A bad day for privacy.
June 6, 2013 3:06 PM   Subscribe

Washington Post: NSA and FBI are mining data from nine major tech companies in formerly secret program. Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple are being monitored, with Dropbox "coming soon". The program, called PRISM, is reportedly the most prolific contributor to the President's Daily Brief.
posted by brentajones (401 comments total) 68 users marked this as a favorite
 
Dropbox , the cloud storage and synchronization service, is described as “coming soon.”

Beta PRISM?
posted by Blazecock Pileon at 3:08 PM on June 6, 2013 [3 favorites]


I guess this just confirms that one shouldn't trust US cloud services.
posted by jaduncan at 3:09 PM on June 6, 2013 [9 favorites]


Tomorrow's New York Times: Those reassurances have never been persuasive — whether on secret warrants to scoop up a news agency’s phone records or secret orders to kill an American suspected of terrorism — especially coming from a president who once promised transparency and accountability. The administration has now lost all credibility. Mr. Obama is proving the truism that the executive will use any power it is given and very likely abuse it. That is one reason we have long argued that the Patriot Act, enacted in the heat of fear after the 9/11 attacks by members of Congress who mostly had not even read it, was reckless in its assignment of unnecessary and overbroad surveillance powers.
posted by roomthreeseventeen at 3:14 PM on June 6, 2013 [8 favorites]


Holy shit; I was ready to say "double", but of course this is a completely different story from the one that came out yesterday saying the government is looking at everyone's phone call records. Just amazing.

I guess this just confirms that one shouldn't trust US cloud services.

One shouldn't trust anything or anyone, I suppose. Encrypt, encrypt, encrypt.
posted by mr_roboto at 3:15 PM on June 6, 2013 [21 favorites]


Selections from the slides provided to the Washington Post describing the program, including:

"Your target's communications could easily be flowing into and through the U.S."

and "What will you receive in collection? It varies by provider. In general:"
posted by brentajones at 3:16 PM on June 6, 2013


I guess I shouldn't have bought that Persian carpet using my Gmail account.
posted by Nomyte at 3:16 PM on June 6, 2013 [4 favorites]


I think we were pretty confident that this was happening, weren't we? This is just confirmation.
posted by anotherpanacea at 3:17 PM on June 6, 2013 [23 favorites]


Huh. I seriously thought this was common knowledge for like a decade (I knew about them monitoring AOL IMs since like 2004 or so, apparently before PRISM was even established.) Didn't this even come out as a thing previously? Or is it just "we know for absolute sure now"? (On preview, what anotherpanacea said.)
posted by naju at 3:19 PM on June 6, 2013 [5 favorites]


Yep. Don't trust the cloud, because it doesn't trust you.
posted by Mars Saxman at 3:20 PM on June 6, 2013 [1 favorite]


Or is it just "we know for absolute sure now"?

Pretty much.
posted by the man of twists and turns at 3:26 PM on June 6, 2013 [4 favorites]


Trust everyone, make sure everyone has and distributes the information. Be everywhere they want you to be. Be open along with everyone else like you. Be visible. Share an equal number of cat pictures. visit the same destinations. Fill out friend surveys identically. All shop with a Mastercard. If they have kids - you have kids. Be identical. If you want to be into something revolutionary, I suggest you try semaphore.
posted by Nanukthedog at 3:30 PM on June 6, 2013 [1 favorite]


Mod note: Long attribution-less textdump comment deleted; maybe we could just have a link to the source for that list of terms instead?
posted by LobsterMitten (staff) at 3:33 PM on June 6, 2013


Even with the link, I"d ask Agriculture WTF
posted by infini at 3:35 PM on June 6, 2013


First word that came to my mind was "Panopticon".
posted by Schmucko at 3:36 PM on June 6, 2013 [12 favorites]


Twitter is still safe, right?
posted by monospace at 3:37 PM on June 6, 2013


The President still uses a Blackberry, right? The Canadian company with data centres in Canada?

Huh.
posted by GuyZero at 3:38 PM on June 6, 2013 [3 favorites]


I hate being right.

I'm going to go write a google doc with "HI OBAMA! HI NSA!" a few million times now....
posted by strixus at 3:38 PM on June 6, 2013


Posts like this should have a link as to where one can donate monies to the ACLU.
https://www.aclu.org/donating-american-civil-liberties-union-and-aclu-foundation-what-difference

This has to be a flagrant violation of 4th Amendment as it pertains to papers and effects. I know the Patriot act has destroyed the probable cause clause of this amendment.
Also keeping the congress and the public ignorant of the policy has also got to be a violation of many other statutes.

AMENDMENT IV
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
posted by Mag Plug at 3:38 PM on June 6, 2013 [14 favorites]


My favorite band is Anthrax, but I love Megadeth's greatest hits albums with the nuclear bomb creating death on the cover. Did you know Dave Mustaine used heroin, cocaine, meth, sold marijuana and other narcotics, and covered Anarchy in the UK?

I once got 16-20 points in scrabble for the word RICIN, 'cause one of the letters was in a double word bonus.

M72 LAW was my car's license plate, for a time. You know what word I think is the sexiest in the English language? Passport

Passport

The preceding was intended to ensure the following ends up on someone's spreadsheet: Fuck you.
posted by Bathtub Bobsled at 3:40 PM on June 6, 2013 [147 favorites]


Welp.
posted by entropicamericana at 3:42 PM on June 6, 2013 [1 favorite]


"PalTalk?"
posted by drjimmy11 at 3:43 PM on June 6, 2013 [4 favorites]


Everyone be sure to use the ifttt recipe for transferring your instagram pics to dropbox. How great would your job be if you had to look at pug pictures all day? THAT WOULD BE A SUPER GOOD JOB.

Seriously, none of this surprises me. Which is sad-making.
posted by fluffy battle kitten at 3:44 PM on June 6, 2013


"PalTalk?"

HoneyPotChat
posted by Blazecock Pileon at 3:45 PM on June 6, 2013 [6 favorites]


I'm always surprised how few people seem to know of the existence of Canada-based Hushmail.
posted by drjimmy11 at 3:47 PM on June 6, 2013 [5 favorites]


At least now I know why I'm sometimes randomly logged out of Google Drive. "Oh, sorry, NSA, go ahead and finish. I need some more coffee anyway."
posted by perhapses at 3:49 PM on June 6, 2013 [10 favorites]


How do they deal with the Babel of google translate and the transliteration into so many other alphabets and scripts?
posted by infini at 3:50 PM on June 6, 2013


I think the best description of PalTalk I've heard, at least in one of my circles (libyans) is "PalTalk is twitter for dads"
posted by mulligan at 3:50 PM on June 6, 2013 [2 favorites]


So what? It this just standard outragefilter?

Is there evidence that they're looking at things without reason, or with any kind of malicious intent, or without adequate safeguards? I can't tell from this article, but reaction to the Verizon thing has already been overblown, so I wouldn't be surprised if this were the same way.
posted by shivohum at 3:55 PM on June 6, 2013


hurf durf nothing to hide nothing to fear
posted by entropicamericana at 3:57 PM on June 6, 2013 [26 favorites]


No, it doesn't surprise me. But for some reason, this current revelation is getting under my skin more than it has in the recent past. I mean...so you just have no expectation of privacy anymore? Not just in the understanding of the realities of online communications, but essentially codified by the government?

I just. I don't care about my data, as I have understood the aforementioned reality of online communications for nearly twenty years, and as such know how to protect anything that really needs protecting.

No, I care about the principle. A citizen's abdication of all rights to privacy is one of the hallmarks of a tyrannical state. And...that's not how it's supposed to be. I guess I'm surprised that there's not more outrage, in the face of an ever-escalating and public embrace of tyranny by our government. I find it to be incredibly disheartening, all around.
posted by Brak at 3:58 PM on June 6, 2013 [33 favorites]


Issues like this, I think, throw people into stark relief as belonging to one of two camps:

1. You're a person who thinks "this will keep me safe because they'll find [people who I am afraid of] and I have nothing to hide."

2. You're a person who thinks "this will endanger so many of us because they'll imprison us or worse even though we have done nothing wrong."

And that, I think, is the biggest fucking problem: it divides us. Proposing something like this, to say nothing of actively doing it against so many people's wishes and what should have always been their rights, immediately says "surely you wouldn't care if you were a LAW-ABIDER, would you? Or are you some bleeding heart trying to be the savior of some lower order of person? Who do you think you're fooling?"

It is, at its heart, class warfare. Merely proposing it acts in favor of the the super rich, the highly connected. Essentially, the entrenched elite who are not eager to let go of the power they currently have.

I am taking every step I can to have sympathy for people who support this because continuing to drive that wedge acts against my own interests, BUT, nothing to my mind is more important than drawing attention to that gap widening and making it clear how much we need it closed.
posted by shmegegge at 4:00 PM on June 6, 2013 [37 favorites]


Is there evidence that they're looking at things without reason, or with any kind of malicious intent, or without adequate safeguards?

"Malicious" is in the eye of the beholder. The entire article is about them looking at things without reason and without adequate (or any) safeguards.
posted by drjimmy11 at 4:01 PM on June 6, 2013 [5 favorites]


I do kind of disagree with the framing of 'A bad day for privacy."

This a good day for privacy, because we found out this is happening and we can fight it.

The bad days were when Bush started it and Obama enthusiastically doubled down on it.

The next bad day will be when Obama tries to track down and prosecute the American hero who leaked this.
posted by drjimmy11 at 4:04 PM on June 6, 2013 [23 favorites]


I wouldn't mind if the government searched my house once a month so long as it came with a free cleaning service.
posted by perhapses at 4:04 PM on June 6, 2013 [2 favorites]


I can't wait for that new Xbox One by Microsoft, with the always-on cameras and microphones right in my own home!
posted by antonymous at 4:05 PM on June 6, 2013 [49 favorites]


A bad day for privacy.

Why? Do you think they just started doing this today?
posted by charlie don't surf at 4:08 PM on June 6, 2013 [2 favorites]


"Malicious" is in the eye of the beholder. The entire article is about them looking at things without reason and without adequate (or any) safeguards."

Damn right. A police state starts with the best of intentions and ends with people being hauled off because the 'beholder' has a grudge against them.

Think of 24/7 surveillance as someone keeping tabs on you constantly just waiting for you to trip up and then throwing the book at you for it. Bullshit.
posted by tgrundke at 4:09 PM on June 6, 2013 [10 favorites]


I really hope my senator from Oregon, Ron Wyden uses the two crazy surveillance stories that came out today to push through some change for the better, since he's always been on the good side of this fight (he previously unsuccessfully tried to get info on these programs from the NSA but was told they were top secret and no one in congress would be allowed to know about them). I suspect though that the gov't will cry "terrorism" and convince most of the public that these insane measures were somehow worth the loss of privacy.

Also, given how Bradley Manning is being treated, I'm amazed anyone with knowledge of the PRISM program would ever blow the whistle on it. How long until we get someone's name trotted out and imprisoned for this?
posted by mathowie at 4:10 PM on June 6, 2013 [12 favorites]


The next bad day will be when Obama tries to track down and prosecute the American hero who leaked this.

Not to derail, but people with access to this information are also Chinese.
posted by antonymous at 4:12 PM on June 6, 2013 [5 favorites]


I can't actually think of a prior historical example of a "police stays that started off with the best of intentions." Got an example?

I'm just feeling pretty checked out politically now, but dammit Obama don't you come asking for my support on anything else. As an old man I just fucking give up.

Good luck kids.
posted by spitbull at 4:14 PM on June 6, 2013 [6 favorites]


I can't actually think of a prior historical example of a "police stays that started off with the best of intentions." Got an example?

The USSR? Surely some of the Bolsheviks must have believed that the apparatus of repression they were establishing was a short-term necessity to establish the socialist utopia, rather than thinking “cool, we get to be Tsar now”.
posted by acb at 4:18 PM on June 6, 2013 [8 favorites]


I hope the NSA and FBI enjoyed all that Tony Stark/Bruce Banner slash as much as I did.
posted by Asparagirl at 4:18 PM on June 6, 2013 [24 favorites]


Is there evidence that they're looking at things without reason, or with any kind of malicious intent, or without adequate safeguards?

I would argue that an order for all the call metadata for US-US and US-Foreign calls for a three month period is on its face "without reason" and "without adequate safeguards." While there is the obvious stated reason ("prevent terrorism" and "national security"), surely the vast vast majority of records obtained are those where there is no reason to suspect any wrongdoing. As for safeguards, what kind of safeguards can a secret program that analyzes secret data and produces secret reports possibly have? And assuming today's reports are true, the Verizon order is simply a regular three-month re-authorization of a program that has been operating for years.

Nobody is arguing that the government shouldn't be able to identify someone who it reasonably suspects of involvement in terrorism, articulate the circumstances of that suspicion, and set out to collect intelligence about his actions. And if that means some intelligence is collected about uninvolved Americans in the process, we can deal with that. But that's utterly different then demanding secret access to everything and using it in ways we will never know.
posted by zachlipton at 4:19 PM on June 6, 2013 [5 favorites]


Mars Saxman: "Yep. Don't trust my butt, because it doesn't trust you."

I always wonder how many people are purposely creating easter eggs for users of the cloud to butt plugin.
posted by straight at 4:19 PM on June 6, 2013 [1 favorite]


Microsoft – which is currently running an advertising campaign with the slogan "Your privacy is our priority" – was the first, with collection beginning in December 2007.
posted by Rhaomi at 4:21 PM on June 6, 2013 [6 favorites]


>> A bad day for privacy.

> Why? Do you think they just started doing this today?


no but

> Surely THIS

Maybe this will finally get people to eat their peas

I intend to set up a personal passphrase with Backblaze tonight.

Maybe this kind of outed secret will strengthen the opposition to fuck-your-privacy in public efforts like CALEA II and permission to lard your computer with spyware to curtail infringement
posted by morganw at 4:24 PM on June 6, 2013 [1 favorite]


Could someone please just do an FPP on the stuff the government isn't secretly monitoring?

At the end of your street on the left is a tree. About five feet up the tree is a small hollow, where items could be placed. The government is not currently monitoring that hollow.

EDIT: Someone mentioned the tree on the internet. Absence of government monitoring can no-longer be assumed.
posted by anonymisc at 4:25 PM on June 6, 2013 [21 favorites]


I'm always surprised how few people seem to know of the existence of Canada-based Hushmail.

Maybe they've already rejected the notion.

Encrypted E-Mail Company Hushmail Spills to Feds
posted by user92371 at 4:26 PM on June 6, 2013 [13 favorites]


I'm curious about the implication that these multinational corporations may be turning the private data of citizens in other countries over to US spy agencies. I'm pretty sure the EU will have some issues with this and many of these 'american' companies have ostensibly offshored much of their HQs to EU locations for tax sheltering purposes. I'd think this could get complicated.
posted by srboisvert at 4:28 PM on June 6, 2013 [3 favorites]


Think of 24/7 surveillance as someone keeping tabs on you constantly just waiting for you to trip up and then throwing the book at you for it. Bullshit.

Think of 24/7 surveillance also as corporate welfare that throws a lot of taxpayer dollars at the whole machine of consultants, networking and software companies, law enforcement, etc. that keeps the Fascist Panopticon running. DC lobbyists have to pay the leases on their Mercedes-Benzes, too!
posted by Blazecock Pileon at 4:28 PM on June 6, 2013 [7 favorites]


Hey, at least we know that the boys and girls at the NSA and FBI are up on their cyberpunk. I mean, this is pretty much lifted from William Gibson and Neal Stephenson, almost verbatim.

I wonder which enclave I should join. Maybe the Crafters? They had some good nano-tech, from what I recall...
posted by daq at 4:30 PM on June 6, 2013 [2 favorites]


Is there evidence that they're looking at things without reason,

The evidence is overwhelming. The public record shows no end of the grossest of abuses of systems that are both much less intrusive than this and much more protected against abuses than this is. Do you think human nature has somehow mysteriously changed, without anyone noticing?

Not to mention the travesties of justice that result from simple incompetent use of surveillance - incompetence that breeds in the darkness of lack of public accountability.

It all seems ok if you don't pay much attention or dig too deep.
posted by anonymisc at 4:38 PM on June 6, 2013 [8 favorites]


BRB founding the Panther Moderns.
posted by Pope Guilty at 4:38 PM on June 6, 2013 [9 favorites]


Twitter is still safe, right?

Yeah, they've consistently been really upfront about every time the gov't asks for information and fought cases in court to protect user privacy. I suspect them not being listed on the slides is deliberate because I have a strong feeling they're fighting this tooth and nail.

Quartz has more info on Twitter in relation to this.
posted by mathowie at 4:46 PM on June 6, 2013 [2 favorites]


Apple and Google have issued carefully worded denials.

I suspect the value of the denials may depend on what constitutes “direct access” to servers or a “back door”. Or they may be straight-out lies.
posted by acb at 4:48 PM on June 6, 2013


A warrant that authorizes the search of everyone's private documents (bounded only by the technological ability to get their hands on them), is a warrantless search. A search warrant for EVERYONE IN THE WHOLE WORLD!!! is pissing on the grave of what used to be a safeguard. Some countries struggle with corruption, the USA just legalizes it.

And FISA is demonstrably not "court oversight", it's an automated rubber-stamping machine. Any humans involved are apparently quite redundant.
posted by anonymisc at 4:48 PM on June 6, 2013 [11 favorites]


I haven't read this, but I imagine that these "requests" don't come free. I recall reading about the telephone companies making a good chunk of change charging for call records.

A FBI / NSA viewing of data costs $X per view/user, and then becomes a profitable revenue stream, especially for companies that "give away" the service like Facebook, Yahoo, Google...
posted by wcfields at 4:50 PM on June 6, 2013 [4 favorites]


So “we do not provide direct access/a back door” could mean “the NSA don't get a firehose to your data, but are billed by the item for each morsel”?
posted by acb at 4:54 PM on June 6, 2013 [1 favorite]


I doubt any of this shit will be used to start new investigations. It's just too vast and dynamic and full of false positives.

Instead, they'll simply look you up in it any time you are confronted by an authority like the police or are standing in front of a bureaucrat's desk or want to transit at a border crossing. Just like they do now with Facebook. Except it's not just your public status updates and public tweets they're looking at, it's your email. Your dropbox. Your text messages. Your Google Documents. Your search history. Your shopping carts, both what you bought, and what you didn't buy. Your browser history, even the incognito stuff. All matched up based on IP address and connection time and trivial heuristics.

It's even better than putting you on surveillance camera; you can hide what you're doing.

But you can't hide what you think. And that's what they've got.
posted by seanmpuckett at 4:54 PM on June 6, 2013 [17 favorites]


And then, as in the Stanford Prison Experiment, those behind the desk, surveying their wretched subjects, their pathetic flaws, weaknesses and foibles, will start to see them as an lower caste, a sort of human cattle.
posted by acb at 5:00 PM on June 6, 2013 [6 favorites]


Trust everyone, make sure everyone has and distributes the information. Be everywhere they want you to be. Be open along with everyone else like you. Be visible. Share an equal number of cat pictures. visit the same destinations. Fill out friend surveys identically. All shop with a Mastercard. If they have kids - you have kids.

Twitter, Facebooker, more productive
a pig
in a cage
on antibiotics
posted by benzenedream at 5:08 PM on June 6, 2013 [4 favorites]




The problem with encryption is that it looks like encryption. So even if you encrypt stuff, they'll know you've been encrypting stuff. And that's a huge flag right there, isn't it. Unless, of course, everyone does it. But why would they? If you trust the government, you have nothing to hide, you won't bother to encrypt. If you don't trust the government, well then. I can only imagine the flags that running a TOR node has been adding to your dossier.

So encryption isn't the answer. Bare encryption, at least, isn't the answer. The answer, if there is one to data privacy, is steganography. Encryption that doesn't look like encryption. It looks like message A, a perfectly normal message, but when looked at with another lens is actually message B. There's steganography apps now that hide text messages and binary files inside web graphics. Neat proof of concept but hardly useful as more than a parlour trick.

What sucks is we don't even have easy-to-use bare encryption yet. Getting to a place where we have easy-to-integrate and rubber-hose deniable steganographic encryption is going to take a lot -- a LOT -- of technical effort and user factor polishing.

Anyway, the best thing to do is to get our own cameras and microphones and record everything that happens to us. Sousveillance -- making your own technically adept recordings of all interactions with authority -- is the only true defence we have against the manipulations, fabrications and elisions of a corruptible state.
posted by seanmpuckett at 5:20 PM on June 6, 2013 [4 favorites]


Twitter is still safe, right?

Not from topical satire accounts.
posted by parudox at 5:21 PM on June 6, 2013 [2 favorites]


You are standing in an open field west of a white house, with a boarded front door.
There is a small mailbox here.


You are about to be eaten by a GRU?

(Or the US equivalent thereof, I suppose).

So “we do not provide direct access/a back door” could mean “the NSA don't get a firehose to your data, but are billed by the item for each morsel”?

I love it, an arms race between the paranoia of government and the greed of corporations to see who can fuck our civil liberties the fastest.
posted by AdamCSnider at 5:23 PM on June 6, 2013 [1 favorite]


If I'd known I was voting for the competent George Bush, I would have voted for the incompetent one.
posted by eriko at 5:24 PM on June 6, 2013 [24 favorites]


So even if you encrypt stuff, they'll know you've been encrypting stuff.

Couldn't you hide in plain sight, putting all your encrypted data on "legitimate" channels like SSL-protected web traffic? If you look like you're buying stuff or doing banking, wouldn't you look like just another patriotic citizen?
posted by Blazecock Pileon at 5:25 PM on June 6, 2013




Hope and Change, baby. Hope. And. Change.

At least he's not a Republican, amirite?
posted by ZenMasterThis at 5:28 PM on June 6, 2013 [6 favorites]


Wait you think the Bolsheviks had the best of intentions?
posted by spitbull at 5:31 PM on June 6, 2013 [1 favorite]


That is, claiming to have the best intentions is business as usual for totalitarians. It's for your own good peasant.
posted by spitbull at 5:32 PM on June 6, 2013


Wait you think the Bolsheviks had the best of intentions?

Some people involved in the revolution must have believed that they were doing it for the greater good. After all, Marxism-Leninism has a pretty seductive eschatological narrative. And there was a fair amount of optimism in the early USSR about being in the early days of a better nation, even as counter-revolutionaries and troublemakers were being rounded up by the secret police. We all know how it turned out, but 20/20 hindsight is easy.
posted by acb at 5:35 PM on June 6, 2013 [5 favorites]


I am starting to believe that Obama is at the helm of a Trojan Horse.

"A fucking toadaso."
posted by Blazecock Pileon at 5:37 PM on June 6, 2013 [1 favorite]


Welp, if there is nothing we can do to stop this kind of invasion of privacy, can we at least twist it and get something useful out of it?

For example, people hire secretaries to sort through their correspondence and help them find what is important. That secretary probably knows what is up. So, maybe we should all open email accounts with one of those high-alert keywords right in our email address or signature. Then, every single piece of your digital correspondence will be flagged! Then, every month, you just file a FOIL to retrieve your sorted emails, tweets, IMs, etc. I would assume that the Feds would have to find a way to sift out all the spam and crap just to find actual direct correspondence. Suddenly, you have the entire NSA working for you as your personal secretary!
posted by This_Will_Be_Good at 5:41 PM on June 6, 2013 [1 favorite]


surely you wouldn't care if you were a LAW-ABIDER

There are thousands of obscure criminal laws. Therefore, nobody is a law-abider; we are all free at the whim of the state, which is why egregious expansion of the state's power is scary.
posted by kengraham at 5:41 PM on June 6, 2013 [12 favorites]


> Couldn't you hide in plain sight, putting all your encrypted data on "legitimate" channels like SSL-protected web traffic?

SSL is only designed to protect you from a man in the middle, not the man in the White House. Once the data is on the servers, it's wide open.

Kim Dotcom may be at times hilarious, but his notion of browser-based encryption has some merit to it; it can only be decrypted by you and other individuals you share the keys with. Except, you know, that using his site is another frigging flag. "Oh you are encrypting stuff!"

Maybe I misunderstand your point, but unless the site has a lot of legitimate uses and a lot of average joe users and ALSO has some way of transiting content that looks just like legitimate use through hub-side traffic inspection AND is also not corruptible by executive and/or court order then it's not much of an answer. Basically it would have to be a Google-type thing that everyone uses legitimately but also has some other functions that are all but imperceptible to those who don't know about them.

But that's what I was talking about: steganography. Looks like A, is actually B.
posted by seanmpuckett at 5:42 PM on June 6, 2013


jaduncan: "I guess this just confirms that one shouldn't trust US cloud services."

You shouldn't trust cloud services to keep your data private or secure period; it's unlikely any country is more secure. I sure wouldn't trust CSIS at any rate not to be scanning every packet and datamining whatever they can get their hands on.

seanmpuckett: "So even if you encrypt stuff, they'll know you've been encrypting stuff. And that's a huge flag right there, isn't it. Unless, of course, everyone does it. But why would they?"

It's plain common sense. I can't believe anyone loads stuff up to cloud services that they want to keep private without encrypting it. And I don't mean using the tools built into whatever company provided client either. It would be a lot harder to insert a back door into say truecrypt then whatever native encryption dropbox is using.

It would be really nice if public key encryption would solve something like the SPAM problem; it would seriously ramp up the amount of encrypted traffic flowing around.
posted by Mitheral at 5:47 PM on June 6, 2013



Nobody is arguing that the government shouldn't be able to identify someone who it reasonably suspects of involvement in terrorism, articulate the circumstances of that suspicion, and set out to collect intelligence about his actions.


If the person in question has not committed a crime yet, I am arguing this. Any resources spent on forestalling extremely remote risks are wasted, and any civil liberties curtailed in the process are curtailed unjustifiably. If the risk is not in fact remote, then any evidence appears to be secret, since reasonably well-informed members of the public are not convinced. I have yet to know about any justified activity carried out under the counterterrorism banner, except for the arrest of people who already committed crimes.

So either they don't pull shit like this, or they make a convincing and independently-verifiable argument for the actual justifiability of stuff like this. The latter involves proving to me that the probability of my being injured or killed by terrorists is several orders of magnitude higher than I currently think it is.
posted by kengraham at 5:50 PM on June 6, 2013 [3 favorites]


So even if you encrypt stuff, they'll know you've been encrypting stuff. And that's a huge flag right there, isn't it.

A judge recently ruled that use of encryption does not constitute reasonable suspicion.

What judges rule is pretty meaningless, since they don't have any oversight, and in rare cases when they do, are too gutless to assert it, and now that the fourth amendment has been successfully interpreted out of all relevance, it all goes double. But should you somehow be allowed to know you're being investigated, and then should you somehow also be allowed to know the reason why you're being investigated, then it would at least be prudent of them to make up a reason which indicated there was something other than personal cryptography.
posted by anonymisc at 5:56 PM on June 6, 2013 [1 favorite]


I've always prided myself on keeping up with the news and being more politically aware than the average guy, but I am gobsmacked at how quickly and nonchalantly freedoms we had only thirty years ago have fucking disappeared.
posted by Benny Andajetz at 6:00 PM on June 6, 2013 [8 favorites]


One unexpected consequence that may come of this: a Hollywood remake of The Lives of Others in a few years time, set in the US.

Wonder whom they'd get to play the contrite Stasi NSA agent. Perhaps Tobey Maguire or one of the Ryans or someone.
posted by acb at 6:01 PM on June 6, 2013 [1 favorite]


The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
posted by Asparagirl at 6:03 PM on June 6, 2013 [6 favorites]




I dare advance that people are becoming paranoid about being spied upon by their government.

Indeed, altought I am not condoning any warantless wiretapping, I don't think any government has the slightest interest into illegally obtaining ANY information about most of you, nor an interest to obtaining legally ALL possible information about you. And if such interest existed, the way and means departments would handle the matter in a fashion that appears to be legal or that actually is legal

I am far more worried by any provision of laws that allows individual or companies to profile somebody and to use the data so obtained in a court to harm or harrass some person, or to discriminate this person on the basis of that data, which may be poorly or incorrectly collected, handled and divulged.

For instance, there may be cases in which, say, a bank, owns or has a controlling interest into a data collecting company, which may "accidentally" forget to purge a bad debtor from their database once all payments are done. Can you see the huge conflict of interest and inherent danger in that?

Consider, for instance, the databases in which data about mortage payments are collected and handled: what if an error occours, what about willful negliglence (to save on costs) causes data corruption? You may be worring a lot about Obama spying on your asses, while some sheriff is on your way to evict you on the basis of some privately held and managed data.
posted by elpapacito at 6:07 PM on June 6, 2013


Note, FWIW, the NTY editorial jeffburdges quotes actually adds the qualifier "on this issue" after "lost all credibility".
posted by We had a deal, Kyle at 6:09 PM on June 6, 2013


Some people involved in the revolution must have believed that they were doing it for the greater good.

Yeah, the Mensheviks. And everyone remembers what happened to them. Oh, wait, no one remembers they existed. Whatever.

In any case, this is one of those "oh, yeah, being proved right doesn't actually feel all that great after all" days for me.
posted by SMPA at 6:10 PM on June 6, 2013 [3 favorites]


Not to derail, but people with access to this information are also Chinese.

I don't know about you, but as a US citizen, I'm way more scared of the US government than of China, or even of some "terrorist" somewhere.
posted by suedehead at 6:18 PM on June 6, 2013 [5 favorites]



I think we were pretty confident that this was happening, weren't we? This is just confirmation.


Yeah... I usually mock the Alex Jones types, but I sorta assumed everything was monitored. And part of me was scared, but part of my sorta assumed it was for my own good.
posted by Charlemagne In Sweatpants at 6:20 PM on June 6, 2013




They named the program PRISM? I can't tell if they have no sense of irony or a deep but dark sense of irony.
posted by Justinian at 6:37 PM on June 6, 2013 [8 favorites]


Call me naive, but I really believed in Obama in the beginning. But now, I think he's a Machiavellian that I personally helped achieve power. My stomach hurts just thinking about everything he's done. He talks a brilliant game, and he'll come out and be deprecating about this just like he has everything else, and then he'll go back and continue doing the sort of evil that Cheney only dreamed of in masturbatory fantasies.

I'm sickened by what our government has become, and I'm distressed that my vote brought it about. Perhaps what I find most disturbing is that I don't know what any of us can do to bring this ship around before we hit the reef.
posted by dejah420 at 6:38 PM on June 6, 2013 [8 favorites]


"That is one reason we have long argued that the Patriot Act, enacted in the heat of fear after the 9/11 attacks by members of Congress who mostly had not even read it, was reckless in its assignment of unnecessary and overbroad surveillance powers."

There is a new price on freedom ... Don't wa(i)ve your rights with your flags
posted by filthy light thief at 6:40 PM on June 6, 2013 [1 favorite]


Call me naive, but I really believed in Obama in the beginning. But now, I think he's a Machiavellian that I personally helped achieve power. My stomach hurts just thinking about everything he's done.

I am having some trouble finding solid ground for my own feelings, as well. I find it hard (though I admit that it's entirely possible) to believe that I could have been so wrong in thinking that a new day might be dawning 5 or 6 years back. I find myself slipping into conspiracy thinking, which is not a good place to go -- that once he won the election, he was taken into the proverbial smoke-filled room, and the real powers told him exactly what he was going to be able to do, and what he wasn't, and most of what he'd won the election so eloquently talking about fell into Bucket #2.

In some ways, that's almost an easier thing to believe for me than to admit I was duped, and that my natural cynicism was so handily disarmed with pretty rhetoric, the carrot of hope, and emotional manipulation. I'd almost rather think he was (and remains) a good man with real ethical backbone who has been entirely shut down by the monsters that actually run the show.

But Occam's Razor, I guess.

Perhaps what I find most disturbing is that I don't know what any of us can do to bring this ship around before we hit the reef.

I'm not sure it can happen, to be honest, within the system. This administration was voted in on a groundswell of support from people who did so in large part as an explicit rejection of the corporatization and lawlessness and contempt for the citizenry of the Bush/Cheney era. That it can prove to be complicit in preserving and extending so many of the republic-destroying policies of that era means, I think, that it's going to be a good long time -- far past the time when the slide can be arrested -- before a candidate who makes promises of real change will trusted, even a little, again. If ever.

A more cunning longterm way of defusing citizen resistance to imperial presidency, corporate interests, surveillance culture, the erosion of individual rights, a growing economic underclass and all the rest could not have been planned. I doubt this was planned, but it doesn't matter, in the end.

It's all very depressing.
posted by stavrosthewonderchicken at 7:01 PM on June 6, 2013 [49 favorites]


But, hey, if you're not doing anything wrong...Amirite???
posted by Thorzdad at 7:06 PM on June 6, 2013


stav has pretty well perfectly distilled everything that's been bumper-carring around my brain the last day or two. This is a shit sandwich, and I don't know whether to feel like I've been duped or grab my tinfoil and un-fluoridated water.
posted by middleclasstool at 7:16 PM on June 6, 2013 [2 favorites]


I don't think any government has the slightest interest into illegally obtaining ANY information about most of you

Until they become interested. It would not surprise me AT ALL if this group of singers were being subjected to extra scrutiny by my state government. Singers. Peacefully singing. Most of them are old retired people.

Oh wait, they're on a watch list and they've been capriciously targeted even after the court struck down the citations.
posted by desjardins at 7:16 PM on June 6, 2013 [5 favorites]


Google Learn about Ron Paul.
posted by resurrexit at 7:25 PM on June 6, 2013 [1 favorite]


Oh hell no.
posted by stavrosthewonderchicken at 7:27 PM on June 6, 2013 [15 favorites]


I'd almost rather think he was (and remains) a good man with real ethical backbone who has been entirely shut down by the monsters that actually run the show.

I posted this link a while back: I Want To Believe.
In it, the author relates a conversation with an honest-to-goodness, Rothschild-blaming, Illuminati-theorizing conspiracist. The author demures, blaming a system of economics, a political structure that makes evil acts not only possible, but necessary, inevitable, without any malevolent intelligence manipulating behind-the-scenes at all.
The kook replies “You guys have a depressing view of the world."
posted by the man of twists and turns at 7:27 PM on June 6, 2013 [5 favorites]


What's a good idiot-friendly encryption email service? drjimmy11 above mentions Hushmail; are there others? Benefits, drawbacks, etc?
posted by cmyk at 7:29 PM on June 6, 2013


Hope and Change, baby. Hope. And. Change.

At least he's not a Republican, amirite?


And while the Bush Administration was trampling all of the same rights, forging documents about nuclear terrorism, and waging wars of opportunity, the other side was saying, "At least Bush isn't a Democrat."

That's one of the biggest problems with the United States. With only two political parties, extreme partisanship not only gets entrenched, but harms the entire country as a result. When there are only two bad choices, sensible policies get thrown out of the window to perpetuate the ruling political engine because they don't have to compromise to form a government. They just pitch camp on one side of the aisle, spread fear about the other party, and continue to pretend to govern. Guess what ends up getting passed? Anything that appeals specifically to elite power, because elite power can still motivate elected officials by threatening to cut off money for their election campaign. They can also count on all of their employees in media to not do anything to get fired or lose access to government officials.

In effect the government, corporations, and the media outlets they own have a natural monopoly on the future. That's why this news has to break in the UK first. Just consider that fact alone, and this comment from a gentlemen in Australia:
The US, as far as I know, doesn't have a specialist Federal privacy regulator; it's handled by the Federal Trade Comission. I suspect this is part of the problem. You don't even have the guys with their feet on the desks. That would be an improvement.

What I meant was, tomorrow morning, every privacy regulator in the world is going to get calls from reporters. They'll ask, 'Is our government doing this?'. We'll say,'No, of course not'. And they'll say, 'Well, how would you know? There could be secret laws!'.

None of us will have a response. I mean, secret court orders. Secret laws. What the goddamn hell.
I'm just some guy trying to get by, like the rest of you, but this is getting serious. The chief enemy of any state is its own people. The chief threat to corporate power is the failure of the state (and thus the financial system). We are in the crosshairs of powerful, merciless institutions, and unless there is some democratic movement to reassert our power over both entities, there is a long and horrible road ahead of us.
posted by deanklear at 7:33 PM on June 6, 2013 [6 favorites]


a system of economics, a political structure that makes evil acts not only possible, but necessary, inevitable, without any malevolent intelligence manipulating behind-the-scenes at all.

Oh, absolutely. I don't, even when I'm at my most tending-towards-kookiness, think that there really is an actual cabal of malefactors in any real sense. There is no smoke-filled room, per se. The 'monsters' I gestured at aren't individuals or even organized groups of individuals. It's the weakening of democratic institutions and the rise of corporate power. It's the changing technology landscape. It's a legal system that punishes the weak and the poor and absolves the rich and influential. It's a poorly educated and disengaged electorate. It's the failure of the media. It's the fallout of Reaganite deregulation. It's the 1% and the 99% percent staring at each other across the trenches. It's entrenched political ideologies. It's the decline of the American industrial base. It's the two party system. It's Endless War. It's fear and anger and the leveraging of fear and anger. It's the collision of a whole hell of a lot of things.

But then, it's a copout, I think, to say something like 'it's just the system.' But it's also naive to absolve individual politicians and civil servants and corporate magnates of responsibility, because even if I don't subscribe to the Great Man view of history, there are men and women in positions of power whose decisions can and do shape the course of things.

I honestly don't know. But the old saw that tells us to watch the money to understand what's really going on is probably the most useful one.
posted by stavrosthewonderchicken at 7:43 PM on June 6, 2013 [5 favorites]


Note, FWIW, the NTY editorial jeffburdges quotes actually adds the qualifier "on this issue" after "lost all credibility".

The New York Times Quietly Softened Its Scathing Obama Editorial
posted by BobbyVan at 7:53 PM on June 6, 2013 [7 favorites]


Apple and Google have issued carefully worded denials.

I suspect the value of the denials may depend on what constitutes “direct access” to servers or a “back door”. Or they may be straight-out lies.
I don't know, these do not seem like particularly crafty denials, they seem to be flat-out and complete denials. There's a summary at TechCrunch that quotes Microsoft as (my emphasis):
We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it.
Apple:
We have never heard of PRISM. We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.
Dropbox:
We’ve seen reports that Dropbox might be asked to participate in a government program called PRISM. We are not part of any such program and remain committed to protecting our users’ privacy.
So either 1) the corporations are flat out and blatantly lying, en masse, to save face, 2) the corporations are flat out lying because they are required to by the government's interpretation of the law, or 3) the slides describing PRISM are inaccurate. I don't know if any one of these is any more likely than the other, but all of them would be a remarkable twist on this story.

I think the denials need a lot more attention.
posted by Llama-Lime at 7:56 PM on June 6, 2013 [11 favorites]


The people saying that this is old news...no, this is not old news. It was common knowledge that the NSA etc. were capturing traffic for analysis, that there was nothing really to be done about it, and that folks like AT&T were routing data there way. That's old news, and yeah, its's bad. But what's new here that they've gone so far past that into explicit collusion with the main private sector silos of personal information that the Washington Post can confidently publish things like:
There has been “continued exponential growth in tasking to Facebook and Skype,” according to the PRISM slides. With a few clicks and an affirmation that the subject is believed to be engaged in terrorism, espionage or nuclear proliferation, an analyst obtains full access to Facebook’s “extensive search and surveillance capabilities against the variety of online social networking services.”
Which sounds about as secure as a porn site clickthrough. "Click here to confirm you're over 18." "Click here to confirm X is believed to be engaged in terrorism."

And apparently WaPo are only able to report on this because some of the people who use them were so horrified that they leaked the information:
Firsthand experience with these systems, and horror at their capabilities, is what drove a career intelligence officer to provide PowerPoint slides about PRISM and supporting materials to The Washington Post in order to expose what he believes to be a gross intrusion on privacy. “They quite literally can watch your ideas form as you type,” the officer said.
This is infuriating.

(Udall, if I were still registered in CO I would campaign like a motherfucker for you.)
posted by postcommunism at 8:05 PM on June 6, 2013 [2 favorites]


Thoroughly enjoying the novel and interesting ways our country fails basic expectations.
posted by Slackermagee at 8:19 PM on June 6, 2013 [2 favorites]


That's the last time I organise jihad via that public facebook group. If you can't trust corporate America who can you trust?
posted by Damienmce at 8:20 PM on June 6, 2013


I don't think "2" is all that a remarkable twist. See Section 203 of PATRIOT and specifically the part that prevents record holders from disclosing to clients that records have been requested/provided.

>: "What's a good idiot-friendly encryption email service? drjimmy11 above mentions Hushmail; are there others? Benefits, drawbacks, etc?"

Drawback: For email for the most part it doesn't matter how cryptographically secure your mail is because practically everyone you send messages to aren't using encrypted mail. So if Hushmail has perfect encryption you aren't hiding anything unless you only send mail to other hushmail addresses (actually not strictly true; they offer a challenge response method of sending encrypted mail but if you don't choose that then the message is sent in the clear. I know that will be unworkable for the vast majority of users unable to set up a key pair). In other words if Google was the one offering encrypted mail (truly encrypted where they weren't handing the keys to the NSA) this would be a lot easier.

Public key encryption is the solution that works across clients and service providers because the encryption is done by the client at either end so nothing gets stored or transmitted in the clear but even though it is fairly straight forward to set up (though ideally keys should be transferred face to face for anti-MINM proofness) it's hard to get people to see the gain in the bother. MUA clients and relays are widely available for even walled garden devices like iOS.
posted by Mitheral at 8:23 PM on June 6, 2013 [1 favorite]


Oh America, you were once such a beacon of light in a dark world, but how eager you are to defile yourself.
posted by blue_beetle at 8:30 PM on June 6, 2013 [2 favorites]



Oh America, you were once such a beacon of light in a dark world, but how eager you are to defile yourself.


C'mon, this isn't just America. I'm sure China does this, and I know Australia wants to
posted by Charlemagne In Sweatpants at 8:39 PM on June 6, 2013 [1 favorite]


Call me naive, but I really believed in Obama in the beginning.
Don't feel bad; the guy spoke like a civil libertarian's dream in the beginning. His promise to filibuster immunity for unwarranted wiretapping had me excited to vote and caucus for the guy in the 2008 primaries, despite fears and disagreements on other issues.

Shortly afterward, he voted for a bill of the sort he'd been promising to filibuster. At that point the great speeches just seemed like smoke and mirrors; I ended up voting third-party. Developments since then have been a little disappointing but not very surprising.

I'm not sure why he tipped his hand before a close general election, though. I suppose there was no danger of civil libertarians voting for McCain, but "third party protest vote" and "not wasting an hour at the polls" were surely dangerous factors in the race.
posted by roystgnr at 8:40 PM on June 6, 2013


All the tech company denials were added to rapgenius, where you can mark up specific words and phrases. It does seem like each company chose their words very carefully.
posted by mathowie at 8:46 PM on June 6, 2013 [6 favorites]


They really need to change the name of rapgenius.

Isn't this the plot of Person of Interest, but there it's benign?
posted by Charlemagne In Sweatpants at 8:47 PM on June 6, 2013


Thank you, Llama-Lime, for some perspective.

I think a ton of things need more attention in this, right now the biggest charges leveled in the WaPo article seem to be that the government can, through a loophole in the law around this, sift through the private data of American citizens who got swept up in the x (supposedly usually 2) degrees of separation net around supposedly foreign citizens, the "51% certainty" thing with determining "foreignness", and the whole shadiness around FISA. Which are really fucking big problems, but they didn't present evidence that abuse of these powers has taken place, just evidence that someone(s) involved in the intelligence community felt it morally objectionable on their totally unknown-to-me moral barometer and (bravely!) leaked it. Is it likely there is abuse? My gut says hell yes, but my gut doesn't know shit about the actual evidence.

Obama went on record recently about the need for Congress to limit his and future Presidents' power and wind down the idea of a War on Terror (and oh hey look they don't want to), and there are all of these denials by the companies involved (and the conspicuous absence of other companies, like Twitter, raises the possibility that there's no coercion), there's no smoking gun evidence of intentional abuse of power, (though there is evidence of something that needs to be fixed before it can be abused), there's wiggle room in the wording of some accusations - "directly from the servers" - which servers? What's on them? Could be anything from deep info on basically anyone they want deep in the guts of the service to specific info on a few people that was court-ordered in the x degrees of separation thing on a damn FTP server.

So I guess I want to see how this shakes out? See some evidence of what's really happening before accusing anyone of abusing power? I do want to see those holes in the laws around this plugged, and I do want to see this investigated thoroughly. But right now I barely know more about the documents the WaPo has and who they got them from than I know about what's really going on in the NSA. For all I know those PRISM docs are nothing more than a proposed system that was shot down.
posted by jason_steakums at 8:48 PM on June 6, 2013 [2 favorites]


I'm finding it ironic that just a month ago I was celebrating the Obama administration issuing an executive order mandating a strong open data policy. But maybe as VIbrissae led off in today's other privacy thread, two-way transparency is the best we can do. I don't think a direct sousveillance campaign will work, since any attempt to organize that will be viewed as treason, but I have the image of two dogs chasing each other's tail. For instance, they trawl all our phone calls, but we demand and receive detailed accounting of how all money flows through the system. That there is no cabal at work here, as stavros says, could allow for a bit of countervailing power to emerge.
posted by Numenius at 8:49 PM on June 6, 2013


The companies involved are legally obligated to deny involvement in these programs.
posted by dirigibleman at 8:50 PM on June 6, 2013 [5 favorites]


Having read the Freep (Free Republic) mock threads, i'm kinda glad that somebody is watching them
posted by Charlemagne In Sweatpants at 8:53 PM on June 6, 2013


The companies involved are legally obligated to deny involvement in these programs.

They would also deny involvement if they actually weren't involved. I just want to know a lot more about what's going on before jumping to any conclusions.
posted by jason_steakums at 8:54 PM on June 6, 2013


The companies involved are legally obligated to deny involvement in these programs.

It's possible they could be legally obligated not to admit involvement. But they could simply remain silent if that were the case.
posted by Justinian at 9:04 PM on June 6, 2013


I don't believe anyone anymore.
posted by desjardins at 9:24 PM on June 6, 2013 [11 favorites]


If the company denials are accurate and not lies, then there are a few more possibilities as well: 4) the system for obtaining warrants on particular accounts has been completely automated and appears as a normal request to the tech companies, and 5) PRISM is a literal prism on fiber optic cables that captures traffic from internet backbones and the NSA has compromised the root certificates that encrypt traffic for these companies. Compromised root certificates for SSL would be quite the accomplishment, so I'm not sure how realistic that is, but if anybody has the resources to do that, it's the NSA.

It's one thing to issue a "no comment" or to wait to get back to the press, but it's another to actively deny the story, immediately, as it is developing.
posted by Llama-Lime at 9:26 PM on June 6, 2013 [8 favorites]


Anonymous/LulzSec oughta hack their way into one of the massive spambot operations, take it over, and modify the text generator to insert NSA-bait words like 'jihad' into the normal BIGWEINER CIALIS PHARMACY nonsense.

Not going to make anything better, but 10 million buckshot emails a day designed to annoy them instead of us might be amusing and might make life harder for any domestic spy-apparatus datamining operation.
posted by stavrosthewonderchicken at 9:30 PM on June 6, 2013 [7 favorites]


It sounds like after the denials, the Washington Post is kind of back-pedaling on some of the details. This could mean the PRISM program has access to ISP nodes that give them access to data on popular services without the services knowing, or that they have other means of getting information without a backdoor. I suspect in the next couple days more details will come out and hopefully, it's not as bad as we originally thought but I also fear it could be much worse (where they get our data and companies can't do anything to stop them).
posted by mathowie at 9:33 PM on June 6, 2013 [6 favorites]


Justinian: "It's possible they could be legally obligated not to admit involvement. But they could simply remain silent if that were the case."

While intellectually we here at Metafilter can accept the validity of a no comment as not being an admission of guilt the vast majority of the public would equate no comment or even straight up silence as an admission that the companies were cooperating.
posted by Mitheral at 9:38 PM on June 6, 2013


I suspect in the next couple days more details will come out and hopefully, it's not as bad as we originally thought

and

The New York Times Quietly Softened Its Scathing Obama Editorial

Here's what I think's going to happen: Over the next hours and days, a series of people and institutions are going bow to almost unimaginably intense pressure to retract, soften, and generally defuse the allegations here. Within a couple of weeks the groundswell of outrage is going to be fractured into rapidly disintegrating and increasingly conspiracytheorist ideological islands, the apologetics for whatever kind of civil liberties abuses the administration cares to commit will get ratcheted up to like a billion on whatever that scale is, and pretty soon we're back to square one: Everybody who can really think it through knowing this shit is going on and being absolutely unable to do anything about it.

I would love to be wrong.
posted by brennen at 9:47 PM on June 6, 2013 [26 favorites]


So to expand on a previous comment, is there anything an individual can do to protect themselves and their communications? Someone already mentioned SSL is no help, and unless there was universal end-to-end encryption that won't get you anywhere either.

Would using a small email provider even help, since just about everyone else uses one of MS-Google-Yahoo? I don't have my own email server or the expertise to run one, so that's out. Would setting up a desktop email client (Thunderbird, et. al) to download and delete the email from the servers make a difference? (Of course, that makes it complicated to use a smartphone.)

It's looking to my simple brain that there's no giant-headache-free way to protect one's self from this intrusion. And that's the most evil part.
posted by OHSnap at 9:47 PM on June 6, 2013


Here's what I think's going to happen

It's already happening.
posted by Blazecock Pileon at 9:49 PM on June 6, 2013


Rachel Maddow did a great piece on the recent history of all this tonight: Congress regularly complicit in US spy programs
posted by homunculus at 9:50 PM on June 6, 2013 [2 favorites]


So to expand on a previous comment, is there anything an individual can do to protect themselves and their communications?

Paper letters with wax seals?
posted by desjardins at 9:51 PM on June 6, 2013 [4 favorites]


Over the next hours and days, a series of people and institutions are going bow to almost unimaginably intense pressure to retract, soften, and generally defuse the allegations here

I agree, but I have been watching some arguments on Twitter and elsewhere and it seems like there could actually be a disconnect between the author of those slides and their level of technical knowledge, and the level of technical knowledge of me and my peers who understand quite a bit about programming and networking. The discrepancy could be actual differences in what services are being monitored and to what extent, without it being just caving to law enforcement.

I'm awaiting more technical details of how this program works, so far we've just heard it exists and seen some promotional internal slides, they could have flubbed a lot of the technology.
posted by mathowie at 9:52 PM on June 6, 2013 [3 favorites]


1984 and 1984 and 1984 and, does any one have some good ascii art for this?
posted by localhuman at 9:52 PM on June 6, 2013


It's already happening.

Yeah, I mean, I wasn't exactly going on out on a limb with that one. The NYT looked for about 10 seconds like they were going to hold some feet to fires, but it sure looks like they've given up.

So to expand on a previous comment, is there anything an individual can do to protect themselves and their communications?

The problem with e-mail is e-mail, more or less. Outside of a handful of people going to the trouble of seriously using PGP/GPG, you have to assume pretty much everything is being read.

The problem with pretty much everything else in widespread use is that we all gave up on protocols that aren't implemented as massive applications on top of other people's massive hardware stacks, which was pretty much the best imaginable way for institutional control to be preserved and strengthened in the face of things like the Free Software movement.

In short: We're all fucked.
posted by brennen at 9:53 PM on June 6, 2013 [4 favorites]


so far we've just heard it exists and seen some promotional internal slides

I'm absolutely giving the WaPo the benefit of the doubt, because I don't think they'd publish this without being really sure of their source, but at the end of the day what we've seen are supposedly internal slides.
posted by jason_steakums at 9:57 PM on June 6, 2013 [1 favorite]


So to expand on a previous comment, is there anything an individual can do to protect themselves and their communications?

Open Whisper Systems on Android for encrypted text and voice.
posted by goat at 10:06 PM on June 6, 2013 [3 favorites]




DNI Statement on Activities Authorized Under Section 702 of FISA

Thanks for that! So:

Yes, it sounds like the slides are real. And, emphasis mine:

"It cannot be used to intentionally target any U.S. citizen, any other U.S. person, or anyone located within the United States."

"They involve extensive procedures, specifically approved by the court, to ensure that only non-U.S. persons outside the U.S. are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about U.S. persons."

So yeah, it sounds like a program in serious need of further restriction, because there's obvious potential for abuse. And good on the Washington Post and the person who leaked it, because that's a conversation that needs to happen.

I'd still really love to know to what extent the companies are involved. They're referred to as "providers" in the slides we've seen, which could mean they provide info in the sense that there's a cooperation, or they provide information in the same way a tree provides fruit - it's there for the picking. PRISM could be a tap into fiber lines as speculated above, it could be a system where the analysts in the NSA request information from search crawlers and account password crackers in the NSA, it could be a LOT of things other than "ring up Microsoft and get everything they have on this guy". Note that the Washington Post's annotations on the slides say that they're "participating providers", and that "each company joined the program", but the slides themselves only say "When PRISM collection began for each provider".
posted by jason_steakums at 10:27 PM on June 6, 2013 [2 favorites]


What genius names a data panopticon with an acronym that rhymes with "prison"? Isn't this one of the reasons we don't want this? Stupidity?

---

Also, just dipped in here, but any perspective on the various denials and disavowals of knowledge from the bumpersticker logo people? Could the providers' participation include a requirement of disavowal?
posted by mwhybark at 10:31 PM on June 6, 2013


Compromised root certificates for SSL would be quite the accomplishment, so I'm not sure how realistic that is, but if anybody has the resources to do that, it's the NSA.

Given the close relationship with the US government that the big certificate issuers have had, historically, it's probably much more likely that they simply handed the NSA the private keys (or were subject to a secret court order requiring them to do so) than that they cracked them.
posted by junco at 10:32 PM on June 6, 2013 [5 favorites]


followup, yes, some discussion of the denials. Nothing particularly clarifying, though.
posted by mwhybark at 10:48 PM on June 6, 2013


All these tech companies are claiming they didn't have any knowledge, not just publicly but anonymously to journalists as well. I actually wonder if this hasn't been done without their knowledge.

Here's the thing: The NSA has been offering companies help with keeping their networks secure. The chart there says google 'joined' in 2009. Google announced they'd been hacked in Jan of '10 presumably the hack and the cleanup were in '09.

So, I wonder if the NSA has actually been using their "security services" as a cover to go in, map out networks, and install monitoring systems with the claim that they are only there to enable the NSA to actively monitor and try to deny "cyber attacks" when in reality those systems comprise PRISM.

It seems unlikely but it seems more likely that the corporations involved would say stuff like "we can't comment on that" instead of what seems like actual surprise.

Another possibility is that they have insiders working at high levels in these companies without the knowledge of the CEOs, etc.

Or, obviously, it's entirely possible the CEOs and execs are just lying and do know about it.

And of course it could be that the slides are fraudulent, in which case someone managed to fake out both the Guardian and the WaPo. Plus, the government itself did confirm that the program exists. From the article:
In a statement issue late Thursday, Director of National Intelligence James R. Clapper said “information collected under this program is among the most important and valuable foreign intelligence information we collect, and is used to protect our nation from a wide variety of threats. The unauthorized disclosure of information about this important and entirely legal program is reprehensible and risks important protections for the security of Americans.”
So, while the companies may be denying involvement, the government itself is not.
So either 1) the corporations are flat out and blatantly lying, en masse, to save face, 2) the corporations are flat out lying because they are required to by the government's interpretation of the law, or 3) the slides describing PRISM are inaccurate. -- Llama-Lime


You missed 4) They've been "opted-in" without their knowledge, or at least without the knowledge of the people in charge.
Also, given how Bradley Manning is being treated, I'm amazed anyone with knowledge of the PRISM program would ever blow the whistle on it. How long until we get someone's name trotted out and imprisoned for this? -- mathowie
Bradley Manning used basic crypto tools to get document to Assange, and the only reason he got caught was because he trusted some random person no IRC with his secret.

Whoever leaked this is obviously a high-ranking person in the NSA, and my guess is he or she won't trust the wrong person. If they had any sense they'd have leaked it to journalists without ever telling those journalists who they are at all, making it impossible for them to give them up.
...SSL is only designed to protect you from a man in the middle, not the man in the White House. Once the data is on the servers, it's wide open.

Kim Dotcom may be at times hilarious, but his notion of browser-based encryption has some merit to it; it can only be decrypted by you and other individuals you share the keys with. Except, you know, that using his site is another frigging flag. "Oh you are encrypting stuff!"

Maybe I misunderstand your point, but unless the site has a lot of legitimate uses and a lot of average joe users and ALSO has some way of transiting content that looks just like legitimate use through hub-side traffic inspection AND is also not corruptible by executive and/or court order then it's not much of an answer. Basically it would have to be a Google-type thing that everyone uses legitimately but also has some other functions that are all but imperceptible to those who don't know about them.
-- seanmpuckett
Look. You don't know what you're talking about and you're basically spreading false information, which you seem to have just made up. You really need to stop. Not only are you wrong but you're giving people false information about how to keep themselves secure.

There are tons and tons of small sites that use ssl/tls. I have, for example setup a source control system on a personal server of mine, obviously I don't want to transmit my source code in plain text, so I have it setup to use https. Also, every single person who connects to a unix system command line uses ssl/tls when they connect using SSH.

What you're saying about any encrypted traffic being a giant 'red flag' is ridiculous. There are a huge number of people connecting to systems that very few other people connect to using either SSH or https. If the NSA were trying to use making an encrypted connection as a red flag, they would basically have 'red-flagged' every single IT person.

That said, this does not help with person-to-person cryptographic messages. If you and a friend setup a web server with a simple message board and had it running through https, then your messages would be encrypted and unavailable to the NSA or anyone else, unless they hacked the server. Or, you and a friend could both SSH into the same unix host to talk. Again, you'd be secure unless the server was hacked.

But, that's a lot of work, and it leaves you open to the possibility of having your server hacked, and more importantly it would mean only people capable of setting up their own servers could keep things secure.

But either way the idea that there isn't a lot of 'routine' encrypted traffic on the internet is ridiculous.
What judges rule is pretty meaningless, since they don't have any oversight, and in rare cases when they do, are too gutless to assert it, and now that the fourth amendment has been successfully interpreted out of all relevance, it all goes double. But should you somehow be allowed to know you're being investigated, and then should you somehow also be allowed to know the reason why you're being investigated, then it would at least be prudent of them to make up a reason which indicated there was something other than personal cryptography.
Well, beyond that if it's encrypted then they can't get it without your permission no matter what, because you have to give them the key.
Indeed, altought I am not condoning any warantless wiretapping, I don't think any government has the slightest interest into illegally obtaining ANY information about most of you,
The keyword is 'most'. I'm sure that the government is interested in information about this user for for example
posted by delmoi at 10:56 PM on June 6, 2013 [14 favorites]


Every time there's a patriot act related thread, people get upset, become angry at bush or obama, blame congress and then totally and completely forget about it. Then more patriot act news comes out, people get upset, become angry at bush and/or obama, blame congress and then totally and completely forget about it.

Am i somehow wrong in thinking this is exactly what the patriot does and what it was intended for? that it was reauthorized by congress 3 or 4 times, with plenty of opportunities to vote the yeas out, primary whatever president signed it this time and march on the reflecting pond? how many people even wrote so much as an email to their senator asking them to vote against reauthorization? i know i didn't and both my senators voted for it and were reelected afterward.

we can point fingers all we like, at politicians, media or the other side, but, as the tea party shows, if you have the political will you can primary powerful senators and representatives who have been in office for decades and replace them with just about any schmuck. the american people haven't done anything about the patriot act because they don't really give a shit.
posted by stavrogin at 11:03 PM on June 6, 2013


I always wonder how many people are purposely creating easter eggs for users of the cloud to butt plugin.

Aside from you, you dirty dirty scamp?
posted by FatherDagon at 11:08 PM on June 6, 2013 [1 favorite]


Given taht all the companies are American and this is being done to protect America, what about everyone else on this planet who uses Microsoft, Skype, Youtube, Google, Gmail bla bla bla?

Essentially the whole world, and more coming online everyday from places like Africa and Asia and South America as smartphones get cheaper and cheaper.

Soon, 300 million people will be watching the other 6.5 Billion like a hawk... ooo...

Hidden in plain sight indeed, lol.
posted by infini at 11:26 PM on June 6, 2013 [2 favorites]


Let's hope the NSA used people from the Romney 2012 ORCA team to develop PRISM. If that is the case, we can be sure they will not be able to listen to anyone.

But we all might have to self-deport.
posted by lampshade at 11:31 PM on June 6, 2013


Given taht all the companies are American and this is being done to protect America, what about everyone else on this planet who uses Microsoft, Skype, Youtube, Google, Gmail bla bla bla?


Legally that's all they're allowed to monitor this way. Not americans.
posted by empath at 11:37 PM on June 6, 2013


Not an american here, meself, and not in america either.

What do we (Rest of the World) do? We don't have a say in this at all.

I'll bet you 50 cents that we'll see a worldwide drop in users of the services, even as alternatives are developed and launched out of the tech circles located everywhere else in this era of s/w outsourcing.

Wonder what tunnels have been dug under good old MG Road in Bengaluru?
posted by infini at 11:49 PM on June 6, 2013


infini, I think we can be safe (for a few years) in the knowledge that the Indian government is too incompetent to dig tunnels under our MG Road (or atleast until some company sells them the surveillance software, a la Great Firewall).
posted by Idle Curiosity at 12:10 AM on June 7, 2013


What about this then?
posted by infini at 12:52 AM on June 7, 2013


Legally that's all they're allowed to monitor this way. Not americans.

Bear in mind shared intelligence operations. For example, it's common knowledge that the US spies on British citizens on behalf of the UK government and shares the intel; and that the Brits return the favour with GCHQ and share their intel on US citizens with the NSA. Both have some restrictions on spying on domestic citizens, but very few on foreigners, so by doing each other's dirty work and sharing the results they skirt what limited protections remain.

Not that that would necessarily be admissable in a court - but the security services are notoriously shy about their work ending up in a public court anyway. Instead, it results in people ending up in places like the CIA black site in Poland via extraordinary rendition for example, with the active assistance of the British government and their airbases.

The UK home secretary is pushing hard to reintroduce the Snooper's charter to require ISPs et al, including american ones, to keep a lot of logs on brits, and the Culture secretary is also pushing the ISPs and service providers hard over more censorship and logging on copyright infringement, 'material likely to incite' and faked child porn. But this is much more about giving the sort of access the security services already have to the police and other domestic bodies, without having to route the requests via a foreign agency.

Ah, but the US companies require warrants. Such as the rubber stamped FISA warrants, perhaps? They can truthfully say they don't give the US government direct access to their servers, and require warrants for every request, while simultaneously passing over a firehose of information on a massive list of users all covered by a broad FISA warrant.
posted by ArkhanJG at 12:57 AM on June 7, 2013 [4 favorites]


I wonder if the WTO is concerned about this being industrial espionage, especially if Blackberry communications are hoovered up. Hypothetical NSA to Telco sweetener: "You hand us over the client data and we'll give you some useful information in return. It's in both our interests to keep this quiet. So, who's your closest competitor in Europe/Asia?"
posted by guy72277 at 1:00 AM on June 7, 2013 [1 favorite]


This came out in 2004 in Wired. They've been talking about it since then regularly. The NSA has giant boxes set up that hoover up American data and sift through it. I guess I'm surprised only by the surprise. Or, maybe someone can tell me: how is this different from what they've been doing for the last 8 years?
posted by professor plum with a rope at 1:51 AM on June 7, 2013


I hope, for their sake, that the person in the NSA who has to wade through all my emails and picture attachments likes cats.
posted by Wordshore at 2:34 AM on June 7, 2013 [1 favorite]


delmoi: "What you're saying about any encrypted traffic being a giant 'red flag' is ridiculous. There are a huge number of people connecting to systems that very few other people connect to using either SSH or https. If the NSA were trying to use making an encrypted connection as a red flag, they would basically have 'red-flagged' every single IT person. "
This might be a good place to link to HTTPS Everywhere.
posted by brokkr at 3:33 AM on June 7, 2013 [2 favorites]


5) PRISM is a literal prism on fiber optic cables that captures traffic from internet backbones and the NSA has compromised the root certificates that encrypt traffic for these companies. Compromised root certificates for SSL would be quite the accomplishment, so I'm not sure how realistic that is, but if anybody has the resources to do that, it's the NSA.

The Iranian intelligence agency is believed to have compromised several certificate agencies (including Comodo) and obtained the capability to create forged certificates for Google, Facebook or whoever they wished to monitor, so why would it be beyond the NSA's capability?
posted by acb at 3:58 AM on June 7, 2013


I wonder how advanced the NSA's automatic analysis software is. If they're hoovering up all phone call metadata, Facebook chats, shared pictures, email attachments, purchase records and such for everyone (or for a broad list of “persons of interest”, i.e., people with Arabic names/brown skin/phone GPS logs which place them within 30ft of two Occupy demonstrations), that's a lot of data for intelligence officers to manually leaf through, but also a lot of data which could build up a detailed model of the psychology of the subject.

Could the NSA have a system which, when run on the data coming in, creates dossiers on all subjects, flagging any characteristics which may be useful if the subject ever becomes a person of interest or if a modicum of force ever needs to be brought to bear effectively upon them? I.e., determining whether someone is paranoid, narcissistic, has issues with authority, is particularly susceptible to flattery or intimidation, feels guilty about their relationship with their parents, is more likely to have cheated on their taxes or their partner, is likely to be hiding something, or similar.
posted by acb at 4:14 AM on June 7, 2013 [1 favorite]


Could the NSA have a system which, when run on the data coming in, creates dossiers on all subjects

I'd have thought the guy who invented the PoMo generator would recognise both the potential (and ultimate ridiculousness) of natural language processing ;)
posted by Jimbob at 4:20 AM on June 7, 2013


When I was studying computer science in the 1990s, I got the impression, from seeing research papers, that the CIA/DARPA spend a lot of money on AI research for intelligence analysis. One holy grail of CIA-funded research was automated “gisting”, i.e., creating systems to summarise text in a meaningful fashion. This is a hard problem, given that such a system would have to have semantic knowledge about what the text is about.

Assuming that the US intelligence establishment has kept up its investment in AI research, I can imagine that building up profiles on the subjects of all this data that's being hoovered up would have become a matter of priority, with hundreds of millions of dollars thrown at it. (What's the US “black budget” these days; somewhere in the trillions?) And given the results that data mining has had in the private sector (remember the story about the angry father demanding why Target was sending his teenage daughter coupons for nappies and prams, and then apologising a few weeks later when she confessed that she was actually pregnant?), it's not implausible that with the vast volumes of data the NSA could have on each person, and sufficient computing power (think the Utah data centre) and research in AI, they could get an automated list of which buttons are likely to be most effective to push on any random member of the public.
posted by acb at 4:58 AM on June 7, 2013 [2 favorites]


(The research papers I saw as a student were, of course, all public and unclassified; they would have been only the tip of the iceberg, with the particularly juicy research happening in secret.)
posted by acb at 4:59 AM on June 7, 2013


Why metadata matters:
Jane is at 16th & L Street for an hour.
Carla is at 16th & L Street for four hours. She's had a short visit
previously.
James is at 16th & L Street for twenty minutes. He comes back at the
same time every week.
Kris is at 16th & L Street for ten hours.
Rick is at 16th & L Street for eight hours every night.
Samantha has been there for three days and four hours.

16th & L Street is the address of a Planned Parenthood in Washington, DC.
posted by acb at 6:17 AM on June 7, 2013 [9 favorites]


Isn't this the plot of Person of Interest, but there it's benign?

Not to derail, but actually in that show it is far from benign. In fact, the greatest regret the main character has is that back in the day, he willingly handed his proto-AI over to the US government, which he now knows is completely untrustworthy.
posted by theatro at 6:19 AM on June 7, 2013


Couple of overnight links from Twitter:

Andy Baio: An NSA presentation on big data, testing a 1 PB network graph with 4 trillion vertices: pdl.cmu.edu/SDI/2013/slide… Purely theoretical, I'm sure.

(link is to PDF of unclassified NSA slide deck citing a power-only annual cost of $7m to conduct persistent analysis of a specifically-defined social graph, if I followed the info. please note, this deck was clearly NOT produced by the chartjunkie that produced the PRISM deck)

Dan Sinker: Wait, so Palantir, gov contractor and company named after the seeing stones of LOTR, has software called Prism? http://t.co/fajYGgI9M7

(Anonymous source notes that Palantir's offering of a product called Prism might add a layer of plausible deniability to back up the provider denials)
posted by mwhybark at 7:13 AM on June 7, 2013




acb: "Why metadata matters:
Jane is at 16th & L Street for an hour. [...]
"
While I agree with the sentiment, that's not "metadata". It's just data.
posted by brokkr at 7:31 AM on June 7, 2013



Dan Sinker: Wait, so Palantir, gov contractor and company named after the seeing stones of LOTR, has software called Prism? http://t.co/fajYGgI9M7

(Anonymous source notes that Palantir's offering of a product called Prism might add a layer of plausible deniability to back up the provider denials)
Oh god I saw that linked on talking points memo and it has to be the most moronic 'conspiracy theory' ever. It's based entirely on the existence of these two pages being googleable https://docs.palantir.com/metropolisdev/prism-overview.html and https://docs.palantir.com/metropolisdev/prism-examples.html.

It's just a program someone can download to a PC, configure, and run to import data from a couple of standard database systems so you can pull it into Palantir, specifically from MySQL, Postgres, Oracle, something called Netezza and plain text comma separated lists.

Not to say that Palantir doesn't work with the government in some way or other, but the fact that the NSA's PRISM and Palantir's Prism tool have the same name is obviously just a coincidence.
While I agree with the sentiment, that's not "metadata". It's just data.
Uh... all metadata is data. In the example the location data is "meta data" where the "data" would be something like conversations that took place while the people were there.
posted by delmoi at 7:36 AM on June 7, 2013 [1 favorite]


...or the (GPS / cell tower / local network) derived location info that your mobile provider is logging about you at high resolution all day long.
posted by brennen at 7:42 AM on June 7, 2013


...or the (GPS / cell tower / local network) derived location info that your mobile provider is logging about you at high resolution all day long.
Well, the above would not be metadata of that data, it would just be a summary of that data. Metadata is just data about other data that tells you what it's supposed to be and how it should be used. So for example, the headers in your email are data, and they explain where the email should go and who it's from. But on the other hand if you took all your email and packed it into a zip file, those headers would be a part of the 'data' in the zip, while the metadata would then be the file name, size, the fact that it's a zip file, etc. The difference between metadata and data can be context sensitive.
posted by delmoi at 7:46 AM on June 7, 2013


Washington Post backtracks on claim tech companies ‘participate knowingly’ in PRISM data collection
The Washington Post published an investigative report uncovering the government-run PRISM program, which allegedly monitored US citizen’s Internet activity illegally, but now the paper is stepping away from its initial claim that nine tech firms knowingly provided data to the government.
posted by BobbyVan at 7:55 AM on June 7, 2013 [1 favorite]


How PRISM might hurt the US tech industry abroad

This, I think, is the biggest point of leverage. If Google et al's bottom lines are hurt through association with NSA spying, then there might be a true countervailing force.
posted by Cash4Lead at 8:12 AM on June 7, 2013 [3 favorites]




As far as I can tell the only similar countervailing force that might be even remotely effective at scale is for every data centre to move off American soil and for all data transiting the US to be point-to-point encrypted. Except, of course, that packet routing data still reveals who is talking to whom. And that's the data that really matters: the connection graph.

So we're back to sousveillance, really. They're going to watch us. We have to watch them back. To what end? Well, it won't matter if they want to just dissappear you, but for simple legally groundless harassment, it's a lot easier to make a public case if you have it all on a memory stick somewhere.
posted by seanmpuckett at 8:18 AM on June 7, 2013


So we're back to sousveillance, really. They're going to watch us. We have to watch them back.
Great plan except for the part where that's not even physically possible.
posted by delmoi at 8:23 AM on June 7, 2013


Gizmodo: Anonymous Just Leaked a Trove of NSA Documents

On an initial skim of the pdf they linked, this seems to be entirely about the DOD's Global Information Grid, which is NOT the Internet we're all using. It's a network for information-sharing between US forces.
posted by jason_steakums at 8:27 AM on June 7, 2013 [1 favorite]



What do we (Rest of the World) do? We don't have a say in this at all.


YES! Come over here and burn our house down.
posted by QueerAngel28 at 8:32 AM on June 7, 2013 [1 favorite]




Also, ZERO matches for "prism" in any of the docs Anonymous released. Their pastebin press release states "These documents contain information on the companies involved in GiG, and Prism." GIG seems like an extension of stuff like SIPRNet, NIPRNet, JWICS, etc, and Prism isn't mentioned anywhere in the docs.
posted by jason_steakums at 8:34 AM on June 7, 2013


Also, the only place in the Anonymous leak I've seen mention of the companies supposedly involved with PRISM is in "insa-spies.pdf", which lists two Microsoft employees and one Google employee, and a bunch of people with Yahoo email addresses. There's also a substantial section of name removal requests that are basically "Uh, why is my name on this list? I have nothing to do with INSA", some requests give the impression that this list was pulled from someone's website that was supposedly a collection of "spies". This is what INSA is, btw.
posted by jason_steakums at 8:49 AM on June 7, 2013


IMPORTANT NOTICE:

It has recently been reported that the United States Government monitors all internet activity to seek information about possible NATIONAL SECURITY risks.

Yet here you are looking for information about the most secret NSA data center in history. You do get the irony here, don't you? The very fact that you are looking for this information will likely be stored at some point inside the Utah Data Center!

Now, you can hit OK to confirm your intention to seek information on this TOP SECRET NSA data center or you can turn off your computer and maybe just go outside for some fresh air.

But don't bring your phone with you because, well.... Just take a nice walk somewhere where there are no surveillance cameras around. Maybe go look for a nice big open field. And if you see a small drone flying overhead, be sure to wave.

Proceed citizen.
posted by scalefree at 9:27 AM on June 7, 2013 [1 favorite]


President Obama: “If people can’t trust not only the executive branch but also don’t trust Congress, and don’t trust federal judges, to make sure that we’re abiding by the Constitution with due process and rule of law, then we’re going to have some problems here.”
posted by BobbyVan at 9:49 AM on June 7, 2013


*Changes user name to Section 215 to feel relevant again*
posted by Room 641-A at 9:53 AM on June 7, 2013 [12 favorites]


I'm sure you can deal with "some problems" using wiretaps, drones and warrantless seizure, Barry.
posted by seanmpuckett at 9:54 AM on June 7, 2013 [1 favorite]


“If people can’t trust not only the executive branch but also don’t trust Congress, and don’t trust federal judges, to make sure that we’re abiding by the Constitution with due process and rule of law, then we’re going to have some problems here.”

I mean, I get what he's going for, this is what checks and balances are supposed to check and balance. But people have good reasons not to trust the executive branch, Congress and federal judges individually, so it's incredibly shaky ground when they're all expected to be trusted with our privacy and basically saying "these particular people involved won't abuse it" is nothing like assurance. Just throw us a bone, not every detail needs to be made public but you can at least release redacted FISA transcripts and redacted minutes from Congressional and Executive meetings or something so we can see the scrutiny and reasoning of the judges in a broad sense. Some civilian watchdogging from the EFF and ACLU would be pretty nice, too, I'm sure there are individuals in those organizations that can be trusted with security clearances.
posted by jason_steakums at 10:06 AM on June 7, 2013 [3 favorites]


Especially when it's not even the supreme court but random anonymous federal judges appointed specifically for that job by the executive branch on the judicial side, and just a handful of congresspeople who aren't even allowed to discuss it on the congressional side.
posted by delmoi at 10:19 AM on June 7, 2013 [3 favorites]


“If people can’t trust not only the executive branch but also don’t trust Congress, and don’t trust federal judges, to make sure that we’re abiding by the Constitution with due process and rule of law, then we’re going to have some problems here.”

Exactly. It's so unfortunate that out of this many people, none were trustworthy.
posted by mullingitover at 10:39 AM on June 7, 2013 [3 favorites]


Washington Post backtracks on claim tech companies ‘participate knowingly’ in PRISM data collection

It's a bit confusing, because if it's being done without their knowledge, 1) why did each company show up at a different time, and 2) why not Twitter?

Unless they have installed black boxes by hand secretly into all these companies' networks without anyone there noticing, which I guess is possible but really? I can't see how you could get access to everything Google has on all its servers in all its datacenters without Google's help or at least awareness. And why not Twitter?
posted by BungaDunga at 10:58 AM on June 7, 2013


And why treat Google and YouTube as separate entities?
posted by jason_steakums at 11:00 AM on June 7, 2013




Remember, folks, the bad one is NSA, the good one is NASA.

[wistful sigh] What if those trillions had gone to the other one.
posted by seanmpuckett at 11:41 AM on June 7, 2013 [3 favorites]


“If people can’t trust not only the executive branch but also don’t trust Congress, and don’t trust federal judges, to make sure that we’re abiding by the Constitution with due process and rule of law, then we’re going to have some problems here.”

I think we just found out again exactly how much we can trust each of those institutions. Due process and the rule of law aren't dead in this country yet, but it sure as shit ain't for lack of trying.
posted by brennen at 11:56 AM on June 7, 2013 [2 favorites]


I find it odd that he'd even bring up Congress as a source of authority in an attempt to defuse the situation. I mean, we're talking about the same congress that's less popular than cockroaches, lice, and Nickelback.
posted by mullingitover at 12:46 PM on June 7, 2013 [2 favorites]






Larry Page and the Google CLO are calling this out in categorical terms:
Dear Google users—

You may be aware of press reports alleging that Internet companies have joined a secret U.S. government program called PRISM to give the National Security Agency direct access to our servers. As Google’s CEO and Chief Legal Officer, we wanted you to have the facts.

First, we have not joined any program that would give the U.S. government—or any other government—direct access to our servers. Indeed, the U.S. government does not have direct access or a “back door” to the information stored in our data centers. We had not heard of a program called PRISM until yesterday.

Second, we provide user data to governments only in accordance with the law. Our legal team reviews each and every request, and frequently pushes back when requests are overly broad or don’t follow the correct process. Press reports that suggest that Google is providing open-ended access to our users’ data are false, period. Until this week’s reports, we had never heard of the broad type of order that Verizon received—an order that appears to have required them to hand over millions of users’ call records. We were very surprised to learn that such broad orders exist. Any suggestion that Google is disclosing information about our users’ Internet activity on such a scale is completely false.

Finally, this episode confirms what we have long believed—there needs to be a more transparent approach. Google has worked hard, within the confines of the current laws, to be open about the data requests we receive. We post this information on our Transparency Report whenever possible. We were the first company to do this. And, of course, we understand that the U.S. and other governments need to take action to protect their citizens’ safety—including sometimes by using surveillance. But the level of secrecy around the current legal procedures undermines the freedoms we all cherish.

Posted by Larry Page, CEO and David Drummond, Chief Legal Officer
posted by jaduncan at 1:27 PM on June 7, 2013 [2 favorites]


Bear in mind shared intelligence operations. For example, it's common knowledge that the US spies on British citizens on behalf of the UK government and shares the intel; and that the Brits return the favour with GCHQ and share their intel on US citizens with the NSA. Both have some restrictions on spying on domestic citizens, but very few on foreigners, so by doing each other's dirty work and sharing the results they skirt what limited protections remain.

UK gathering secret intelligence via covert NSA operation: UK security agency GCHQ gaining information from world's biggest internet firms through US-run Prism programme
posted by homunculus at 1:29 PM on June 7, 2013


First, we have not joined any program that would give the U.S. government—or any other government—direct access to our servers. Indeed, the U.S. government does not have direct access or a “back door” to the information stored in our data centers. We had not heard of a program called PRISM until yesterday.

Why should we believe them?

Second, we provide user data to governments only in accordance with the law.

The "law" on this is pretty fucking terrible.

We were very surprised to learn that such broad orders exist.

I'll bet.
posted by junco at 1:30 PM on June 7, 2013


Why should we believe them?

Because such a definitive statement means Larry Page's personal credibility has just been put on the line, and if he's lying he's just nuked a lot of the trust in the Google leadership team.
posted by jaduncan at 1:33 PM on June 7, 2013 [2 favorites]


CBS: Stellar Wind Program Blocked Terror Plot By Coloradan
The program, called PRISM, was established in 2007, according to The Washington Post, which broke the story Thursday evening. CBS News senior correspondent John Miller said it doesn’t deal with names but was designed as a way for the government to track suspected terrorists. It culls metadata from Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple and will soon include Dropbox.

Miller said one of the terror cases solved by using this cellphone data led investigators right to Colorado and to former Aurora resident Najibullah Zazi.

“You know the plot they’re talking about Scott is the Najibullah Zazi plot to place 16 backpacks in the subways of New York City filled with explosives a few years back. That was a long dormant email account that was used by a terrorist affiliate al-Qaida overseas that suddenly they found communicating with an IP address that resolved to Denver. That set off alarms. They still didn’t have the name, but they forwarded that to the FBI that did the investigation and said ‘This is who this is.’ They started the surveillance and they followed him right to New York City and the plot.”
posted by BobbyVan at 1:48 PM on June 7, 2013 [1 favorite]


Also, given how Bradley Manning is being treated, I'm amazed anyone with knowledge of the PRISM program would ever blow the whistle on it.

If they catch the whistleblower, they'll throw the book at him.

Speaking of Manning, Matt Taibbi just wrote this: As Bradley Manning Trial Begins, Press Predictably Misses the Point
posted by homunculus at 1:53 PM on June 7, 2013


Because such a definitive statement means Larry Page's personal credibility has just been put on the line, and if he's lying he's just nuked a lot of the trust in the Google leadership team.

Perhaps it is not so definitive. There is a lot of careful language in that statement, and operating with the confines of the law is easy to claim when the laws are so secret that they cannot be challenged in court.
posted by Blazecock Pileon at 2:00 PM on June 7, 2013


That was a long dormant email account that was used by a terrorist affiliate al-Qaida overseas that suddenly they found communicating with an IP address that resolved to Denver.

I don't claim to know nearly as much about tech or security as a lot of people here, but I'm confused as to how this would justify the vacuuming of data from all users of Google or Verizon or whoever. It sounds like this was an email account that was already known to belong to a terrorist group. I think virtually everybody believes that the government should investigate and keep tabs on terrorist entities. If anything, to me this account (if I am understanding it correctly) indicates that successfully defeating terrorist plots is more likely to come from targeted surveillance, rather than the hypothetical case of large-scale data-mining, which would if anything take resources away from such investigations. Or am I misunderstanding what is going on here?
posted by dsfan at 2:05 PM on June 7, 2013


Because such a definitive statement means Larry Page's personal credibility has just been put on the line, and if he's lying he's just nuked a lot of the trust in the Google leadership team.

All he said was that Google still makes governments come and ask them for the information and that they comply with the law. And, of course, that's precisely what they're being accused of: Handing over information when the US government comes and asks them and the request is legal (because a secret court declared it secretly legal). He didn't even bother to deny anything.
posted by IAmUnaware at 2:13 PM on June 7, 2013 [2 favorites]




All he said was that Google still makes governments come and ask them for the information and that they comply with the law. And, of course, that's precisely what they're being accused of: Handing over information when the US government comes and asks them and the request is legal (because a secret court declared it secretly legal). He didn't even bother to deny anything.

To be specific, he also said that, whatever the extent of the information Google provides is, it is not on "such a scale" as the "millions of users" in the Verizon call logs pull.
posted by jason_steakums at 2:17 PM on June 7, 2013


Huh, I have to admit, the theoretical "access" to the servers isn't that hard to do, since, you know, the government can very easily do traffic analysis over the main routers and switches that all internet traffic passes through that are geo-located within the U.S. You can also bet that the main DNS servers in their nifty secret facilities are probably staffed by NSA staff, since, you know, they are tasked with "protecting" the U.S. communications infrastructure. That also means they probably have people working at the telecom companies in the actual routing facilities, which means a PEN register is probably the least advanced piece of gear hooked up to the main switching infrastructure. After all, it's not like there is any way to tell if the router is sniffing your data streams, as long as it's not altering the payload. There is no flag in the TCP header that can be flipped to tell the sender or receiver that a particular switch or router along the way made a copy of the packets. So when they say PRISM can access user data from all these online data sources, I'm pretty sure they mean that in order for a customer to put data up on those servers, it's passing through an NSA blackbox switch or router and the data is simply being logged. It's pretty bog standard network stuff, practically. I can sit here on my network (since I'm the network admin) and run a packet sniffer on my internal network and "see" every bit of data flowing to and from every IP enabled device. I can even capture this log (either using my firewalls built in packet sniffer, or using something like Wireshark) and trace who is logging into what websites at what time and how long their sessoins are lasting, etc, etc, etc. In some corporations, network ops do this as a matter of course, and are required to in order to prevent sensative data being sent out of their private networks onto public servers (blocking facebook, or gmail, or yahoo mail, etc). But, really, that is all this sounds like to me. Very similar to the phone log in that it's kind of easy information to obtain, and you really don't have to care who is on either end of the computer (plausible deniability is up to the suspect).

Example: a phone call is made from the phone line registered to x person. The assumption being that x person dialed the phone for the phone call. If it is a land line, and person x lives alone, and was under physical surveilance, and was seen entering the premises along, then it is safe to assume that they were the one placing the phone call. You now have a chain of corroberating evidence that person x was at that location at the specified time that a phone call took place. If said phone call was to 1-800-TERRIST, well, you kind of have good evidence and your reasonable cause is now fulfilled, etc, etc.

Real world Example: How the FBI caught sug_g is a detailed look at the methods used by the FBI and the Chicago police to track and log when and where a suspect was logging into and accessing the internet. One of the key paragraphs on the second page of that article:
On March 1, the agents obtained a court order allowing them to use a "pen register/trap and trace" device that could reveal only "addressing information" and not content. In other words, if it worked, agents could see what IP addresses Hammond was visiting, but they would see nothing else.

The FBI describes its device as a "wireless router monitoring device” that captures addressing and signaling information and transmits it wirelessly through the air to FBI agents watching the home. It was installed the same day and was soon showing agents what Hammond was up to online.


His Macbook's MAC address was soon seen connecting to IP addresses known to be part of the Tor anonymizing network. "An FBI Tor network expert analyzed the data from the Pen/Trace and was able to determine that a significant portion of the traffic from the Chicago Residence to the Internet was Tor-related traffic,” said the FBI's affidavit.

And while this definitely sounded like their man, the Bureau went to even greater lengths to double-check their target. The main technique was to observe when Hammond left his home, then to call Sabu in New York and ask if any of Hammond's suspected aliases had just left IRC or the Jabber instant messaging system.


So the FBI was able to obtain a court order to allow them to sniff his wireless sessions, read the headers of each packet and say "he's connecting to a Tor anonymizer network", which added to their probable cause. They used that against him in court, too.

All the PRISM stuff seems to be an extention of the older Carnivore net monitoring system. It probably has better metadata handling and uses better software for search and filtering.

The companies I'd be really curious to see 'links' to the NSA would be things like McAfee and Network Solutions, or any of the other SSL cert providers. Because, you know, part of accessing those SSL and TLS sessions would mean cracking SSL. But if the government is doing it, it's not illegal, is it? Though realistically, they probably just have the keys to those certs anyway, so even if you are using a "secure" session, it won't matter, since they have the certs themselves. They don't even have to be man-in-the-middle for that, either, if they've logged all the packets. They can reconstruct it from the recorded session and simply open the packet contents as if they were the originating server. Yadda yadda.

Also, I hate to say it, but this is the kind of shit that "real hackers" do every single day. They don't root kit servers or run botnets. They packet sniff and log and capture open communications. If you aren't already sending your e-mails to your server over SSL (GMail does this automatically), you can pretty much bet that someone somewhere probably has a copy of it, whether it's the government or someone hoping for something worth blackmailing you over. Most people are not interesting enough to blackmail, btw.

Also, also, I wouldn't worry too much about the NSA either. While they do a lot of silly things with data sets, most of it is pretty academic and more of a broad overview type of thing. They watch the networks, see what data is flowing over it from and to where, and then work out how to dig through those massive data sets to find individual data points. They're the database junkies. They hire mathematicians who work on theoretical database algorithms and high end computing. Those facilities they're building? Miles and miles of fibre optic networking runs connecting blade servers with massive scaling processors to crunch massive amount of data as fast as they can. With data sets that are in the exabyte range (or higher, now, only the contractors know). The people you should worry about are the Secret Service, and the FBI, but really, that's because they're going to take that info and try and make a case from it to "prove" that you (or suspect x) was at a particular place at a particular time, making a particular phone call, internet search, or online communication. But until they can positively identify you sitting in front of that computer, all they have is circumstantial evidence that your property was used in the commission of that communication (whether or not that communication is a crime is still TBD).

I also suggest you invest in a Trace-Buster-Buster Mark II. That way you can see if someone is tracing you and using a Trace-Buster to make it look like they aren't tracing you (yes, I know, that movie was horrible, but it was still funny at points. Straight Jackin' It)
posted by daq at 3:33 PM on June 7, 2013 [3 favorites]


All he said was that Google still makes governments come and ask them for the information and that they comply with the law. And, of course, that's precisely what they're being accused of: Handing over information when the US government comes and asks them and the request is legal (because a secret court declared it secretly legal). He didn't even bother to deny anything.
Until this week’s reports, we had never heard of the broad type of order that Verizon received—an order that appears to have required them to hand over millions of users’ call records. We were very surprised to learn that such broad orders exist. Any suggestion that Google is disclosing information about our users’ Internet activity on such a scale is completely false.
This will *absolutely* bite them on the butt if it is not true.
posted by jaduncan at 3:34 PM on June 7, 2013


Also, if you look at the name of the project, PRISM. What do prisms do? They "bend" light. Most of the internet goes through fibre optic networks, which are all light based. So going by the bad joke that is the naming conventions of government projects, especially skunkworks ones, PRISM probably means just that, a system that 'bends" the light paths of the data flowing over the internet, and "spilts" it into two streams. One that gets captured, one that goes on to it's destination, as if nothing had happened.

But, you know, that's just my guess.
posted by daq at 3:36 PM on June 7, 2013 [1 favorite]


Also, thinking about the Verizon thing from the other thread, since most telephone systems are still kind of based upon weird physical switching mechanisms, the need for a PEN register makes more sense, as they are not IP based (at least not yet, anyway). Those that are IP based are still at some point going to go through a DSP transition onto the older copper lines anyway, so even if they are updated system (not likely, given that telcos are private companies who hate to spend money when they don't have to), there is still the older requirement for the pen register and it's modern equivalent (many VoIP systems automatically log all call related information, so it's easier to just pull the logs from the servers, which probably has a ton more metadata).
posted by daq at 3:41 PM on June 7, 2013


Facebook: Facebook is not and has never been part of any program to give the US or any other government direct access to our servers.

Google: Indeed, the U.S. government does not have direct access or a “back door” to the information stored in our data centers

Apple: We have never heard of PRISM. We do not provide any government agency with direct access to our servers.

Yahoo (couldn't find a direct source): Yahoo! takes users’ privacy very seriously. We do not provide the government with direct access to our servers, systems, or network.

One of them saying 'direct access' is an odd word choice. Two is a heck of a co-incidence. But all four?

Does this mean they do grant indirect access? And what would that mean?
posted by Frayed Knot at 3:52 PM on June 7, 2013 [7 favorites]


The Washington Post Has Now Hedged Its Stunning Claim About Google, Facebook, Etc, Giving The Government Direct Access To Their Servers

which is a slightly sensational headline clarified within...

That change is important. The direct-access claim changes from a fact asserted by the Washington Post to a claim made in a document the Washington Post has seen--a document that might be wrong.

Anyway, the crux of the matter is that it's not a given that the leaked document is correct on all counts & all finer points.

Does this mean they do grant indirect access? And what would that mean?

Internet traffic goes over a lot of networks before it gets to Facebook, Yahoo, Google, etc. If monitored there, it would presumably be indirect access.
posted by GuyZero at 3:55 PM on June 7, 2013


I see in a new article on the Guardian that there is a program called Upstream, which is actually the name of the traffic capture program, not PRISM. PRISM maybe another proposed scheme to ask for direct access of user data, possibly through the FISA court orders, but that is still to be determined.
posted by daq at 3:57 PM on June 7, 2013


Also, I'd look at Akamai, since all the named companies seem to all use Akamai for content delivery services, which means that there is probably a caching of the data before it is sent on to the servers.

My roommate was going on about "grey-caching" of data a few weeks ago and it looks like this is the result of that inquiry he was making with some people who kind of do this stuff for a living. And yes, the people he was talking to do work directly for the Federal government.
posted by daq at 3:59 PM on June 7, 2013 [2 favorites]


Beyond the phrase "direct access" there appears to be broad structural similarity between the denials of all of the named companies. I am not sure if that's suspicious or not yet, but it does give pause.
posted by feloniousmonk at 4:00 PM on June 7, 2013 [2 favorites]


They were all responding to the same accusation from a single source and they all were ghost written by lawyers who are non-genetic clones of each other.
posted by GuyZero at 4:07 PM on June 7, 2013 [2 favorites]




Here's the text of Zuck's and Page's denial (warning: Google Docs) which contain four similar clauses in the exact same order.

Google, Apple, Facebook, Yahoo, and PalTalk all used the phrase "direct access".

I'm no statistician, but this was a coordinated response.
posted by RobotVoodooPower at 4:58 PM on June 7, 2013 [3 favorites]






Charles Pierce: President Obama's War
posted by homunculus at 5:23 PM on June 7, 2013 [1 favorite]


Ugh. I just got to the bottom of this thread, then saw that I had a new email. I'm now being followed on Twitter by two new accounts (actually probably the same person), whose feeds are full of stuff about "Obamunists," "patriots," "gulags," and "info sovereignty." I'm guessing this follow is a belated response to my tweet from the morning the Verizon news broke in the U.S.:
"It's creepy that the first email from the White House after the Verizon news broke is about 'bringing America's students into digital age.'"
It was creepy. But yeah, I'm not really down with the "anti-Obamunist patriots" either.
posted by limeonaire at 7:04 PM on June 7, 2013


Facebook: Facebook is not and has never been part of any program to give the US or any other government direct access to our servers.

Google: Indeed, the U.S. government does not have direct access or a “back door” to the information stored in our data centers

Apple: We have never heard of PRISM. We do not provide any government agency with direct access to our servers.


And that is why you should not use services from any of these companies, because they are not to be trusted with anything.

Those who scoffed in the past at the idea of the NSA having a backdoor into the central databases of sites like Gmail and Facebook owe everyone a big apology.
posted by anemone of the state at 7:13 PM on June 7, 2013 [2 favorites]


It's a bit confusing, because if it's being done without their knowledge, 1) why did each company show up at a different time, and 2) why not Twitter?
Maybe that's just when the NSA was able to hack them, as I said in my earlier comment it does look like google "joined" the program in 2009 when they were hacked in by the Chinese and "assisted" by the NSA to help "secure" their stuff. So maybe these other companies also bought the NSA's line about needing to beef up "cybersecurity" and took them up on their offers on the dates indicated.

It would also explain why the project needed to be super-secret, if these companies found out they were being secretly spied on by their own government? Well I guess we'll get to see the fallout first hand.

My guess is that the NSA higher ups didn't even want to disclose this to the NSA agents who would be using the system, so they lied to them and told them the companies were cooperating and that disclosure would be a problem because the companies would leave the voluntary program, when in fact what would happen is they would discover they were being spied on.

Also, if google, Facebook, and other companies were doing this voluntarily or knowingly, wouldn't they be violating lots of laws in lots of other countries, including the EU? I know they have more stringent privacy laws (as in, any privacy laws at all) and I would imagine that just handing.

Anyway, I think my "the companies didn't know" theory would by far be a more entertaining outcome.
All he said was that Google still makes governments come and ask them for the information and that they comply with the law. And, of course, that's precisely what they're being accused of: Handing over information when the US government comes and asks them and the request is legal (because a secret court declared it secretly legal). He didn't even bother to deny anything. -- IAmUnaware
Well, that's not true, he did make one specific claim about the size of the requests they're getting:
Until this week’s reports, we had never heard of the broad type of order that Verizon received—an order that appears to have required them to hand over millions of users’ call records. We were very surprised to learn that such broad orders exist. Any suggestion that Google is disclosing information about our users’ Internet activity on such a scale is completely false.
So essentially they are saying that they've never gotten a request larger then for data on 999,999 users. They also said they go to court to fight off 'overbroad' requests, and, presumably a 900k user data request would get a court challenge, which is the opposite of giving them direct access to whatever they want, which is what PRISM is supposed to do.

___
The companies I'd be really curious to see 'links' to the NSA would be things like McAfee and Network Solutions, or any of the other SSL cert providers. Because, you know, part of accessing those SSL and TLS sessions would mean cracking SSL. But if the government is doing it, it's not illegal, is it? Though realistically, they probably just have the keys to those certs anyway, so even if you are using a "secure" session, it won't matter, since they have the certs themselves. They don't even have to be man-in-the-middle for that, either, if they've logged all the packets. They can reconstruct it from the recorded session and simply open the packet contents as if they were the originating server. Yadda yadda.
I think if they tried that users would get a browser warning indicating the cert changed unexpectedly. The signing authority doesn't get a copy of google's private TLS key, right? They could sign a new cert but it would show up as altered. That's how Iran got caught.

Anyway, there's actually a much simpler way for them to have done this: plain old browser session hijacking. Suppose the NSA knows of some 0-day remote exploits? They wouldn't need to steal google's cert or anything like that, just inject some exploit code on some random unencrypted page, inject the exploit, and then hijack the browser session and make a bunch of requests to hack the page. Since they're the NSA they could probably fake it so the requests would appear to be coming from the same IP. Of course, if they were able to do this they'd also be able to grab anything on your local machine, install keyloggers to get passwords to encrypted stuff, and so on. Or they could be doing this at your house's router level, assuming they could get around the 'certificate changed' issue.

__
Anyway, the similar sounding denials are strange. Someone obviously needs to ask the follow up question about "indirect access" and also these statements from Zuck and Page:

    Zuck: any program to give the US or any other government direct access to our servers.
    Page: any program that would give the U.S. government—or any other government—direct access to our servers.
    Zuck: We hadn't even heard of PRISM before yesterday.
    Page: We had not heard of a program called PRISM until yesterday.


Now, none of those statements seem natural to me at all. I mean I suppose it's possible that they chatted about the situation but you would think that if they wanted to avoid suspicion they'd avoid mirroring eachother's language.

So it seems clear they have been given talking points...
posted by delmoi at 7:49 PM on June 7, 2013 [4 favorites]


Does anyone know if people have been discussing acts of "cyber civil disobedience"? By that I mean doing things like embedding text in emails (in small fonts) with all of the "trigger words" that would raise flags in a system like PRISM. If thousands or hundreds of thousands of people started flooding the surveillance system with "noise", would it make a difference?
posted by scblackman at 8:03 PM on June 7, 2013


If thousands or hundreds of thousands of people started flooding the surveillance system with "noise", would it make a difference?

I doubt it. The people they're looking for probably aren't even stupid enough to use terms like that in their emails, so why would they look for them? They're looking at networks of people.
posted by delmoi at 8:12 PM on June 7, 2013 [1 favorite]




Wow
“The source believes that exposure is inevitable and was prepared to face that consequence,” Gellman said in this Post in-house video interview. “The source does not believe that it is possible to stay masked together, and I don’t even think wants to stay masked forever.”
Anyway I was thinking about this. Suppose what clapper has said is totally true, in which case: 1) It's not used on Americans, just everyone else in the world, and 2) It makes up a significant amount of the info in the president's daily brief.

But who's to say they're actually using it just for terrorism related things? Right now Obama's in China complaining about the whole "cyberwar" nonsense, but wouldn't something like PRISM provide an enormous opportunity for industrial espionage, spearfishing, and other techniques to hack other countries?

I mean, sure, terrorists might just assume their calls and emails might as well be public record but what about Jou Random Huawei engineer? Or what about politicians or activists in Germany or Taiwan?

PRISM, even if its being used entirely, 100% in line with their claims would give the NSA an enormous amount of information - first on the macro, they'd be able to identify and track geopolitical trends worldwide. They'd also be able track individuals and small groups of friends on the micro level too. It would be a bonanza of interesting data.
posted by delmoi at 9:39 PM on June 7, 2013 [1 favorite]




One of them saying 'direct access' is an odd word choice. Two is a heck of a co-incidence. But all four?
There is no coincidence here, and the reason tht the phrase "direct access" is used repeatedly is because that's the specific and shocking accusation levied at the tech companies, and that phrase is used throughout the Guardian's coverage.

It's a shocking accusation because it implies a far greater level of complicity and governmental access than we knew about before; we knew that these companies responded to specific warrant for information from specific accounts, but "direct access" is like the Verizon situation where the government gets access to everybody's data without any checks or balances. Further, it was shocking that these companies would allow that type if access, because they take pride in having stronger backbones than the telecoms like AT&T which happily hand over full and complete access.

So if its not "direct access" and the government is still getting access to all this stuff in the PRISM slides, that would mean that the data retrieval is achieved through unauthorized access into the servers and/or the communication streams of these companies. This would also be supported by the timeline: various services are compromised via different attacks, and they get added to the PRISM list based on the date the attack is successful,

Given what's been reported, and in the absence of the NSA correcting the "errors" that thy claim exist in the reports, I'm not sure what other conclusion can be drawn other than such governmental attacks on these services. In which case the US government is guilty of behavior as bad or worse that China's government.
posted by Llama-Lime at 11:30 PM on June 7, 2013 [2 favorites]


Ok, I'm way behind on this, Larry Page and Mark Zuckerburg are filthy liars. Their response is a betrayal of trust and is inexcusable.
posted by Llama-Lime at 11:51 PM on June 7, 2013 [2 favorites]




On google+:
From +David Drummond, Chief Legal Officer: We cannot say this more clearly—the government does not have access to Google servers—not directly, or via a back door, or a so-called drop box. Nor have we received blanket orders of the kind being discussed in the media. It is quite wrong to insinuate otherwise. We provide user data to governments only in accordance with the law. Our legal team reviews each and every request, and frequently pushes back when requests are overly broad or don’t follow the correct process. And we have taken the lead in being as transparent as possible about government requests for user information.
Which reads like a lot more of a denial than the 'no direct access' quote on their blog.
posted by pixie at 1:11 AM on June 8, 2013 [1 favorite]


SAN FRANCISCO — When government officials came to Silicon Valley to demand easier ways for the world’s largest Internet companies to turn over user data as part of a secret surveillance program, the companies bristled. In the end, though, many cooperated at least a bit.

Twitter declined to make it easier for the government.

...

The companies that negotiated with the government include Google, which owns YouTube; Microsoft, which owns Hotmail and Skype; Yahoo; Facebook; AOL; Apple; and Paltalk, according to one of the people briefed on the discussions. The companies were legally required to share the data under the Foreign Intelligence Surveillance Act.
I was going to say Someone needs to ask him why the wording they used was almost identical to Facebook's. If they were in a collage class together they'd it would qualify as plagiarism. And that if Google is serious about clearing it's name, it needs to file a lawsuit, and try take it to the supreme court. The government has already confirmed the program is real, so it's not like they can claim it's not happening so they're no ground to sue.

But, I guess that's no longer relevant.

I suppose that Drummond is technically denying the claim in the NYT story but it's a bit hard to buy at this point.
posted by delmoi at 5:37 AM on June 8, 2013


When a country goes off the rails, why should we trust its computing systems?
"You're not to be so blind with patriotism that you can't face reality. Wrong is wrong, no matter who says it." - Malcolm X
As the US has spend the past 30 years going completely off the rails we've spent that same time becoming absolutely addicted to the technology and services it produces. So deeply embedded are we that disentangling ourselves from American technology providers, cloud vendors and what-have-you is a process of years, even decades.

While undertaking this difficult, painful and expensive task may not be absolutely required for pragmatic business reasons, I argue that it is a moral and ethical obligation we collectively bear to defend that which we believe. We could simply remain apathetic and allow privacy to evaporate as our laws are synchronized with those of the US, but it that what we want to have occur?

No terrorist actions, war, trade sanctions, international politics or other traditional tools of revolution and statecraft will turn America around. Americans have so deeply forgotten the concept of "liberty" that they no longer speak of their freedoms as innate but rather as rights granted them by their government. They see themselves as helpless before an unstoppable and inscrutable juggernaut and their own belief in this makes it so.

Her people having abdicated their duty of care. America is a country entirely run by politicians and civil servants with no oversight except in pleasing donors, and no master but the almighty dollar. The only sound that those in charge are capable of hearing is that of a closing wallet.

Our addiction to US technology and services leaves us vulnerable to the whims of those who make the laws. For those of us from countries that still believe in the ideals our ancestors died for this is a problem. As business owners we have a duty of care to our customers and employees to treat their data and privacy with respect. We are still expected to defend their liberty as if it were our own.

We can not do this if that data ever comes within legal reach of the USA. Foreigners have no right to privacy within the US; indeed, we've even lost the right to habeas corpus there.

We cannot lobby for change because the American lobby machine is so huge that it would take all of our nations combined to even make a dent; a political impossibility, if the European Union's influence is anything to go by. Instead, US industry has spent incomprehensible amounts of money lobbying our governments to seize our rights from us!

Abort, retry, fail?
"Never do anything against conscience even if the state demands it." - Albert Einstein
To effect change we are left with a boycott in everything but name. It means that non-US Western businesses need to start using "not subject to US law" as a marketing point. We need cloud providers and software vendors that don't have a US presence, no US data centers, no US employees - no legal attack surface in that nation of any kind. Perhaps most critical of all, we need a non-American credit-card company.

If enough of us start to pull our technology purchases out of the US they will indeed sit up and take notice; money leaving the country may well be one of the only things that will ever cause them to do so.

posted by infini at 6:45 AM on June 8, 2013


Drummond doesn't say that there isn't a leech sucking down all of the data that goes into and comes out of Google's portals to the rest of the Internet. And that's all the NSA needs access to anyway, because nothing gets into or out of Google's servers without going through a POP, unless someone walks a hard drive into a data centre or walks one out again, or uses an encryption scheme that has not already been compromised either algorithmically or by end-run.

Basically the situation Google, and every other tech company, has found themselves in is markedly similar to Julian Assange's position inside the embassy. He's safe in there, yup. But everything that comes into or goes out of that embassy is being monitored.

Drummond can be factually correct with his statements, while still not saying "your data is safe with Google." He can't say that, because he can't know it, and he can't guarantee it. He can only issue very carefully written legally correct platitudes about how, as far as he can tell, and as much as he is allowed to say, there are no known illegal spies actually inside the embassy right now.
posted by seanmpuckett at 6:57 AM on June 8, 2013 [1 favorite]


Having a presence outside the USA doesn't help very much nowadays. Look at Kim Dotcom: resident in New Zealand, his company was incorporated in Hong Kong; but he was arrested for alleged violation of USAn laws.
posted by Joe in Australia at 6:58 AM on June 8, 2013


Or, as someone once said, you're either subject to US domestic policy or US foreign policy.
posted by acb at 7:44 AM on June 8, 2013


Nor have we received blanket orders of the kind being discussed in the media.

What kind of blanket orders have they received?

To be charitable, these companies could be infiltrated by communists NSA spies, who are operating without the knowledge of the employer.
posted by dirigibleman at 8:01 AM on June 8, 2013


Drummond can be factually correct with his statements, while still not saying "your data is safe with Google." He can't say that, because he can't know it, and he can't guarantee it.

So tell me where on US soil that your email is safe from the NSA given that what Yu describe is true for every possible email service.
posted by GuyZero at 10:41 AM on June 8, 2013




Yonatan Zunger (Chief Architect of Google+):
"I can also tell you that the suggestion that PRISM involved anything happening directly inside our datacenters surprised me a great deal; owing to the nature of my work at Google over the past decade, it would have been challenging -- not impossible, but definitely a major surprise -- if something like this could have been done without my ever hearing of it. And I can categorically state that nothing resembling the mass surveillance of individuals by governments within our systems has ever crossed my plate. If it had, even if I couldn't talk about it, in all likelihood I would no longer be working at Google"

posted by lenny70 at 11:58 AM on June 8, 2013 [1 favorite]


Yeah, Google's statements are about as unambiguous as you can get. If this is happening it is without Google's knowledge or cooperation. That doesn't mean it isn't happening but it does mean they're either blatantly lying or that it isn't their fault in any way.

I strongly suspect the latter. It is not in Google's interest to lose the public's trust. Those of the public that do trust them, I mean. I know a bunch of people reading this are ready to point out that they do not and have not ever trusted Google.
posted by Justinian at 12:29 PM on June 8, 2013


Is PRISM Going To Harm U.S. High-Tech Exports?
Imagine if it had come out in the 1980s that Japanese intelligence agencies were tracking the location of ever Toyota and Honda vehicle, and then the big response from the Japanese government was to reassure people that Japanese citizens weren't being spied upon this way. There would have been—legitimately—massive political pressure to get Japanese cars out of foreign markets.
____
Yeah, Google's statements are about as unambiguous as you can get. If this is happening it is without Google's knowledge or cooperation. That doesn't mean it isn't happening but it does mean they're either blatantly lying or that it isn't their fault in any way.
Not really. That's what I thought until I noticed they used the exact same wording as Zuckerburg and a bunch of other tech companies. And once you look closely at the words they use it still leaves them open, so for example if they were to 'accidentally' leave information from foreign users unencrypted when they transferred it from one data center to another for backup, that would basically put it in the NSA's hands, but the literal wording of their letters would still be correct.

One thing they are not saying is a clear statement like "We are not giving any user data access to to the NSA except by the normal legal process for specific individuals"

Also note they say "servers" and not "data".

But whatever, ultimately they are kind of fucked because they can't make a clear statement like "All we do is X and nothing else" because obviously they aren't even allowed to say what "X" is. I think this could potentially cost them customers, especially overseas where everyone now knows that apparently the US government is having a free-for-all for any data stored on US cloud service providers.

I think if Google wants to clear it's name it's going to have to sue over this. But if it was doing it consensually, obviously it wouldn't be able too.
posted by delmoi at 2:47 PM on June 8, 2013


Man, it's just non-denial after non-denial.

Yonatan Zunger (Chief Architect of Google+):
"I can also tell you that the suggestion that PRISM involved anything happening directly inside our datacenters surprised me a great deal;


Note that he doesn't actually say that the PRISM programme did not involve anything "happening directly inside our datacenters".

"[O]wing to the nature of my work at Google over the past decade, it would have been challenging -- not impossible, but definitely a major surprise -- if something like this could have been done without my ever hearing of it.

This implies that if it was done, then he knew about it. He doesn't deny that he knew about it.

And I can categorically state that nothing resembling the mass surveillance of individuals by governments within our systems has ever crossed my plate.

This says nothing about the possibility that the mass surveillance was carried out after the data had been passed on to another entity, after the data had left Google's "systems", and that that may well have "crossed his plate".

If it had, even if I couldn't talk about it, in all likelihood I would no longer be working at Google.

Notice that he says "in all likelihood" that he would no longer be working at Google, and not "I would absolutely have quit".
posted by Len at 3:31 PM on June 8, 2013


Len - ultimately you can hyper-parse everything anyone says. In all likelyhood this guy didn't know anything about it, they would have had to have had top secret security clearance. And he isn't even claiming it didn't happen, just that if it did he didn't know about it and never saw anything to indicate it was, not that that's dispositive.
posted by delmoi at 3:51 PM on June 8, 2013




delmoi: Len - ultimately you can hyper-parse everything anyone says.

Oh, yes, totally, and there's an issue about being sucked down that particular rabbit hole. But I'm pretty sure that hyper-parsing everything one of their employees says in public is what Google's lawyers are paid to do, and is what they did before that statement was released.
posted by Len at 3:57 PM on June 8, 2013


Google doesn't really put much of muzzle on their employees in general, though. Even if they were involved, not every person working there would know about it.
posted by delmoi at 4:02 PM on June 8, 2013


In general, no, as far as I know, they don't muzzle their employees. But this is a highly contentious matter that has attracted/generated international press attention, and it's not like the guy is some random code-monkey working on, I dunno, ways to improve Google's auto-complete algorithm. This is the guy who's the lead developer on/inventor of Google+. I'd be astonished if whatever public statements he puts out are not lawyer-vetted beforehand. Indeed, given his stature within the company, it'd be a failure of corporate governance if they weren't.
posted by Len at 4:09 PM on June 8, 2013


The NSA Sent a Takedown Notice Over My Custom PRISM-Logo T-Shirts

Heh, anyone else notice that guy's headshot is an animated gif? Anyway, here's another article about PRISM might damage the US tech industry.
posted by delmoi at 4:16 PM on June 8, 2013


I can't imagine that anyone with first hand knowledge of not only a program of this nature but also the penalities for disclosing it would say anything substantial in public about it one way or the other. I think it is perfectly reasonable, under these circumstances, to both believe that the denials are in good faith and that they are incorrect.
posted by feloniousmonk at 4:27 PM on June 8, 2013


Has anyone been following the Guardian's updates on all of this?
posted by brina at 4:55 PM on June 8, 2013


Yahoo's denial is a little more considered but still leaves some strange questions. For example, it doesn't address programs that they might be involuntarily compelled to join. This is some Gibsonian type technodrama here, really. It seems that everyone's lying and at least some participants aren't happy about it.
posted by feloniousmonk at 4:56 PM on June 8, 2013




Has anyone been following the Guardian's updates on all of this?

Yeah, today there's this:

Boundless Informant: the NSA's secret tool to track global surveillance data

Love the name.
posted by homunculus at 5:43 PM on June 8, 2013


Hardly worth yet another FPP under the circumstances:

Boundless Informant: the NSA's secret tool to track global surveillance data
[...] Iran was the country where the largest amount of intelligence was gathered, with more than 14bn reports in that period, followed by 13.5bn from Pakistan. Jordan, one of America's closest Arab allies, came third with 12.7bn, Egypt fourth with 7.6bn and India fifth with 6.3bn.
Yet another badly-designed US Government slideshow about a secret program. The (unclassified?) FAQ about the program.

The map is really the most interesting thing about this.
posted by Joe in Australia at 5:46 PM on June 8, 2013


Oh, jinxed.
posted by Joe in Australia at 5:46 PM on June 8, 2013


Poom!
posted by homunculus at 5:46 PM on June 8, 2013


Heh, anyone else notice that guy's headshot is an animated gif?

Yeah, I love that.
posted by homunculus at 5:50 PM on June 8, 2013


This explains quite a lot, actually:
The Government's Word Games When Talking About NSA Domestic Spying: "Collection" or “Collect”
Normally, one would think that a communication that has been intercepted and stored in a government database as “collected.” But the government’s definition of what it means to “collect” intelligence information is quite different than its plain meaning.

Under Department of Defense regulations, information is considered to be “collected” only after it has been “received for use by an employee of a DoD intelligence component,” and “data acquired by electronic means is ‘collected’ only when it has been processed into intelligible form.”

In other words, the NSA can intercept and store communications in its data base, then have an algorithm search them for key words and analyze the meta data without ever considering the communications “collected.”
Via A Taxonomy of PRISM Possibilities, which is also very much worth reading.
posted by Joe in Australia at 1:02 AM on June 9, 2013 [2 favorites]


Boundless Informant: the NSA's secret tool to track global surveillance data
Showing lots of data from China, and plenty from Russia as well. Hardly terrorist hotspots. Like I said, I think there's a good chance this is being used for a lot more then "Terrorism"
posted by delmoi at 4:31 AM on June 9, 2013


And how are they getting this data, particularly from China and Iran? Also, why is Syria green but Jordan red? And what's special about Burma and Kenya? Weird.
posted by Joe in Australia at 5:41 AM on June 9, 2013


The Guardian has released a slide it withheld from the initial release. They're confirming that yes, they do mean that the NSA has access to those companies' servers.

NSA's Prism surveillance program: how it works and what it can do
[...] The slide details different methods of data collection under the FISA Amendment Act of 2008 (which was renewed in December 2012). It clearly distinguishes Prism, which involves data collection from servers, as distinct from four different programs involving data collection from "fiber cables and infrastructure as data flows past".

posted by Joe in Australia at 5:46 AM on June 9, 2013




This is a couple of days old but I didn't see it linked here:

David Simon, Creator of ‘The Wire,’ Debates N.S.A. Surveillance With Readers of His Blog (NYT)
David Simon, the former reporter behind the television drama “The Wire,” which President Obama calls “one of the greatest shows of all time,” came to the defense of his embattled fan on Friday, suggesting in a long post on his blog that “the national eruption over the rather inevitable and understandable collection of all raw data involving telephonic and Internet traffic by Americans” was misguided.
posted by Room 641-A at 7:45 AM on June 9, 2013


If the Guardian is going to drip drip drip each of the 41 slides of that PPT show then this is going to be an interesting month of updates. That one Joe just linked to is devastating.

I wonder if it's possible rather than a leak per se this is a leak by a foreign agent. The timing with regard to the Chinese US summit is suspicious.
posted by Rumple at 9:01 AM on June 9, 2013


I appreciate David Simon's response to this, but I think it illustrates one of the problems with what's going on now. He's only addressing one tiny part of this whole scandal. It's now too big to discuss in its entirety, like healthcare reform or any other contentious subject which we've failed to make any significant conclusions about.
posted by feloniousmonk at 9:11 AM on June 9, 2013


David Simon is an idiot. Sure, individual phone records for one number, absent any other data, might not be that useful, but where it becomes useful is when you have ALL the phone records and you're able to correlate everything together to discover the structure of various social graphs. He talks about "how many computer runs" they can do as if there was some kind of practical limit, and there is - but it's far beyond anything he could imagine.

And that doesn't even get to the whole PRISM stuff about collecting anything they want off google drive, gmail, etc
posted by delmoi at 9:57 AM on June 9, 2013








The Guardian, after several days of interviews, is revealing his identity at his request. From the moment he decided to disclose numerous top-secret documents to the public, he was determined not to opt for the protection of anonymity. "I have no intention of hiding who I am because I know I have done nothing wrong," he said.
Wow.
posted by homunculus at 11:55 AM on June 9, 2013 [3 favorites]


Barack Obama on PRISM: “I think it's important to recognize that you can't have a hundred percent security and also then have a hundred percent privacy and zero inconvenience.”

Utterly stunning. Wasn't it Benjamin Franklin who said "They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety"?
posted by anemone of the state at 11:56 AM on June 9, 2013


Someone mentioned it up thread, but having this sort of power would give you a huge edge in finance. Insider trading without the insider ever knowing they were divulging the information.
posted by codacorolla at 12:08 PM on June 9, 2013 [1 favorite]


The Guardian interview is gut-churning. What Snowden did took more courage than I can ever imagine having in his situation. And what he says about how he took his decision - imagine how bad things must be for someone to choose to walk away from a charmed life in Hawaii, making a fortune, just to get the truth out there. Especially where it ends him up where he is now...

Q: What do you think is going to happen to you?
A: "Nothing good."


Brave soul. Terrifying to think it might already be too late to stop what he's most afraid of.
posted by harujion at 12:13 PM on June 9, 2013 [8 favorites]


It's sobering to realize that I almost certainly don't have the moral courage to do what this man has done. Christ, what a hero.
posted by Horace Rumpole at 12:22 PM on June 9, 2013 [6 favorites]


But why Hong Kong? Even European cities may be better locations, no?
posted by infini at 12:33 PM on June 9, 2013


I am so afraid for this guy. Re: why China, apparently the U.S. lacks a formal extradition treaty with that country?
posted by limeonaire at 12:40 PM on June 9, 2013 [1 favorite]


But why Hong Kong? Even European cities may be better locations, no?

Ask Julian Assange.

In China, he'll be able to ask for asylum from the Chinese government, and they'll no doubt be more then happy to give it to him - there will be no conflict of interest or desire not to piss off the US. In fact, they'll probably jump at the chance.

In fact, some of the leaks were beneficial to China's negotiations with the Obama administration over hacking, he did leak some information about 'offensive' cyber-whatever that the US was working on.
posted by delmoi at 12:42 PM on June 9, 2013 [2 favorites]


I somehow think that Hong Kong although feasible is not correct.
I wish Mr Snowden great luck as the ride is going to get a little bumpy for him as he has certainly pissed off a lot of people who don't take kindly to being pissed off.
The problem is there is no justice any longer.
So if he gets rendered somewhere, who is going to get him out.
The US has proved over and over that it has no interest in law or the rule of law; it gets in the way of revenge.
The best that we can hope for is that he has a regular call in system set up with someone so that if communication stops people can start trying to find him.
But then how do you get someone out of Diego Garcia or wherever?
"I'm willing to sacrifice all of that because I can't in good conscience allow the US government to destroy privacy, internet freedom and basic liberties for people around the world with this massive surveillance machine they're secretly building."
Very noble words and a very heroic move proving to us all what we kind of knew but didn't want to admit.
The genie is out of the bottle.
There is fuck all we can do about it. We are now firmly living in the dystopian future we always feared. Shit is getting real at a faster rate than we thought possible.
posted by adamvasco at 1:13 PM on June 9, 2013


In China, he'll be able to ask for asylum from the Chinese government, and they'll no doubt be more then happy to give it to him - there will be no conflict of interest or desire not to piss off the US. In fact, they'll probably jump at the chance.


Re: why China, apparently the U.S. lacks a formal extradition treaty with that country?


Ok. But someone tell him or his handlers that his timing is off, given the double spread love story on Xi meets Obama going on in the Singapore papers right now.

Articles say that "cyber" is being tippy toed around since cooperation and friendship of these two great powers is key to better future and all that good stuff in a Sunday paper.
posted by infini at 1:13 PM on June 9, 2013


Hong Kong’s extradition treaty with the United States has been in force since Jan. 21, 1998 http://1.usa.gov/11Pc0BD via
posted by infini at 1:22 PM on June 9, 2013 [1 favorite]


Well, we'll see I guess.
posted by delmoi at 1:31 PM on June 9, 2013




NSA surveillance as told through classic children's books and a slideshow of some selections. My favorite is Charlotte's Webcam.
posted by Joe in Australia at 2:59 PM on June 9, 2013 [2 favorites]


This guy, John Schindler, is apparently some sort of security experty muck-a-muck quoted by The Gurdian. On his Twitter feed he asks So at what point is it safe to call Snowden a defector to the PRC? Former CI guy here, gotta ask

This may show us where the narrative is going: Manning is a suicidal transexual; Assange is a filthy weirdo and a rapist; Snowden is a turncoat. All those things may be true, of course, but they're hardly germane.
posted by Joe in Australia at 3:20 PM on June 9, 2013 [1 favorite]


Why didn't tech company leaders blow the whistle? (The lesson of Qwest.)
posted by seanmpuckett at 4:41 PM on June 9, 2013 [1 favorite]


BTW, there's more discussion about the Snowden interview here in this FPP.
posted by Room 641-A at 5:13 PM on June 9, 2013 [1 favorite]


If only the suboena process could be as streamlined as the takedown process.

Warner Brothers didn't have "direct access" to Hotfile's servers either.
posted by morganw at 6:36 PM on June 9, 2013


Can anybody recommend a decent email provider located in a country that respects protections against surveillance?
posted by anemone of the state at 10:05 PM on June 9, 2013 [1 favorite]


I'm seriously considering hosting my own altogether via a hosted virtual server, but all the webmail apps I've looked at still rather suck - gmail is a really nice bit of software, and having been a mailserver admin for a long time, I don't really fancy dealing with spam tuning any more.

The other option I'm looking at is hushmail, based in Canada; you can bring your own domain, but it's a little pricy for a solo user. But full encryption for your mail, that they can't access the store for; only when you're actively using it could they intercept it at the server level, though obviously given most email transmission is only server-server encrypted, it's still vulnerable to being spied on in transit if it goes through NSA-accessible mail provider, which is what many, many people use.

So mail to and from other people not using say, gmail, hotmail/outlook and yahoo would probably be unintercepted, the same with business mail, assuming they haven't farmed it out to a online mailhost. I don't know about you, but that pretty much eliminates all the mail I care about - does it really matter if my mailstore is private, if everyone I talk to is being intercepted? I've always treated email like I would postcards - don't send anything you wouldn't want the mailman reading, as it's too much at risk of ending up in the clear. I just didn't really expect the man-in-the-middle to be all mail all the time by the NSA.

Sigh.
posted by ArkhanJG at 11:41 PM on June 9, 2013 [1 favorite]


Can anybody recommend a decent email provider located in a country that respects protections against surveillance?

Unless you are sending encrypted email you should assume it's like a postcard.
posted by jaduncan at 2:36 AM on June 10, 2013 [2 favorites]


Scary stuff. :(
posted by rockinitoldskool at 12:41 PM on June 10, 2013


Dwarf Fortress
posted by homunculus at 1:32 PM on June 10, 2013 [1 favorite]






Yes We Scan
posted by homunculus at 3:41 PM on June 10, 2013 [1 favorite]




Kings of War: Prism and the making of our idiocracy - covers the hand of history, being beige, Foucault and Foucaultians, Intelligence, 7/7, the all-seeing-electronic eye, and toasters.
posted by the man of twists and turns at 7:49 PM on June 10, 2013




On PRISM, Or, Listening Neoliberally
But the kind of listening involved in PRISM surveillance--and in neoliberal modes of audition and subjectivity more generally--isn’t about content, and it isn’t about interpretation. It’s not about form or structure either. The point is that form/content or medium/message distinctions are no longer relevant. This sort of listening isn’t about form or content; rather, it’s the economy, stupid-- “economy” in the sense of a practice of moderation, of minding the oikos, keeping everything in the black. As Glenn Greenwald put it in his Guardian article, this sort of listening focuses on “transactional information rather than communications” (emphasis mine). The economy is not an objective property (like form or content)--it’s a process, a practice, in which the form and the content are emergent properties. We don’t interpret these processes, we (at)tune them. Listening is attunement.
posted by the man of twists and turns at 9:11 PM on June 10, 2013




From Homunculus' last link:
A rare glimpse into what intelligence services can do by applying this "big data" approach came last year from David Petraeus. This new form of data analysis is concerned with discovering "non-obvious relationships," the then freshly minted CIA director explained at a conference. This includes, for example "finding connections between a purchase here, a phone call there, a grainy video, customs and immigration information."
Or, for instance, you might identify someone threatening a general's associates by cross-referencing the guest registers of hotels she stayed at, identified by the IP addresses of her emails.
The CIA and our intelligence community partners must be able to swim in the ocean of 'Big Data.' Indeed, we must be world class swimmers -- the best, in fact," the CIA director continued
This is from a man who was using a Gmail account to surreptitiously communicate with his mistress. In a better army he and his underlings would have been court-martialled.
posted by Joe in Australia at 10:11 PM on June 10, 2013


What they mean when the government says “We do not have ‘direct’ access to your info”
When politicians and spokespeople choose their words with exquisite care, then it’s time to examine them with extra care. Let’s talk a little bit about the realities of how one might monitor a data center, shall we?
posted by the man of twists and turns at 7:58 AM on June 11, 2013 [3 favorites]








Last month, the FBI responded to an ACLU FOIA request on information concerning warrantless interception of electronic communications with an entirely redacted document.
posted by the man of twists and turns at 6:31 AM on June 12, 2013






From the Economist:
Should the government know less than Google?
posted by adamvasco at 7:45 AM on June 12, 2013


*sigh*

Google's user data is highly aggregated and aggressively anonymized - they anonymize IP addresses in logs after 9 months. Something I doubt the NSA does.

And honestly, what editor let the writer say "Google sells your data" with an asterix and a footnote saying "Well, Google actually doesn't sell your data"??? That seems dishonest.
posted by GuyZero at 7:53 AM on June 12, 2013


Oh, an update from the WSJ: How Google Transfers Data To NSA: by hand or by secure FTP, only after it receives a court order.
posted by GuyZero at 9:43 AM on June 12, 2013


The "please let us disclose" pushback from Google makes me wonder if they're considering a nuclear option: they could simply disclose without permission and dare the government to prosecute them for it.

(It seems to me that Drummond's post deliberately puts a toe over the disclosure line by acknowledging that they have received and complied with FISA requests -- although maybe the wording of "the number we receive" very carefully doesn't disclose whether that number is non-zero.)
posted by We had a deal, Kyle at 11:15 AM on June 12, 2013






This guy is starting to look more and more like an agent of the Chinese government.

Edward Snowden: US government has been hacking Hong Kong and China for years
In an exclusive interview carried out from a secret location in the city, the former Central Intelligence Agency analyst also made explosive claims that the US government had been hacking into computers in Hong Kong and on the mainland for years.

At Snowden’s request we cannot divulge details about how the interview was conducted.

A week since revelations that the US has been secretly collecting phone and online data of its citizens, he said he will stay in the city “until I am asked to leave”, adding: “I have had many opportunities to flee HK, but I would rather stay and fight the US government in the courts, because I have faith in HK’s rule of law.”
When you add this to the timing of his leak (the same weekend Presidents Obama and Xi were meeting), the cui bono question seems to have an answer.
posted by BobbyVan at 12:13 PM on June 12, 2013


Running Up The White Flag
posted by homunculus at 1:26 PM on June 12, 2013




BobbyVan wrote: This guy is starting to look more and more like an agent of the Chinese government.

I think an agent of the Chinese government would have stayed right where he was, letting his true employers know everything that was going on. I don't know whether Snowden actually is a traitor - he might be! - but his actions so far are no more than I would expect of a patriot acting prudently in the interests of his country. We all know why Snowden had to leave the USA: it's because he would have ended up in a cell like Bradley Manning if he stayed there.

The fundamental problems are the USA's apparently-illegal surveillance and lack of protection for whistleblowers. Those are the things that made him leave his country; his choice of refuge then comes into play: from which countries would he most likely be extradited? Does the country have the rule of law? Has the USA illegally kidnapped people in those countries? Given those constraints Hong Kong is a reasonable destination.

Ironically, it's the behavior of the USA in conducting illegal surveillance, malicious prosecutions, illegal detention and kidnapping that have forced him out of his country and very near to one of the USA's near-enemies. The lesson that should be taken from this is not that the victim sof these policies are traitors: it is that those policies are harmful to your country.
posted by Joe in Australia at 4:43 PM on June 12, 2013 [1 favorite]


It does seem weird that he went to china to complain about government spying in its citizens.
posted by empath at 9:54 PM on June 12, 2013 [1 favorite]


Empath: Hong Kong's isn't like the rest of China: its political culture isn't Chinese and it's much easier to get in and out of Hong Kong by air or sea. I presume he was scared of going to countries allied with the USA; once you exclude those countries the nicest places are Switzerland and Hong Kong. Perhaps he thought that Hong Kong would be less likely to extradite him.
posted by Joe in Australia at 10:56 PM on June 12, 2013


Where's the part where all the governments are after him and the only person who can protect him is Chow Yun Fat with a trenchcoat and two guns?
posted by Charlemagne In Sweatpants at 10:59 PM on June 12, 2013 [2 favorites]


> Where's the part where all the governments are after him and the only person who can protect him is Chow Yun Fat with a trenchcoat and two guns?

I agree that would be a nice start, but have you seen what CYF is up to these days? He's been majoring in palace intrigue with a side of costume drama really lavish and well acted stuff full of moral complexity. It's all really fascinating and intense.

So maybe... may be.... we rewrite the concept like this: All the governments are after him and the only person who can protect him is Chow Yun Fat with his golden robes and two ministers. And the ultimate scene in the movie isn't a massive battle, it's an imperial court scene, and there are shifting allegiances and betrayals and poisonings, in the end the Nerd Dynasty is preserved for another hundred years.
posted by seanmpuckett at 4:42 AM on June 13, 2013 [1 favorite]


I think an agent of the Chinese government would have stayed right where he was, letting his true employers know everything that was going on.

That presumes that Snowden (or his handlers, if he has them) didn't think he was about to be uncovered.

My pet theory [totally speculative] is that Snowden had been feeding info to the Chinese for some time. But something made him worried that he was about to be caught. So when he left Booz Allen claiming he needed treatment for epilepsy, he was in fact hoping the Chinese would help him defect and resettle in Hong Kong. The only problem was that there was a new Chinese president hoping to improve relations with the US, and an important summit coming up in California. So Snowden, in a kind of limbo and fearing that the NSA Q Group might "disappear" him, decided to go public and reinvent himself as a whistleblower. At a minimum, Snowden would have thought, this would save his life, and might even win him some political/popular support within the US or around the world as the legal and diplomatic processes play out.

Living in an Assange-like limbo wouldn't have been Snowden's objective, in this scenario, but it's a decent fallback plan for a double-agent.
posted by BobbyVan at 6:35 AM on June 13, 2013








The "direct access" denials and SFTP explanations don't line up with how Snowden said the system works. Sadly, there probably won't ever be a proper investigation. If the 9.11 Report is anything to go by, inconvenient testimony has a history of being stricken from the record on national security grounds.

Those yottabytes of storage at the Utah Data Center and other NSA datacentres currently under construction aren't just for legally requested data. They're for trolling through and saving absolutely everything, or a significant subset thereof.
posted by anemone of the state at 5:51 PM on June 13, 2013






The Real War on Reality
posted by homunculus at 1:33 PM on June 14, 2013








I have watched Barack Obama transform into the security president.
posted by adamvasco at 2:12 AM on June 16, 2013 [1 favorite]


From Greenward affirming Democratic Rep. Loretta Sanchez
"there is significantly more than what is out in the media today".
posted by adamvasco at 3:22 AM on June 16, 2013


I'm glad to see this story has some traction. Still way too much hemming and hawing about it in the press though.
posted by JHarris at 9:44 AM on June 16, 2013 [1 favorite]




Indeed. The hemming and hawing in the media ("Is he a traitor or a hero? The jury's out for now!") sounds like a college freshman who hasn't done their reading having to speak in front of class.
posted by anemone of the state at 10:03 PM on June 16, 2013 [1 favorite]


"there is significantly more than what is out in the media today".

Prediction:
Everything- all traffic passing through interception points- is trolled through and stored. Traffic is triaged for keywords, behaviour patterns, and suspicious activity like PGP, with more interesting stuff being put in a list for an analyst to evaluate.
posted by anemone of the state at 10:18 PM on June 16, 2013


I'd also predict the only significant controls in place are to prevent analysts from surveiling members of congress and the senate.
posted by benzenedream at 12:20 AM on June 17, 2013




can we tag this post with "PRISM"? Please?

Edward Snowden Q&A from the Guardian this morning.

It's odd--he only has 113 Twitter followers. I suppose it's a new account (6/11) but still ...
posted by mrgrimm at 3:08 PM on June 17, 2013


Our founders did not write that "We hold these Truths to be self-evident, that all US Persons are created equal.

Yes, this. I have seen so much outrage from faux-liberals that "Obama executed US citizens without trial!" Well, actually, human rights are not dependent on nationality and the reason you're in this pickle is that you've accepted the notion of American exceptionalism. Start thinking of human rights as things which apply equally, to all people, and you immediately have a saner foreign policy.
posted by Joe in Australia at 4:54 PM on June 17, 2013 [2 favorites]


I'm wondering how this 'US Person' circumlocution has suddenly appeared, and why. It's not something I recall seeing much in the past, but is everywhere now, including the Charlie Rose interview with Obama partial transcript I just read.

I feel pretty certain that it's not just a random clumsiness (although it being picked up and propagated could happen quite naturally, of course), given the stakes involved. So who and what is being protected (or excluded) by saying 'US person' rather than 'American' or 'American citizen' or even 'US citizen'? Am I missing something obvious?
posted by stavrosthewonderchicken at 5:11 PM on June 17, 2013


A US Person is actually a broader category than a citizen, and includes corporations, resident aliens, etc. A lawyer can probably give a better definition. I can't google a really definitive one.
posted by empath at 5:28 PM on June 17, 2013 [1 favorite]


I feel pretty certain that it's not just a random clumsiness (although it being picked up and propagated could happen quite naturally, of course), given the stakes involved. So who and what is being protected (or excluded) by saying 'US person' rather than 'American' or 'American citizen' or even 'US citizen'? Am I missing something obvious?

Federal law and executive order define a U.S. Person as:

a citizen of the United States;
an alien lawfully admitted for permanent residence;
an unincorporated association with a substantial number of members who are citizens of the U.S. or are aliens lawfully admitted for permanent residence; or,
a corporation that is incorporated in the U.S.
posted by jaduncan at 11:52 PM on June 17, 2013


Hope and Change, baby. Hope. And. Change.

At least he's not a Republican, amirite?


Why We Get the Police State We Deserve—and What We Can Do to Fix That

Third-party voters are starting to look a bit more intelligent.
posted by mrgrimm at 8:07 AM on June 18, 2013 [2 favorites]










But why Hong Kong? Even European cities may be better locations, no?

-Ask Julian Assange.



There are a number of late theories why Hong Kong is a good choice. However, Assange urged him to consider Latin America. I would offer another angle though. Anyone who's debated libertarians would have long been exposed to their nonsensical devotion to Hong Kong being one of their success stories, which is just not the case and never was. Anyway, what if Snowden had absorbed this nonsense and didn't check his facts? I wouldn't assign brilliance to his move, nor would I assume he's a spy rushing towards China, but his choice of Hong Kong is best explained for me as a libertarian worldview.
posted by Brian B. at 7:21 AM on June 19, 2013 [2 favorites]


Fascinating... this means I qualify as a US Person, does this mean I can be Sir Veiled or can't be?
posted by infini at 7:39 AM on June 19, 2013




And... they know what you keep in the back of your underwear drawer.

Give up, children, its now apparently a matter of what is being done with the data, and by which whom, not so much how or where or when the data.

Actually... why bother? Right? Three bags full, sir!

The only details left are whether its going to be Harrison Bergeron or Gattaca instead of Brave New World or 1984. Marching Morons. Anthem if you ask me.

posted by infini at 12:39 PM on June 19, 2013


A Discussion With Cryptome
posted by homunculus at 12:40 PM on June 19, 2013


So how come they've never faced the kind of noisy showdowns of the assang/maning/snoden et al variety?
posted by infini at 1:43 PM on June 19, 2013
















Obama told Charlie Rose that (this "Privacy and Civil Liberties Board") was "made up of independent citizens, including some fierce civil libertarians".

If they'd willingly participate in such a secret government body, they can't really be that fierce, now can they. In fact, just like the Patriot Act stands against everything the country was built upon, there's nothing to say that this group's function is anything like its name. This is no way to run a democracy.
posted by JHarris at 2:26 PM on June 21, 2013 [1 favorite]








Mr Simon and Mr Maciej exchange pleasantries (read the comments).
posted by hat_eater at 4:56 PM on June 22, 2013 [4 favorites]


And if I sound exasperated with other liberal voices on this issue it’s because their barricades are in the wrong place, facing the wrong way, defending the wrong moral and legal terrain. Thus far, the sum of liberal argument against the NSA program amounts to a Maginot Line of legal ignorance, borrowed libertarian selfishness and positive proof that those who fear a civil liberties apocalypse and wish to fight against such were decades late to the fields where those battles actually rage. Shit, they’re still not in the right place.
posted by Golden Eternity at 6:41 PM on June 22, 2013 [1 favorite]


Introducing the NSA-Proof Font
posted by homunculus at 12:41 PM on June 23, 2013






Introducing the NSA-Proof Font extra weighting point. Admittedly, the weighting would be probably be for the credulity stats.
posted by jaduncan at 5:29 AM on June 24, 2013


I think that font would actually be more useful for CAPTCHAs than foiling the NSA, although really once a single font become widespread it also becomes possible to check for it as a special case, and indeed snoopers could treat its use as a helpful signifier for prioritizing effort in finding communication with a higher chance of being important.

Although, most email is sent in text anyway. Do people really send rasterized images when communicating on the internet? That aren't LOLCats?
posted by JHarris at 11:56 AM on June 24, 2013


Er, I think jaduncan is saying the same thing as my first paragraph, just more succinctly.
posted by JHarris at 11:57 AM on June 24, 2013


JHarris: "Do people really send rasterized images when communicating on the internet? That aren't LOLCats?"
See my comment here.
posted by brokkr at 5:02 AM on June 25, 2013








I worked at a radio station in college that regularly broadcast anti-war rantings (not mine) during the first Gulf war. Despite these rantings including lots of swearing, the station was never sanctioned or taken off the air, even though swearing provided a straightforward excuse to do so. Probably because no actual harm was being done. That, or because it was college radio, and so nobody noticed.

I dated a girl at the time, who also worked at the radio station and who has since converted to Muslim, and I figured that might be something that got me noticed. I also hung out with some other militant types. Apparently she -- and I -- are still boring, and so nobody noticed.

Several years ago, I started playing around with PGP, and sent various things out encrypted just because I could. I'm the only one who knew what was in those. Apparently nobody noticed.

So I figure there are two possible reasons why nothing's ever come of those things:

1. Nobody's really paying attention to this stuff, to the degree where this would throw any red flags; or

2. They're paying so much attention to this stuff, that in comparison to the overwhelmingly boring stuff that has made up my life all these years -- all of which they're presumably aware of -- the few items noted above aren't red flags.

Either way, if it turned out I was trying to do something nefarious, apparently I've inadvertently created the perfect cover that allows me to consort with Muslims and militant types, send encrypted messages, and work with an anti-war organization. So, uh, go me, I guess. I'll try to use that power for good instead of evil.
posted by davejay at 9:28 PM on June 26, 2013




“[The goal of this effort] is to see if it is legal for a European Union company to forward data to the National Security Agency in bulk,” Schrems told Ars. “[and] to get more information, because they will have to disclose stuff in a preceding here. The US gag orders are not valid here. Both might be another puzzle piece for the good of mankind.”

Under European Union law, Facebook is required to comply with user data requests within 40 days, since its international (e.g., non-American) headquarters are in Ireland (largely for tax reasons). This means that all Facebook users outside the United States and Canada (which have their own, less-stringent privacy rules) are effectively governed by Irish and EU data protection authorities.


Schrems and his colleagues now are hoping to use European law to find out what has been done with their data held by various digital services, including Facebook (PDF), Apple (PDF), Microsoft (PDF), Skype (PDF), and Yahoo (PDF), all of which were reported to have complied to some degree with the NSA’s PRISM surveillance program. These formal complaints (PDF) were filed with the relevant data protection authorities (DPA) in Ireland, Luxembourg, and Germany on Wednesday.

posted by infini at 11:30 PM on June 26, 2013 [2 favorites]


Oh, you mean that tech companies' tax-driven arrangements have made them open to prosecution under the other laws of foreign jurisdictions? Unintended consequences, how I do love thee.
posted by Joe in Australia at 1:45 AM on June 27, 2013


How Three Decades Of Conservative Chief Justices Turned The FISA Court Into A Rubber Stamp

So, the right-leaning Supreme Court is an even worse thing than we all suspected. Argh!
posted by JHarris at 2:17 AM on June 27, 2013






Gawker: Glenn Greenwald Takes His Turn in the Spotlight, also he responds to some aledged smears about his past work for a porn company.
posted by delmoi at 1:17 PM on June 27, 2013




Dear god why? Reading the article, it sounds very much like the logic is "The whole damn world might know the information now, but by gaw we can still keep it effectively classified to this small part of it." Idiocy.
posted by JHarris at 2:09 AM on June 28, 2013


Entire US army now blocked from reading the Guardian.

I thought I saw a comment whoosh by...
posted by infini at 3:30 AM on June 28, 2013


Top Ten Ways US TV News are Screwing us Again on NSA Surveillance Story (Iraq Redux).
As for US army blocking access to parts of the Guardian, I find myself asking who are these fucking clowns?
Are they now going to also ban soldiers from reading that they have been censored in their reading habits?
This is the same nonsense that tried to stop government employees with security clearances from reading about wikileaks and had lots of wingeing and handwringing here.
America: Land of the free to think what you are told to think is more than halfway here it seems.
posted by adamvasco at 5:27 AM on June 28, 2013 [1 favorite]






Hello, NSA
posted by homunculus at 6:19 PM on June 28, 2013 [1 favorite]


The United States certainly doesn't have a monopoly on secret surveillance but it often imagines itself as a model for public, open democracy.

Already, among all the local jokes from sub Sahara's prolific tweeple, this aspect has become pretty obvious, in both articles/columns/professional media, as well as the usual blogs, tweets and other sundry noise.

What's concerning however are the headlines which wring their hands over the increasing urbanization in the developing world, since slums are the hotbed of whatever the current boogeyman is and how big a challenge they are for "security". I fear the perversion of social and economic development initiatives, as they're hijacked in the aid of deeper agendas. The third world is starting to gird its loins against the inevitable onslaught against its dignity.

A very minor example is the UK's imposition of a 3000 pound sterling bond for visa applicants from such selected countries as India and Nigeria.

"The pilot will apply to visitor visas, but if the scheme is successful we'd like to be able to apply it on an intelligence-led basis on any visa route and any country."
posted by infini at 10:33 PM on June 28, 2013


I should add anecdata from the pile of things one has stopped talking about, like being made to sit on the ground, in front of the gate, at Nairobi Airport, just a couple of months ago, for hours, as middle aged menopausal South Asian ladies are bound to be dangerous, right?

If this is a demonstration of intelligence, I wonder what sheer stupidity would look like?
posted by infini at 10:52 PM on June 28, 2013












« Older A Premature Post-Mortem   |   A jam band concert worth of work Newer »


This thread has been archived and is closed to new comments