the subject line. In some implementations, it may not encrypt attachments.
Seriously, I don't really care how people take their privacy into their own hands (as long as they don't harm anyone), but this ridiculous theme of "you have nothing to hide and/or [insert bit of data] isn't really private anyway" is starting to become a real bore.
BTW... I understand the shortcomings of OTPs (and pigeons; I live in New York), but I don't see why it's not used more often. I mean secure distribution of pads is starting to look like the least vulnerable link in the chain at this point.
We do not provide direct access to our servers. We just have a system that sends copies of our data to their servers. We really do care about your privacy!
We do not provide direct access to our servers. We just have a system that sends copies of our data to their servers. We really do care about your privacy!
Lest people think this is a joke, this is EXACTLY what the telecoms did under Bush that lead to Congress passing retroactive telecom immunity. Predictable outrage this time looks to me like outrage then, and I have no reason to believe that we won't see a similar legislative response.
That said, in Google's case I believe them. This is the company that is going to court to stop the government from trying to get information about Google users with warrantless national security letters.
FB on the other hand, I would expect to see providing technical support to the FBI about how to use their in house tools to more quickly analyze the dumps...
A very telling fact was that Obama was one of those voting for it as well. That told me at least who Obama was. I was never fooled by his hope and change rhetoric, that one action said all I wanted to know before he even started running for pres.
Here is Sen Obama's 2008 reason for flip flopping on the issue:
---
"Under this compromise legislation, an important tool in the fight against terrorism will continue, but the President's illegal program of warrantless surveillance will be over. It restores FISA and existing criminal wiretap statutes as the exclusive means to conduct surveillance - making it clear that the President cannot circumvent the law and disregard the civil liberties of the American people.
---
But what was the alternative? McCain missed that vote, but had been strongly for telecom immunity all along, and was much more vocal about it than Obama. Hillary Clinton's husband Bill ran Echelon and Carnivore, the odds she would be different were low to nil.
Incidentally in this case it is worth noting that Obama stayed in the letter of his promise. There was a warrant. Whether that warrant was properly obtained, or should be legal is a different question. But there actually was a warrant from the rubber-stamp FISA court.
| FB on the other hand, I would expect to see
| providing technical support to the FBI about
| how to use their in house tools to more quickly
| analyze the dumps...
According to Mark Zuckerberg:
"Having two identities for yourself is an example
of a lack of integrity"
I'm surprised that he didn't beg the government to peruse his data to weed out all these 'phonies' that are polluting his perfect system.
Yes, it's rather telling that each denial used the exact same "direct access" terminology. It's not like this contingency wouldn't have been planned for - they all knew the gravity of their decision to enter into this. Those statements were likely provided to them by the Justice Department when they first came on board with PRISM in the event that the program ever came to light. A creative US Attorney likely concluded that this would be a legally defensible statement, even if it is wholly misleading.
> Yes, it's rather telling that each denial used the exact same "direct access" terminology.
Yap, it seems as if they got a set of "talking points". They can use certain words and phrases and still given some technicality get away with telling "truth" while effectively also telling lies.
Some say how NSL (national security letters) are pretty draconian and imply personal liability for disclosure. And that is true perhaps but at the same time these agencies do want to get some cooperation and are perhaps willing to "help out" their co-conspirators so PR departments I imagine get a cheat-sheet -- "use these phrases as responses".
Furthermore it seems apple fb google etc leapt at the chance to loudly deny using white listed talking points, knowing full well that the story was unfolding. They want the public to know they are gagged.
Exactly. Everybody can obviously read these companies' very carefully worded denials for themselves and see that there's enough wiggle room to drive a bus through.
Even if they are getting all this data(and they most likely have access), I find it highly improbable that the govt has access to the human resources (R&D/Engineering) required, to produce something useful.
Just think about the teams they have to put together to build even reasonably useful tools.
The same government that invented the nuclear bomb and provided feedback that protected DES's S boxes from differential cryptanalysis before it was publicly known to exist?
I think you give it too little credit.
The government does a bad job with citizen-facing software engineering. It's not clear that the same is true for defense and intelligence applications.
The difference was that there weren't better jobs for those people back then, and there was a real world war back then and we were kinda obviously the good guys.
People with the skills to do the data mining needed at this scale already have better jobs at Google or on Wall Street. Are they really going to take a pay cut, worse benefits and "government job" bureaucracy for the privilege of spying on their friends and family?
I have family in military intelligence and the situation they are in right now is their branch of the armed service thinks they are just going to send their officers of below average mathematical talent to big data boot camp and expect them to just pick this stuff up, as if it's the same thing as learning Russian or flying a drone. Although the I'm as disappointed as everyone in that so many in the government seem think domestic spying is the wave of the future, I'm skeptical that the real motivations are anything beyond business as usual defense sector pork.
Sure but the big difference today is the internet. Good luck trying to hire an Oppenheimer today and setting up Los Alamos in secret.
Take a look at successful teams that already work with "big data" like at Wolfram Alpha or IBM's Watson. It is not at all easy to build such teams today. There aren't enough PhD's around, unless you are outsourcing to China. And then to step it up a level to Google's requirements we enter personal chefs and segway territory. I cant find the quote but Eric Schmidt has said multiple time what is hampering progress is not the lack of cash or infrastructure but talent.
More than the privacy issues I have to wonder about the waste. Cause getting the data and the infrastructure to handle it is the "easy" part. Extracting actionable intelligence I doubt highly they will succeed. Will turn into a big cash sink, that no one will talk about as the costs need to be justified...until they cant be.
Think about the smartest people we have in the valley... whomever you want to arbitrarily put on that list.
Every single person I have dealt with at a three letter agency is that caliber of smart. They have entire buildings full of them. Sure you have tons of other mid-grade government paper pushers, but the sheer scale of smart people was overwhelming.
How do they convince all of them to stay and deal with the bureaucracy vs going to somewhere like google and having tons of benefits and likely double or triple the salary? Or starting their own company doing whatever they find interesting?
Most get recruited right out of college, many people take the job on strong recommendation from an advisor or professor. The perks aren't on Google scale, but the pay is better than you'd expect and the feeling of purpose and patriotism is something no valley company can really match.
Once you are on the inside, you have daily interactions with technology that is 10 years ahead of anything on the outside, which is really hard to walk away from. Not to mention you probably married someone else with a clearance along the way.
If you do want to leave... all your accomplishments, achievements, and awards are locked up in an ISR (internal staffing resume), and you end up sending potential employers a half page CV listing something stupid like "Senior Computer Operator, Defense Department, Ft. Meade" that no recruiter is smart enough to parse.
It appears most people, assuming its fresh out of college, would start out at GS-7 which at step 10 in the DC area would only be $54K. Assuming they were graduating with a Phd, they could be at GS-11 step 10 which would still only be 81K.
I understand the feeling of purpose but starting at half the salary and having a cap of 155K (assuming you move into senior management (GS-15 step 10)) vs somewhere like Google where you start at ~100K and the limit for technical people seems like its the 400K+ range seems like a tough sell. Also maybe its just stereotypes, but it seems like antisocial behavior which seems somewhat prevalent in excellent technical types wouldn't really mesh with the command structure there.
Oh yeah I know that but he implied that the salary gap wasn't that big. As far as I can tell it is. Sure defense contractors pay far more but that's not really working for the government anymore, you are in private industry and could just as easily go to someone that has use for people with clearances like Palantir or similar.
On a side note do the top tier/brilliant software engineers at Lockheed/et al make Google level salaries? Actual technical people, not those who have moved into management that is.
The cost of living is something you need to adjust for. In the Bay Area everyone gets tech company salaries. In the places you might live, everyone gets government salaries.
A lot of people like myself just don't want to work for Google, regardless of price.
The people I know at defense contractors in the Bay Area all make more than what you would at Google.
No it isn't. An iPhone and BMW cost the same thing in fly-over states that they cost in nice places. Maybe in a fly-over you're keeping 20% of your salary rather than 10% in the valley but the difference in salary probably means you still end up with more money in the valley.
I doubt he can say anything; it is all classified. However, it is almost certainly the case that the NSA's software is more advanced than anything publicly used:
1. They can read all the publicly available journals, so they are not going to be any worse
2. They hire top researchers in CS and math, and have internal, classified journals on their cutting edge work
"Being easily manipulated by bullshit is usually for the simple."
Not when you spend your first 20 years of life in school, being trained to follow instructions and being punished for questioning authority. Even very intelligent people can be turned into obedient workers.
I'm not sure I buy that. My entire education was the US public school system and I was never very patriotic. I'll admit I did feel a little bad about it though.
All these denials cover one specific thing that they're not doing, not the spirit of all things that could be done. Mirroring all traffic to an additional destination isn't providing a back door, but it accomplishes much of the same function.
Google provides portals for law enforcement to search their data given the proper clearance/warrants. This is what the Chinese were rumored to hack into with the Aurora stuff.
These communications people are playing word games. These companies turn over and give access to whatever they are legally required to.
They will in time. HN has been hit with links to new stories as each denies the 'direct access to their servers.' First came Google, then Apple, now Facebook.
Regardless, they are purposefully missing the point. The average citizen isn't upset by the means of the private information sharing, but that it is going on in the first place. It is that 'providing only information required by law' sounds limiting, but if the law makes clever use of language to access a huge amount of data then that phrase doesn't mean anything.
More specifically, narrow warrants. From a no longer operative document:
"... and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
Warrants AND due process. It is very easy to get a warrant through a due process, with independent judges and registered probable cause and evidences for it.
Eventual access to these documents are necessary so law enforcement agents must be liable for any possible mischief.
Without the proper checks and balances, it becomes very easy to game the system and put us in a kafkian situation, or worse.
These sorts of orders are all gag-ordered by default. They have to lie to everyone about their existence, including co-workers and spouses, or they go immediately to jail.
It's individual criminal liability for disclosing. They are literally required to dodge under federal law to stay out of jail.
Wonder if they are ever subpoenaed in court to testify about it, if they lie they commit perjury if they tell they truth they break the rules of the NSL.
At the same time the govt probably does want them to cooperate, and doesn't want it to be a completely adversarial situation. I can see them buttering these companies up and offering "talking points" on how to specifically dodge these kind of questions. For example Dept. of State have media training, they set up adversarial training situations with fake role playing journalists asking "tough" questions then train employees to dodge them successfully. Very useful.
Same here I can see maybe PR spokespeople are urged maybe to say "we are not spying" because maybe the word "spying" has a specific meaning and given some technicality what they are doing is not "spying", stuff like that. Kind of like NSA has been saying they are not looking at everyone's emails. Well they are not people doing that, it all gets archived and stored probably based on some pattern. So they can clearly and proudly say they are not "reading" our information.
"Wonder if they are ever subpoenaed in court to testify about it, if they lie they commit perjury if they tell they truth they break the rules of the NSL."
That would only come into play if they're partly immunized and compelled to testify, in the Congress or a grand jury; otherwise they could plead the 5th.
It should be illegal to have gag orders at this level. "We're going to abuse our power and make it illegal for you to tell anyone". Imagine if they make a law that they can just rape people and it's illegal to tell anyone.
1) Considering these programs may be authorized by the Foreign Intelligence Surveillance Courts, and thus may be legal, none of these responses are actually denials. Far from it.
2) Moreover, if the alleged companies were knowingly providing user data to the US government as members of the PRISM program, they would be unable to confirm or deny this fact because it would be illegal for them to do so. The orders for compliance are accompanied with gag orders.
What if the terms of PRISM means that if asked, the company must deny any knowledge of it or of sharing data... And that the existence of such denial order must also be denied.
Well, these denials were just proven to be false by a statement issued by James Clapper, the US Director of National Intelligence. The statement confirms the existence and active use of the program, though he insists that the data is only used for targeting non-US persons. Here is his statement:
"The Guardian and The Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. They contain numerous inaccuracies.
Section 702 is a provision of FISA that is designed to facilitate the acquisition of foreign intelligence information concerning non-U.S. persons located outside the United States. It cannot be used to intentionally target any U.S. citizen, any other U.S. person, or anyone located within the United States.
Activities authorized by Section 702 are subject to oversight by the Foreign Intelligence Surveillance Court, the Executive Branch, and Congress. They involve extensive procedures, specifically approved by the court, to ensure that only non-U.S. persons outside the U.S. are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about U.S. persons.
Section 702 was recently reauthorized by Congress after extensive hearings and debate.
Information collected under this program is among the most important and valuable foreign intelligence information we collect, and is used to protect our nation from a wide variety of threats.
The unauthorized disclosure of information about this important and entirely legal program is reprehensible and risks important protections for the security of Americans."
In any event, each of these denials were just refuted by the man in charge of the program. So much for trusting anything any of these companies say ever again.
I do not see where in James Clapper's statement there is a claim that Google, Apple or FB participated in PRISM.
That said, the only way I can square his statement with the facts is that when you collect information on EVERYONE, then you haven't targeted ANYONE in particular. Which is exactly what this warrant enables the FBI to do.
Also it should be noted that all denials have included the admission that companies are forced to comply with lawful requests. A request that comes complete with a warrant from a judge will be usually seen as lawful, even though there might be issues with the warrant. Thus a company could "only comply with lawful requests" and also turn over all of their data under a warrant like this.
That said, Google has been vocal enough in protesting government attempts to troll through its data that I am inclined to give them the benefit of the doubt on this one. But I think that we'll soon have more details.
Most likely: the name "PRISM" is made up (or was never revealed to tech companies), and so when you ask any of the tech companies involved, they're like "Huh? What?"
If there weren't a hard-document supporting the spying, it seems to be Verizon would deny any NSA ties, too. And it gets worse: there's a good chance that upper management at Verizon didn't even know about the NSA program, anyways, let alone spokespeople.
Most of these use encrypted communications. NSA may be able to crack specific communications, but they can't crack all of them from Google, Skype, Facebook, iMessage in real time.
Getting access to it "voluntarily" makes thing so much easier. It says in the slides the PRISM program only costs them $20 million a year.
This is the best guess if you take both the leaked documents and the companies' denials as accurate. They can use a real prism to duplicate the fiber traffic before/after Google/Apple/Facebook's servers and their root certs to take a peek within.
Most importantly, if they can crack and get the information they most likely can't use it unless there is an imminent and grave danger to the government's ability to stay in power. Because then using it would reveal their abilities.
Now there is a system that can be used for example. That system is once NSA identifies the list of suspects they forward that record to a another agency (FBI?) who then is in charge of finding other evidence, which could have plausibly be found anyway, and prosecute based on that. They can never release the initial reason why they got "interested" in someone as that might reveal the abilities of the NSA.
Wow. Look at the beautiful apple bullshit. Cause they've never "heard of prism specifically" cause the government never called it that. And of course apple never gave the government access to the servers. They just handed the data over
Edit: Dear God, I feel like I'm turning into Stallman! (Which, on closer inspection, may be a good thing)