Hacker News discussion.
posted by swift at 8:59 AM on July 31, 2013 [5 favorites]

It's enough to make you paranoid. Not surprising, but revolting.
posted by MartinWisse at 9:01 AM on July 31, 2013 [3 favorites]

I can't wait until President Ted Cruz has access to this system.
posted by goethean at 9:02 AM on July 31, 2013 [12 favorites]

I love the timing with this being released the same day Keith Alexander is giving the keynote speech at Black Hat. Guess he won't be fielding questions afterward!

Also, while it's a bit early for too much meaningful analysis, I've found Christopher Soghoian's twitter feed quite useful in the past few hours.
posted by antonymous at 9:04 AM on July 31, 2013 [1 favorite]

Wasn't Putin's offer of asylum contingent upon no more harming of America?
posted by Ironmouth at 9:05 AM on July 31, 2013

Depends on your definition of "no more harming"...
posted by oneswellfoop at 9:06 AM on July 31, 2013 [1 favorite]

Yes, please stop hurting America by revealing more about the invasive surveillance apparatus that has no oversight whatsoever.
posted by Marisa Stole the Precious Thing at 9:08 AM on July 31, 2013 [96 favorites]

The other question, not answered, is what is required to use the system. Even GG admits that.

But XKeyscore provides the technological capability, if not the legal authority, to target even US persons for extensive electronic surveillance without a warrant provided that some identifying information, such as their email or IP address, is known to the analyst.

posted by Ironmouth at 9:09 AM on July 31, 2013 [4 favorites]

Wasn't Putin's offer of asylum contingent upon no more harming of America?

This appears to be based on analysis of material Snowden had already leaked, so it shouldn't have any bearing on Snowden's asylum request.

And arguably, the people hurting America the most right now are the ones who somehow didn't read 1984 as a cautionary tale but as a blueprint for the future.
posted by saulgoodman at 9:09 AM on July 31, 2013 [12 favorites]

I would assume Snowden knows he's toast by now whatever he does.
posted by fullerine at 9:10 AM on July 31, 2013

At this point the most cogent commentary I can muster is a series of grunts and barks as I raise my fists towards the heavens.
posted by gwint at 9:10 AM on July 31, 2013 [6 favorites]

Or what constitutes "America" - the people? Or the plutocrats?
posted by Big_B at 9:11 AM on July 31, 2013 [7 favorites]

As mine was axed with prejudice I am glad this seems to have made it so far.
As Greenwald says in the comments.
There is a lot more to report still. Accuracy is the number one priority. That takes time.
This is new but Slate buried the lede a couple of weeks back because they probably didn't have the detail.
posted by adamvasco at 9:13 AM on July 31, 2013 [5 favorites]

The NSA documents assert that by 2008, 300 terrorists had been captured using intelligence from XKeyscore.

Cool! Where can I read more about how they were tried and convicted for their crimes?
posted by compartment at 9:14 AM on July 31, 2013 [75 favorites]

I don't see any practical reason they couldn't have more retention than reported, at least for all textual data and metadata. 24 hours / one week seems implausibly short.
posted by Nelson at 9:14 AM on July 31, 2013 [1 favorite]

As a criminal attorney, I'm intrigued by the revelations of these vast information stores. There are myriad ways this might affect our criminal justice system, at least in theory. For instance, how long before a defendant asks a court to subpoena information from an NSA database to prove his alibi?

That's the unexplored aspect of these stories: irrespective of how the information has been gathered, how can we the people use it? The NSA has been recording telephone calls, and our country has a Freedom of Information Act. Put two and two together. Should I be able to obtain recordings of phone conversations I had with my father before he died? If my friend posts a great photo of me on Facebook and then accidentally deletes it, should I be able to FOIA that photo from the NSA's database?
posted by cribcage at 9:15 AM on July 31, 2013 [63 favorites]

The NSA documents assert that by 2008, 300 terrorists had been captured using intelligence from XKeyscore.

I don't mean to play 'broken record' here, but it depends on your definition of "terrorist"...
posted by oneswellfoop at 9:16 AM on July 31, 2013 [5 favorites]

You know, somewhere around 1994 or 1995, I downloaded this gif from the EFF during one of the early governmental attacks on the Internet.

I guess the NSA has made up for lost time.
posted by entropicamericana at 9:18 AM on July 31, 2013 [11 favorites]

Owner of small ISP XMission explains how he complied with a FISA warrant. However, he also says he hasn't been approached by the NSA.
posted by larrybob at 9:18 AM on July 31, 2013 [2 favorites]

Comments from an old cynic:

1. Congress will not do much to stop the spying.
2. whatever oversight is later claimed has put into place will be a cover story
3. we have got used to online data grabbing and so, like smoking, think nothing of it as a dailhy thing.
4. even if new laws are put into place we will not know for sure that they have not been circumvented--as with FISA.
5. the courts have just ruled that scooping up any and all cell calls is legal..no court order needed.
6. mail addresses we are not learning are scanned at PO.

What is to be done?

for search, use anonymous engine:https://ixquick.com/

If as many people as possibledownload and use TOR (free and for all platforms) they will make it nearly impossible for the govt to gather metadata that is of use...after all, the bad folks use this knowing the net is for spying.
posted by Postroad at 9:20 AM on July 31, 2013 [4 favorites]

Gotta love the Foreignness Factor selection "Network, machine or tech info indicates person is outside the U.S." which proxies/VPNs could fall under.
posted by jason_steakums at 9:23 AM on July 31, 2013

Cribcage: "For instance, how long before a defendant asks a court to subpoena information from an NSA database to prove his alibi?"

Uh, that'd be all the way back on June 12^th.
posted by straw at 9:26 AM on July 31, 2013 [11 favorites]

As an American with a decent amount of technical ability, what can I do to help fight / cripple this obscene bullshit?
posted by escape from the potato planet at 9:26 AM on July 31, 2013 [4 favorites]

Wasn't Putin's offer of asylum contingent upon no more harming of America?

I didn't know he was offering asylum to Glenn Greenwald.
posted by Aizkolari at 9:27 AM on July 31, 2013

Drink heavily.
posted by Big_B at 9:28 AM on July 31, 2013 [6 favorites]

It seems like it could be incredibly easy for an analyst to create an email account and email a US citizen from a foreign IP via proxy if they want a close look at that citizen for whatever reason. Or spoof the email address of an existing foreign target under scrutiny and contact whoever you want to look into.
posted by jason_steakums at 9:29 AM on July 31, 2013 [6 favorites]

Drink heavily.

Already doing that. I'm hoping for something with a little more oomph.

Seriously, though—there's got to be a way to fight back. Gonna do my best to grok the technical specifics here (don't really have time at the moment).
posted by escape from the potato planet at 9:31 AM on July 31, 2013 [1 favorite]

If as many people as possibledownload and use TOR (free and for all platforms) they will make it nearly impossible for the govt to gather metadata that is of use...after all, the bad folks use this knowing the net is for spying.

Yes, to circumvent US government spying, use a tool created by the US government. Nothing fishy about that!
posted by Sys Rq at 9:31 AM on July 31, 2013

Tor is probably secure; it's funded by a variety of sources including various US government agencies, but it's implented by the good guys. And it's open source. The problem is Tor is entirely impractical for everyday use. Or do you like your Internet speed cutting to 1/100th the usual, and then only when it works? It's a useful tool, but it's not a real solution to the NSA illegally capturing data.

IPSEC would be an improvement, true end to end network security without having to mess about with SSL. There's a lot of practical reasons we don't use it regularly, it's nearly a failed technology.
posted by Nelson at 9:37 AM on July 31, 2013 [1 favorite]

My impression so far is that much of this relies on the "strong selector" of your email, which is tied to sign-in for many things.

So perhaps either use a throwaway email to be signed into Google, et al, or use a browser that's never signed in to perform searching, browsing. Have your "signed-in" browser, and then your "clean" browser.

Of course, if they have tied your email address to an IP, you're already boned. There are claims, which I have not seen verified yet, that even a VPN accounts to other countries are accessible to them.

Even writing this, I am going to come down on the side of, "drink heavily and stay off of the internet".
posted by sandettie light vessel automatic at 9:37 AM on July 31, 2013

Wyden-Udall, 2016!
posted by jeffburdges at 9:39 AM on July 31, 2013 [9 favorites]

I have to say that I had some element of skepticism about the Snowden revelations - not that I don't believe that the NSA has all sorts of surveillance powers, but how hard would it be to make up a bunch of PowerPoint documents?

Overall, given the Guardian's and Glenn Greenwald's excellent track record for honesty and also for strong research, I was strongly inclined to believe it - but...

But now, a training manual for a specific program in a set of programs - this is very, very convincing. There's just too much material here, and too realistic. You'd really have to be expert in very many fields to synthesize this much material out of nothing... it'd be impossible.
posted by lupus_yonderboy at 9:42 AM on July 31, 2013 [1 favorite]

At present, I've one clean browser for sites employing flash, etc. and one "dirty" browser for identifying sites, like facebook. I've contemplated routing my email, messaging, skype, and dirty browser through either Tor or a VPN, but never quite did so.
posted by jeffburdges at 9:46 AM on July 31, 2013

If as many people as possible download and use TOR (free and for all platforms) they will make it nearly impossible...

...to use Tor.

That wouldn't be true if a good fraction of those new users setup their computers as Tor relays/exit nodes, but how many people actually have the stomach to run an exit node (e.g. have the network traffic of random internet strangers appear to the police to come from your computer)?
posted by cosmic.osmo at 9:47 AM on July 31, 2013 [4 favorites]

Depending on the scope of this, I wonder if we'll ever see browser history blackmail being used against potential candidates for office.
posted by codacorolla at 9:48 AM on July 31, 2013 [1 favorite]

Fantastic, high tech stuff that our government is doing. In a related question, how come the government can't keep track of when visitors overstay their visas?
posted by JJ86 at 9:49 AM on July 31, 2013 [3 favorites]

The same reason it can't keep track of gun purchase background checks?
posted by oneswellfoop at 9:51 AM on July 31, 2013 [5 favorites]

Kevin Drum: Congress Knew All About the NSA's Phone Record Program Back in 2009

a DOJ letter in 2009 does shed some light on how much Congress knew about this program. ... it makes clear that (a) NSA collects "substantially all" of the domestic phone records of U.S. phone companies, (b) ditto for emails, and (c) they use these records to perform contact chaining.

posted by Gelatin at 9:54 AM on July 31, 2013

It's really only a matter of time until you are tried in a Superior Court hangout and sentenced via text message by a jury of trolls. By then they'll have figured out how to attach Google Glass directly to the cerebral cortex of every single citizen, and put you in 'standby' mode remotely.

Crime will be eliminated for a fraction of what we pay now, and this will be celebrated by most. As for the others, well, the government's ability to collect evidence will make it so they dare not speak or assemble. A generation later, history will be rewritten and nobody will know what life used to be like.
posted by phaedon at 9:56 AM on July 31, 2013 [10 favorites]

The NSA documents assert that by 2008, 300 terrorists had been captured using intelligence from XKeyscore.

There are 535 members of congress so I guess they just needed majority.
posted by srboisvert at 9:58 AM on July 31, 2013 [11 favorites]

I was going to write a white-hot diatribe against the NSA but maybe I'm better off just keeping my mouth shut.
posted by double block and bleed at 9:58 AM on July 31, 2013

TOR etc reminds me of the joke about the invisible stealth plane, no enemies on the radar but maybe we should take a look at those two dudes in a sitting position at 20,000 feet. Hiding your tracks electronically is kind of like avoiding the surveillance cameras at police rally by wearing a Michael Myers mask.

The best the amateur can hope for is remembering you don't have to outrun the lion.
That is until public opinion is such that this kind of surveillance is illegal and public power is such that it can be prosecuted.

We're a bit fucked basically.
posted by fullerine at 9:58 AM on July 31, 2013 [13 favorites]

The thing I keep finding myself thinking is "these are the same sort of guys who raided SJ Games for GURPS Cyberpunk, back in the day."

I mean, we -know- that was a flat out blunder. What makes them wiser these days, exactly? I ask because ... not seeing it. Not seeing it at all.
posted by Archelaus at 10:02 AM on July 31, 2013 [9 favorites]

Seriously, though—there's got to be a way to fight back. Gonna do my best to grok the technical specifics here (don't really have time at the moment).

This is the tech equivalent of stocking up on firearms to defeat the ATF/black helicopters etc. You are going to lose.

However, if you wanted to work to stop the national security state-within-a-state (of which the NSA is hardly the most powerful "ministry"), you'd have to associate with the dirty hippies who have been doing this since the vietnam war. Hint: reading your facebook chats is not the worst thing the national security "community" has done in the last 40 years.
posted by ennui.bz at 10:04 AM on July 31, 2013 [6 favorites]

Interesting quotes from the slides pulled by Ted Dziuba, starting on slide 15

How do I find a strong-selector for a known target? Answer:... Smoeone who is using encryption
Show me all the VPN startups in country X, and give me the data so I can decrypt and discover the users

In other words, NSA is targeting people who use encryption on the Internet, then breaking the encryption like it's no big thing.

Oh, and this is all from 2008. Five years ago.
posted by Nelson at 10:11 AM on July 31, 2013 [13 favorites]

It's just a short matter of time until every police officer in the country has a terminal with the same capablities. If they don't already.
posted by T.D. Strange at 10:13 AM on July 31, 2013 [3 favorites]

In related news, there are allegations that the data-slurping has been used to spy on a New Zealand journalist.
posted by compartment at 10:14 AM on July 31, 2013

Wasn't Putin's offer of asylum contingent upon no more harming of America?

I didn't know he was offering asylum to Glenn Greenwald.

Putin said that Snowden would have to stop harming "our American partners." There's still more stuff coming out.

Having been involved in the leak of non-classified information, unless Snowden is a total idiot, the procedure is you put everything off the record until you're ready. Then you release it.

Greenwald is taking a big chance with someone else's asylum application.
posted by Ironmouth at 10:16 AM on July 31, 2013

I don't get the sense Snowden has released anything to anybody he didn't specifically want released. He has worked closely with Greenwald, there doesn't seem to be much reason to suspect Greenwald is all on his own with anything he publishes on this.
posted by Drinky Die at 10:18 AM on July 31, 2013

It seems like it could be incredibly easy for an analyst to create an email account and email a US citizen from a foreign IP

What email address doesn't already get a constant stream of messages from dodgy foreign addresses?
posted by hattifattener at 10:18 AM on July 31, 2013 [9 favorites]

My advice: drink moderately and stay out of the US.

It doesn't mean they will (or won't) spy on you, but it does mean they have to go through a court system that is not under rubber-stamp NSA control in order to get their hands on you physically. (Which isn't to say the NSA wouldn't be able to influence an extradition court in a sane jurisdiction, it just means they won't roll over immediately.)
posted by seanmpuckett at 10:20 AM on July 31, 2013 [1 favorite]

Wasn't Putin's offer of asylum contingent upon no more harming of America?

This appears to be based on analysis of material Snowden had already leaked, so it shouldn't have any bearing on Snowden's asylum request.

So ol' Vlad is going to be "reasonable" about this, and not use it as a reason to get rid of a problem he openly said he wishes he didn't have?

Greenwald is taking a big risk with someone else's asylum request. Also, normally you put it all on background and only clear it with the reporter immediately prior to publication. If Snowden did it this way, he's still leaking.
posted by Ironmouth at 10:21 AM on July 31, 2013

What email address doesn't already get a constant stream of messages from dodgy foreign addresses?

Good point, if the NSA looks into a foreign criminal organization running spambots they'd be able to get a TON of data on ordinary people in a sweep.
posted by jason_steakums at 10:25 AM on July 31, 2013

Run Tor relays or exits. Use Tor modestly yourself.
posted by jeffburdges at 10:25 AM on July 31, 2013 [2 favorites]

Greenwald is taking a big risk with someone else's asylum request. Also, normally you put it all on background and only clear it with the reporter immediately prior to publication. If Snowden did it this way, he's still leaking.

Greenwald has been saying there is more to come for quite some time and that work was being done by the Guardian on fact checking and editing. The idea that he is still leaking is pure speculation.
posted by Drinky Die at 10:29 AM on July 31, 2013 [1 favorite]

At the pub last week, a random fellow posited the theory:

What if the NSA doesn't really have all those capabilities, and it's a clever ruse designed to push the real criminals into other channels. It's perfect. Tell everyone you can read everything. Some people will be outraged, but anyone with anything real to hide will make a run for something else... those are the ones you watch.

Would be a pity for that poor man trapped in the airport.

Clever indeed. Probably not true, but not a bad story.
posted by nickrussell at 10:30 AM on July 31, 2013 [2 favorites]

Greenwald and Snowden have both openly said that he gave the journalists everything at once and it's not up to him what gets published when. And Greenwald, as mentioned, keeps saying there's more to come. This, at least, is not classified information.
posted by Holy Zarquon's Singing Fish at 10:34 AM on July 31, 2013

There are 535 members of congress so I guess they just needed majority.

Remember, any blackmail would have to cover Presidential approval too.

"I suspect that, you know, on — on a list of people who might be targeted, you know, so that somebody could read their emails or — or listen to their phone calls, I’d probably be pretty high on that list. So it’s not as if I don’t have a personal interest in making sure my privacy is protected." - President Obama, ostensibly arguing in favor of the surveillance state...
posted by roystgnr at 10:34 AM on July 31, 2013

I'm thinking our next step is to analyze the collection method so we can construct an algorithm that will spin these processes into high gear and double up on itself, so it gets caught in some cyclic redundancy that causes it to replicate the data, increasing the rate exponentially until it wrecks everything.

Obviously, that'll require the smarter MeFites to get involved, since all I got is:

20 GOTO 10

(See that NSA? I ain't the one you need to keep an eye on. Unless you like Louis CK vids, or PowerPuff Girls... Which my, um, daughter watches.)
posted by Bathtub Bobsled at 10:39 AM on July 31, 2013 [2 favorites]

Ironmouth: Yes, and that's actually been the key question in regards to all of this. The fact that the questions of policy keep getting skipped over is in large part due to the too-often conflation of capability with authority. Just because someone can do something does not mean that they are allowed to do it. And on that particular front, the silence from Greenwald and Snowden has been deafening.
posted by NoxAeternum at 10:39 AM on July 31, 2013

Greenwald and Snowden have both openly said that he gave the journalists everything at once and it's not up to him what gets published when.

Do you mean everything he took or everything he intended to leak? It was my understanding that he took basically everything about the NSA but has been selective in what he turned over.
posted by Drinky Die at 10:40 AM on July 31, 2013

Yes, for instance one has the capability to lie to Congress...but one isn't allowed to.
posted by Drinky Die at 10:41 AM on July 31, 2013

Meh. Since when has a leader of Putin's stature let yesterday's statements determine tomorrow's actions?

He'll grant or deny the asylum request based on whatever suits his goals, and then task an underling lawyer type to figure out what to say about it.
posted by notyou at 10:43 AM on July 31, 2013 [2 favorites]

Ironmouth: Having been involved in the leak of non-classified information, unless Snowden is a total idiot, the procedure is you put everything off the record until you're ready. Then you release it.

Greenwald is taking a big chance with someone else's asylum application.

and Greenwald is taking a big risk with someone else's asylum request. Also, normally you put it all on background and only clear it with the reporter immediately prior to publication. If Snowden did it this way, he's still leaking.

Look, we all know that you're (i) a hotshot DC lawyer with (ii) well-connected friends in the Democratic party who (iii) really doesn't like Glenn Greenwald. But this is all utterly unfounded speculation on specific details of the dealings between Snowden, Greenwald and The Guardian that you cannot, by any means at all, know anything about. Please stop.
posted by Len at 10:45 AM on July 31, 2013 [47 favorites]

One may have the capability to issue general warrants, but one isn't allowed to. Yet the mass searches take place anyways. It's almost as if some people don't respect "allowed" anymore...
posted by roystgnr at 10:45 AM on July 31, 2013 [1 favorite]

Ironmouth: Yes, and that's actually been the key question in regards to all of this. The fact that the questions of policy keep getting skipped over is in large part due to the too-often conflation of capability with authority. Just because someone can do something does not mean that they are allowed to do it.

The fact that people may nominally not be authorized to do things, for a variety of reasons, doesn't prevent them from doing those things if they have the capability, though. Snowden and Manning both illustrate the point, as high profile examples of people who did things with information they weren't authorized to do. Now, I think it's a pretty safe assumption that if at least two individuals already have been willing to take on enormous risks to their own personal health and safety and with no reasonable expectation of immediate personal gain on principle to leak info without authorization, it's a pretty safe bet there are plenty of people who'd be willing to do unauthorized things with this kind of information if there's a possibility of personally profiting from it. Especially in our modern, Profit Is the One True God culture.

This entire system, realistically, completely undermines any expectation of privacy anyone enjoys online regardless of what they might be doing and thanks to all the secrecy around the programs offers unchecked opportunities for corporate espionage and worse without any public scrutiny at all.

This is just awful stuff from top to bottom and defending or justifying it is insane.
posted by saulgoodman at 10:47 AM on July 31, 2013 [33 favorites]

Sorry, I should clarify. Speculate all you want. By "please stop" I mean "please stop stating as if they're actual, unarguable facts, things about which you cannot possibly have any concrete knowledge."
posted by Len at 10:47 AM on July 31, 2013 [5 favorites]

At least the ridiculous fig leaf that the NSA was acting lawfully and constitutionally is getting more and more publicly tattered. I'm sure there will still be slime who cling to their carefully-constructed highly blinkered house-of-cards "interpretations" about how "no spying on Americans" really means the opposite of that, but progress and freedom always has slime underfoot.
posted by anonymisc at 10:51 AM on July 31, 2013

saulgoodman: The fact that people may nominally not be authorized to do things, for a variety of reasons, doesn't prevent them from doing those things if they have the capability, though.

The police aren't allowed to racially profile people. Ergo, the police never racially profile people. Because it says right there, they're not allowed to do it! There's, like, laws against it and everything!
posted by Len at 10:53 AM on July 31, 2013 [3 favorites]

... it's a pretty safe bet there are plenty of people who'd be willing to do unauthorized things with this kind of information if there's a possibility of personally profiting from it.

Or given an order from a higher-up to "find a way to make it work", which most of us with jobs have been told at least once...
posted by oneswellfoop at 10:53 AM on July 31, 2013 [2 favorites]

Serious questions: are there any legal concerns with running a Tor relay node? Has anyone every been prosecuted for it? Is it even technically feasibly for the NSA to know what traffic is running through my relay node?

I know that people have been busted for running exit nodes before but had never heard anything about the relays.
posted by Aizkolari at 10:57 AM on July 31, 2013

... it's a pretty safe bet there are plenty of people who'd be willing to do unauthorized things with this kind of information if there's a possibility of personally profiting from it.

Or given an order from a higher-up to "find a way to make it work", which most of us with jobs have been told at least once...

Or a messy breakup, and an obsessive "I'm sure she was cheating!"...
posted by anonymisc at 10:59 AM on July 31, 2013

saulgoodman: At which point, the issue is the rogue actors who abuse the system, not the system itself. If someone plowed a car into a crowd of people, we wouldn't blame the transportation system - we blame the driver.

"Does the NSA have the capability to engage in surveillance on people in the US?" has been a settled question for some time. The real question is do they do so in contravention of the law, and that is still up in the air.
posted by NoxAeternum at 10:59 AM on July 31, 2013 [1 favorite]

Oneswwellfoop

has been done some time ago. A man who had worked at NSA a while back posted a note in which he claimed that he had tapped into a new senator's phone..the senator: Obama.
posted by Postroad at 11:00 AM on July 31, 2013

The real question is do they do so in contravention of the law, and that is still up in the air.

The secret courts already know the right answer.
posted by Blazecock Pileon at 11:01 AM on July 31, 2013 [1 favorite]

In other words, NSA is targeting people who use encryption on the Internet, then breaking the encryption like it's no big thing.

Oh, and this is all from 2008. Five years ago.

One wrinkle here is that US export restrictions can prevent exporting strong crypto, so many foreign systems (especially in "interesting" countries) are limited to 64-bit symmetric keys if they're using off-the-shelf hardware from US suppliers. Brute forcing 64-bit keys in hours/days is plausible given the resources available to the NSA, even circa 2008.
posted by lantius at 11:03 AM on July 31, 2013 [1 favorite]

This seems to raise a credible new potential explanation for political craziness: maybe it isn't always true believer-ism. Maybe sometimes it's just blackmail.
posted by feloniousmonk at 11:08 AM on July 31, 2013

At which point, the issue is the rogue actors who abuse the system, not the system itself.

No. Learn from hospitals and other systems which do things that matter. The system is vital. Does a system have genuinely effective safeguards that genuinely prevent unintended outcomes? Does a system actually incentivize actors into rogue behaviour (eg by offering power without consequence). Etc etc. The system is the heart of the matter, and the system is the only way to ensure rogue actors can be found.

For example, it is revealing that Snowden could not only walk out with the nation's dirty laundry but even after the fact they still can't even figure out where he got the info. That suggests their system protects lawbreakers and makes them safe in their lawbreaking, and that the extent of the lawbreaking going on at the NSA is not just unknown, but unknowable. And that's only the lawbreaking from "rogue" actors, not the lawbreaking-as-policy from rogue institutions such as the NSA itself.
posted by anonymisc at 11:12 AM on July 31, 2013 [27 favorites]

If as many people as possible download and use TOR (free and for all platforms) they will make it nearly impossible...

Check this discussion from Hacker News. If they can tap enough of the internet, it may not be difficult for them to match up the traffic going into and coming out of Tor. And that's assuming the exit nodes aren't being run by the NSA in the first place.


Serious questions: are there any legal concerns with running a Tor relay node? Has anyone every been prosecuted for it?

I have heard of ISPs being shown warrants and police confiscating equipment before, but in the cases I know of they backed down once it was clear they were dealing with a Tor node and nobody was prosecuted. (I'm not a lawyer and I have not done an exhaustive search on the topic...)
posted by DavidHogue at 11:22 AM on July 31, 2013

Well thank goodness that the American government is trustworthy and would never use this information illegally OR immorally!

"When the President [anyone in government, or subcontractors] does it, that means it is not illegal." - R. Nixon
posted by blue_beetle at 11:22 AM on July 31, 2013

But this is all utterly unfounded speculation on specific details of the dealings between Snowden, Greenwald and The Guardian that you cannot, by any means at all, know anything about. Please stop.
Well they do have the emails.
posted by adamvasco at 11:27 AM on July 31, 2013

As we know,
There are known knowns.
There are things we know we know.
We also know
There are known unknowns.
That is to say
We know there are some things
We do not know.
But there are also unknown unknowns,
The ones we don't know
We don't know.
posted by swift at 11:27 AM on July 31, 2013 [1 favorite]

(I always liked to end that passage swift quoted with "y'know?" But that was mostly when "y'know" was the most annoying verbal tic out there...)
posted by oneswellfoop at 11:30 AM on July 31, 2013

saulgoodman: At which point, the issue is the rogue actors who abuse the system, not the system itself.

No, because while every system has to have some degree of fault tolerance, we've long held as a matter of legal principle and basic systems engineering that systems have to be designed to minimize the risks of their being abused.

Our whole system of government began essentially with a commitment to the idea that certain kinds of government power have to be disallowed completely, even if that limits the control we have over certain kinds of criminal and other behaviors in ways that may not always be optimal from a law and order perspective.

One of the main reasons we included protections against unwarranted search and seizure was because the early colonies were a hotbed for tea bootleggers (which several of the revolutionary founders themselves engaged in) and the constant threat of British intrusion into private homes made it difficult to engage in those activities.

One of the primary arguments in the past against abortion restrictions, for example, was that it would be impossible to implement a legal regime effectively outlawing abortion without necessarily intruding on people's privacy to such an extent that it would undermine the basis of our system's constitutional protections against unwarranted surveillance and intrusion into our private lives.

Whether the courts are willing to affirm it or not, these new surveillance powers and systems are unconstitutional in the most egregious way. The law has reasoned its way to a new set of conclusions that are fundamentally inconsistent with the axioms of our legal system. It's like a real-world demonstration of formal incompleteness: our legal system by rigorous application of procedural logic is now producing outcomes that contradict the basic foundations of the legal system. That's why I'm distrustful of legal arguments that emphasize process over justice--inevitably, the logical application of law can't help but yield results that contradict fundamental axioms of the system. All formal systems have the potential to do that, as Goedel and others have proven.
posted by saulgoodman at 11:31 AM on July 31, 2013 [27 favorites]

"The XKeyscore system is continuously collecting so much internet data that it can be stored only for short periods of time. Content remains on the system for only three to five days, while metadata is stored for 30 days. One document explains: "At some sites, the amount of data we receive per day (20+ terabytes) can only be stored for as little as 24 hours.""

As troubling as this system is, the limits to storage would make it fairly useless to retrospectively discover things. It seems to be built to identify connections between people - by analysts searching the metadata which is stored longer - and then store more stuff from parties of interest, to allow prospective investigations. So the actual content of most people's full browsing history is only kept a day or two. Storage gets cheaper by the minute, but the volume of internet traffic goes up too. So the fact that I searched for a dirty bomb a few years back probably won't come back to haunt me.
posted by jetsetsc at 11:32 AM on July 31, 2013

Related: Justin Amash's Revolution. Really a great article about the cross-party politicking behind these issues.
posted by resurrexit at 11:45 AM on July 31, 2013

jetsetsc: As troubling as this system is, the limits to storage would make it fairly useless to retrospectively discover things. It seems to be built to identify connections between people - by analysts searching the metadata which is stored longer - and then store more stuff from parties of interest, to allow prospective investigations.

Okay. So let's say that you leave a comment on, oh, I don't know, Glenn Greenwald's Facebook page in the next 24 hours, praising his major investigative skillz. Or you retweet his original tweet linking to the Grauniad story that is the subject of this post. Or you make a comment on MeFi calling Snowden and Bradley Manning "American heroes".

Now, somewhere within the NSA's system, you're on a list. Now, the NSA can look up the metadata – which, according to the original story, they hold some of for up to five years! – for everything else you've been involved in for the last five years. Oh, so you're on an email list that Djokar Tsarnaev signed up to back when he was a 15 year old stoner interested in [foo random topic of interest to 15yo stoners]? And there was that one time, four years ago, where you got a phone call from a friend of yours, who just so happens to work for an NGO in Afghanistan, and called you (against company policy) on the work satellite phone to say condolences over the death of your wife in a tragic accident, but being out in Afghanistan, he can't get to the funeral, so he really thought he should call.

Bigging up Snowden and Manning, the day after the latter was convicted? Receiving email bulletins that Tsarnaev was also subscribing to? Suspicious phone call(s) from a satellite phone in some godforsaken, bomb-strewn, wartorn region on the Afghanistan/Pakistan border?

Yeah. You should be on a list.
posted by Len at 11:46 AM on July 31, 2013 [10 favorites]

It's like a real-world demonstration of formal incompleteness: our legal system by rigorous application of procedural logic is now producing outcomes that contradict the basic foundations of the legal system.

A non-CSc real-world demonstration of incompleteness - I never expected to see such a thing. Nice observation!
(Realistically, it's more likely that many of the steps in the legal proof are simply flawed in ways that seemed sound at the time, or were founded on technology/culture that has subsequently changed, but if we ignore that and give the legal system all benefit of the doubt, it's a very cool summary!)
posted by anonymisc at 11:46 AM on July 31, 2013 [2 favorites]

For purely academic purposes can anyone tell me how I can completely download the deck from here at the Guardian?
posted by jadepearl at 11:50 AM on July 31, 2013

The other question, not answered, is what is required to use the system.

Well, I got in before sign ons to the system were closed, but I hear they are thinking of offering $5 accounts. The user numbers will obviously be higher though.

I'll just put this here: freedomboxfoundation.org
posted by cjorgensen at 11:50 AM on July 31, 2013

Yeah. You should be on a list.

And that list would be a much more manageable size that they could use the short-life Everything List to add data to, even if it's totally innocuous and irrelevant. Just like Martin Luther King's FBI file, just a lot more common. No problem including anyone who ever commented on a MeFi thread on the subject.

Yeah, We should be on a list.
posted by oneswellfoop at 11:50 AM on July 31, 2013

Note how it says "XKeyscore system." To me this implies the possibility of another codeword system whose responsibility is to archive as much of this as possible for retrospective purposes.

XKeyscore may not know you searched for "dirty bomb" last year but some system somewhere almost certainly does. As a software architect, I think what we are looking at is essentially a suite of related products. Each codeword system seems to represent a specific vertical slice of functionality which when taken individually seems at least plausibly justifiable but when taken together represents a digital panopticon.

In a sense, these surveillance systems are organized on the same lines as terror cells themselves. Had one of these keyword programs been leaked individually, it would likely not have revealed them all because of how carefully each one is described and phrased. In this case, XKeyscore has access to everything, but can only store it for 24 hours at a time. I bet there's another system that can archive everything it sees but only in 24 hour batches.
posted by feloniousmonk at 11:51 AM on July 31, 2013 [15 favorites]

Len - "Now, somewhere within the NSA's system, you're on a list. Now, the NSA can look up the metadata – which, according to the original story, they hold some of for up to five years! "

My (possibly incorrect) understanding is that the metadata they retain for longer is on persons of interest - and it's 30 days or so for everybody else. If I just become a person of interest this week, they can't magically retrospectively maintain five years of my internet history. They could subpoena it from ISP's, but they don't hold it very long either. Maybe I'm missing something. None of which is to say this stuff isn't troubling. I just think it would be good to clarify what's being kept how long for whom.
posted by jetsetsc at 11:52 AM on July 31, 2013

I'll just drop this here too: bitmessage.org.
posted by Inkoate at 11:52 AM on July 31, 2013

NSA can't figure out address.

NSA claims inability to search agency's own emails

With incompetence like this I am not sure we have much to fear.
posted by cjorgensen at 11:56 AM on July 31, 2013

After thinking about Snowden's status in Russia, I realized something: Aint no way in hell that Russia would give him up. It's too much trolling joy for Putin, holding the US' feet to the fire. I mean, Snowden embarrassed the hell out of the NSA and the US. He stated that he intentionally infiltrated the intelligence agency without any help, stole vast amounts of top secret data, and absconded first to China and then to Russia with it. The two biggest rivals to the US on the global stage are laughing their asses off.

There's not a damn thing the US can do to force Russia to give him back. Sanctions? lol. What else can we do? Fucking invade Russia over a guy who embarrassed us? The US is pissed, but we're not idiotic enough to burn our global political capital to the ground in an epic bonfire over it. At some level, US leadership knows that the toothpaste is out of the tube, and there's nothing they can do about it.
posted by mullingitover at 11:56 AM on July 31, 2013

the limits to storage would make it fairly useless to retrospectively discover things.

Those were the limits in 2008. And items "of interest" are stored indefinitely. Maybe that means every single email with the word "bomb" in it. Also I really don't believe their retention is only a day or a week. There's no technical reason to do that. It's harder to do retrieval on giant historical document stores, but that's a solvable problem, particularly post-facto.
posted by Nelson at 11:56 AM on July 31, 2013 [2 favorites]

With incompetence like this I am not sure we have much to fear.

The thing about this point of view, as tempting as it is, is that there's almost no way it's actually true. If the NSA has shitty email infrastructure which they can't easily query to produce those sorts of results, it's because they want it to be that way.
posted by feloniousmonk at 11:57 AM on July 31, 2013 [1 favorite]

Despite the fact that some people are freaking out like something brand new has been revealed here, what we're really talking about is the latest iteration of a debate that goes back to day 1 of using networks. Computers log activity. The first time anyone ever clicked a hyperlink, that action and the metadata surrounding it were stored -- possibly forever.

If machines did not do this, we wouldn't have a functional Internet since logging is crucial to system health and development. Unsurprisingly, myriad forms of logging have become Outrages of the Day whenever they are discovered or discussed. Before we were all hollering about the NSA, it was private corporations -- who, by the way, have always had all the information that is presumably available through this alleged XKeyscore system. After all, virtually every Internet activity you do engages privately owned machines which log your actions. In short, the Time Warners and Verizons of the world know everything the NSA does, and they don't even pretend to represent the interests of the public. But without them -- you gots no Internet.

The fixation on what information is being logged ultimately misses the point because it is inevitable and unavoidable. Moving forward the question is how do we implement effective limits on access to and leveraging this information.

People who work at the bank can access other people's financial information. People who work at the police station can access other people's criminal records. People who work at the hospital can access other people's medical records. People who work at the DMV can access other people's vehicular records. Maybe not all people all the time, but that is not the point. There are tools available for mining private information, because they must exist. We therefore create rules and safeguards for how those tools are used. Sometimes, people violate those rules and exploit the system. Sometimes they are caught and punished, other times not, but regardless it is clear that we have a velvet rope setup between what they "can" and "cannot" do -- not technically, but legally.

And this brings us to XKeyscore and everything like it that's been frothed over in recent months. The fact is, we don't really have a clear idea of where the ropes are with XKeyscore or PRISM or any of the systems that have had rays of light shed on them recently. These are important details which Snowden et al have not really proved one way or another, beyond that the tools exist. We are inferring some stuff from the screenshots posted but this is weak sauce at best. Maybe we will find out more concrete information.

Intelligence agencies are built to gather intelligence. Restraints on using intelligence tools are not going to come from within. What people want is transparency about what happens with their private information. But how can you combine transparency with secrecy? Great question. Whatever happens with the NSA's current programs, this is really a question that will define our age. We'll be living with it for the rest of our lives.
posted by thebordella at 12:01 PM on July 31, 2013 [5 favorites]

With incompetence like this I am not sure we have much to fear.

Being incapable of managing data properly can create other problems: Faulty FBI Databases Could Keep You From Getting a Job
posted by homunculus at 12:05 PM on July 31, 2013 [1 favorite]

The EFF and/or the Tor Project ought to run a kickstarter to fund more Tor exit & relay nodes.
posted by fings at 12:07 PM on July 31, 2013

jetsetsc: My (possibly incorrect) understanding is that the metadata they retain for longer is on persons of interest - and it's 30 days or so for everybody else. If I just become a person of interest this week, they can't magically retrospectively maintain five years of my internet history.

Yeah, a quick re-read of the relevant bit of the article mentions that to get round the short timespan of XKeyscore data retention, another programme, called Pinwale, was implemented, which can store metadata from persons of interest for up to five years.

However, XKeyscore is only one programme among many, and given PRISM and the other stuff that's been unveiled so far (let alone what's yet to come out), it wouldn't surprise me if something like Pinwale existed to store all metadata as a huge, basically unfiltered and ignored data dump for a few years, just in case any of it might prove useful (and linkable to more current stuff) in the future.

In the article, they mention that they're looking at maybe 20TB of data (rather than metadata) a day coming through XKeyscore. I can go to the nearest computer shop and buy a 2TB portable hard drive for less than £100 (so less than $150). For £1k a day, I could keep up with the NSA's XKeyscore requirements, data storage-wise.

That's a piffling $500k/year. And I bet the NSA didn't buy their hard disk space from Currys in Dundee when they were spending $1 billion on their facility in Utah. (Currys would screw them on the postage, if nothing else, and try to sell them an extended warranty for every hard disk that would end up costing them more than the HDD itself.)
posted by Len at 12:10 PM on July 31, 2013 [1 favorite]

thebordella: In short, the Time Warners and Verizons of the world know everything the NSA does, and they don't even pretend to represent the interests of the public.

Jokes about the RIAA and the DMCA aside, I don't remember Time Warner or Verizon being able to charge people with crimes, take them to court and prosecute them, and the put them in jail for the rest of their life.
posted by Len at 12:13 PM on July 31, 2013 [1 favorite]

@fings: torservers.net indiegogo to beef up the tor infrastructure.
posted by themel at 12:15 PM on July 31, 2013 [1 favorite]

Wasn't Putin's offer of asylum contingent upon no more harming of America?

I don't believe that Putin is offering asylum to anyone still working for the NSA.
posted by one more dead town's last parade at 12:24 PM on July 31, 2013

jetsetsc: As troubling as this system is, the limits to storage would make it fairly useless to retrospectively discover things.

It's pretty clear that the 1 day rule only applies to things that haven't hit triggers, and things that have are kept much longer.
posted by eriko at 12:25 PM on July 31, 2013

"It's pretty clear that the 1 day rule only applies to things that haven't hit triggers, and things that have are kept much longer."

I wonder what the nature of the triggers are? Are they keywords - any email content with the words "dirty bomb" get stored indefinitely regardless of whether they are from a person of interest. Or are they person based? If you have not been a person of interest, would your email be stored anyway if they had a trigger keyword? And does such a trigger then make you a person of interest?

Either way, my point is content lacking triggers seem to have a very short shelf life, again - unless things have changed a lot since 2008, which is entirely possible.
posted by jetsetsc at 12:33 PM on July 31, 2013

That's why I'm distrustful of legal arguments that emphasize process over justice--inevitably, the logical application of law can't help but yield results that contradict fundamental axioms of the system.

Human justice has done this from day one.

As for your claim that the Fourth Amendment protects phone records, where do you get that? It hasn't been the case ever, nationally.
posted by Ironmouth at 12:35 PM on July 31, 2013

Look, we all know that you're (i) a hotshot DC lawyer with (ii) well-connected friends in the Democratic party who (iii) really doesn't like Glenn Greenwald. But this is all utterly unfounded speculation on specific details of the dealings between Snowden, Greenwald and The Guardian that you cannot, by any means at all, know anything about. Please stop

I'm not a hot shot and I have no well-connected friends in the Democratic Party. You cannot, by any means at all, have any knowledge of this.

Having said that, Greenwald is taking a giant risk. Putin doesn't want this guy in Russia. He said that in a news conference. He also said in a news conference that any application for asylum is conditioned upon Mr. Snowden stopping harming "our American partners." Putin could very well use this to deny Snowden asylum by saying he violated the terms I put out there. There's no legal basis for this.

And look at how GG answered the questions--he said he had the material long ago. So what? What does that tell us? Nothing. It doesn't tell us when the authorization to print this story was. I'm saying Mr. Greenwald's interests and Mr. Snowden's interests are not complimentary.
posted by Ironmouth at 12:41 PM on July 31, 2013 [2 favorites]

You're pulling this "permission to publish" bullshit straight out of your ass. Greenwald has said since the beginning that Snowden released a block of documents and told the journalists to use their own judgment in deciding what to publish and when. The ones he didn't want to see the light of day were not turned over at all. Viz.
posted by Holy Zarquon's Singing Fish at 12:48 PM on July 31, 2013 [6 favorites]

Another, better quote on the subject:

"I think there’s a real misconception over whether he’ll continue to leak...He turned over to us many thousands of documents weeks and weeks ago back in Hong Kong and we’ve been the ones deciding which stories get published and in which order. As far as I know he doesn’t have any intention of disclosing any more documents to us."
posted by Holy Zarquon's Singing Fish at 12:51 PM on July 31, 2013 [6 favorites]

If Putin doesn't want him anymore, he will kick him out. He doesn't need an excuse. This is a man who used radioactive poison on someone else a nation had given asylum to. He does not give much of a shit about the legal niceties.
posted by Drinky Die at 12:52 PM on July 31, 2013 [4 favorites]

Cool! Where can I read more about how they were tried and convicted for their crimes?

There's no point in trying anyone if your entire case is made up of inadmissible evidence.
posted by one more dead town's last parade at 12:52 PM on July 31, 2013

Ironmouth -

You spend half your time in threads related to Wikileaks, Assange, Manning, and a bunch of other subjects either outright stating or heavily implying that you can speak with authority thanks to either your legal qualifications or your friends or sources in the Democratic party, and the rest of us dumb, legally-unqualified plebs should just shut up and accept your wisdom on high because You Know Whereof You Speak. I'm not going to dig through your posting history and give examples, because that's pretty bad MeFi etiquette. But – and I'll grant you, on a strict, epistemological level, what I said above doesn't come from direct lived experience on my part – I don't think what I said above was either controversial or in any way contradictory to how you, yourself, have presented yourself on this site for the past few years. This is your persona; you don't really get to spend all this time establishing and capitalising on it, and then castigate the rest of the site for assuming that you're giving us this information in good faith.

Anyway, I'm done arguing this with you on that point, because if nothing else, this is turning into a personal argument and a derail.

And look at how GG answered the questions--he said he had the material long ago. So what? What does that tell us? Nothing.

Well if it tells us nothing, why are you so keen to tell us exactly what it says?
posted by Len at 12:52 PM on July 31, 2013 [14 favorites]

Human justice has done this from day one.

Well, in the past, we believed in abstract ideal outcomes like Justice and Truth that were considered to be the end goals of the processes and formal mechanisms of the legal system. Now, it's de rigeur for legal professionals to lean only on the rigor of the legal process as a self-justifying end in itself. We need abstract ideals like Truth and Justice to check the outcomes of our legal system against. Too much emphasis on process and not enough scrutiny given to legal outcomes and the more fundamental human values we judge those outcomes against will inevitably result in the system producing incoherent and inconsistent results.

As for your claim that the Fourth Amendment protects phone records, where do you get that? It hasn't been the case ever, nationally.

I don't believe I ever made any such specific claim, but only remarked on the historical origins and original motivations behind the establishment of our 4th Amendment protections.

The legal establishment these days seems to know all the individual notes to the tune better than ever, but it can't seem to really get the melody right when it tries to whistle "The Star-Spangled Banner." It's a coherent big picture vision and a solid grasp on the spirit of the law that's missing from how law is practiced today. That's what's allowed us to get to this absurd point where some seem to view universal surveillance as consistent with being the "freest nation on earth" and allows us to remain comfortable in that delusion despite having literally the highest absolute and per capita imprisonment rates in the world.
posted by saulgoodman at 12:54 PM on July 31, 2013 [4 favorites]

I guess this wasn't the thread to come into after reading about Abbie the cat dying and his post on his sister Martha the Pirate passing away. BRB, off slitting my wrists.
posted by lesbiassparrow at 12:55 PM on July 31, 2013

As for your claim that the Fourth Amendment protects phone records, where do you get that? It hasn't been the case ever, nationally.

Oh boy here we go again. No one has brought up phone records. Furthermore there is the nagging little fact that previous rulings like Smith v. Maryland are not set in stone and predated mass adoption of the internet. In fact Justice Sotomayor has recently suggested that:

it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks. People disclose the phone numbers that they dial or text to their cellular providers; the URLs that they visit and the e-mail addresses with which they correspond to their Internet service providers; and the books, groceries, and medications they purchase to online retailers. Perhaps, as Justice Alito notes, some people may find the “tradeoff” of privacy for convenience “worthwhile,” or come to accept this “diminution of privacy”as “inevitable,” and perhaps not. I for one doubt that people would accept without complaint the warrantless disclosure to the Government of a list of every Web site they had visited in the last week, or month, or year. But whatever the societal expectations, they can attain constitutionally protected status only if our Fourth Amendment jurisprudence ceases to treat secrecy as a prerequisite for privacy. I would not assume that all information voluntarily disclosed to some member of the public for a limited purpose is, for that reason alone, disentitled to Fourth Amendment protection. (source pg. 2)
posted by AElfwine Evenstar at 12:55 PM on July 31, 2013 [4 favorites]

len: Jokes about the RIAA and the DMCA aside, I don't remember Time Warner or Verizon being able to charge people with crimes, take them to court and prosecute them, and the put them in jail for the rest of their life.

I guess that nobody has been prosecuted or jailed for information provided by Time Warners and Verizons. It is no secret that the authorities have significant powers to obtain information from service providers. Plus, as demonstrated by the analysis of PRISM, this ability is even becoming automated. The line between the authorities' access to data stored by private organizations versus government servers is thin and permeable at best.

All of that digital dust you kick up when you go online is going somewhere and the reality is, no matter where it settles, it will ultimately be accessible to parties who want it. Which only emphasizes that the focus on the tools in play is beside the point. The tools will always exist and old tools will be replaced with new tools. The pertinent issue is how we regulate how those who have the tools can use them -- a discussion which is hardly taking place at all wrt NSA because everyone is distracted by the tools themselves, not to mention the drama of Snowden's Big Adventure.
posted by thebordella at 12:59 PM on July 31, 2013 [1 favorite]

As for your claim that the Fourth Amendment protects phone records, where do you get that? It hasn't been the case ever, nationally.

I just did a Ctrl+F for "phone" in this thread and didn't see any comments from saulgoodman talking about phone records whatsoever. We've done this argument several times in threads which actually were about the NSA looking at everyone's phone records, we all already know that you don't care about the morality of something so long as it's legal, and we all already know that you don't see a difference in kind between "obtains one phone record" and "obtains all the phone records", and since XKeyscore (you know, the subject of this thread) is not actually about phone records at all, maybe you could do us all a favor and skip the derail-this-into-a-side-argument-I-think-I-can-actually-win rhetorical gambit.

And look at how GG answered the questions--he said he had the material long ago. So what? What does that tell us? Nothing. It doesn't tell us when the authorization to print this story was. I'm saying Mr. Greenwald's interests and Mr. Snowden's interests are not complimentary.

So let's see, in this thread we've got a leaker who's screwed because the people he turned his info over to are actually taking their time and thoroughly vetting it, while simultaneously we've got another thread about a guy who's screwed because the people he turned his info over to didn't really vet it? Talk about "damned if you, damned if you don't".
posted by mstokes650 at 12:59 PM on July 31, 2013 [11 favorites]

I love the timing with this being released the same day Keith Alexander is giving the keynote speech at Black Hat. Guess he won't be fielding questions afterward!

NSA Director Heckled At Conference As He Asks For Security Community's Understanding
posted by homunculus at 1:06 PM on July 31, 2013 [4 favorites]

Did nobody bring rotten fruit to Black Hat when they Keith Alexander scheduled? Too bad!

Also, slashdot highlighted the Guardian's observation that "XKeyScore allows analysts to search with no prior authorization through vast databases containing emails, online chats, social media activities and the internet browsing histories".   We 'knew' there weren't any internal checks on the data NSA analysts accessed, but now we really know it.
posted by jeffburdges at 1:10 PM on July 31, 2013 [2 favorites]

the bordella: I guess that nobody has been prosecuted or jailed for information provided by Time Warners and Verizons.

That is, very obviously, not what I said. Verizon can't raid your home at 6am and haul you off for questioning and charging over who you spoke to on the 'phone. The police, acting on information obtained from Verizon, absolutely can. This is not a difficult distinction to grasp.

All of that digital dust you kick up when you go online is going somewhere and the reality is, no matter where it settles, it will ultimately be accessible to parties who want it. Which only emphasizes that the focus on the tools in play is beside the point. The tools will always exist and old tools will be replaced with new tools. The pertinent issue is how we regulate how those who have the tools can use them -- a discussion which is hardly taking place at all wrt NSA because everyone is distracted by the tools themselves, not to mention the drama of Snowden's Big Adventure.

Jesus, half this fucking thread has been about how we can/should regulate the people/agencies who have access to these tools. As for the idea that oh well, those tools are going to exist no matter what we do ... well, that's bollocks.

These tools were specifically designed. Someone said "we want a tool to do this". Someone else specified how said tool would do that. A third wrote the code to implement that. A fourth approved it. A fifth decided that it was legal, subject to certain requirements. A sixth decided that, fuck it, I don't need a warrant to use this tool for its intended purpose.

None of these decisions were an accident. Nothing mandated that these tools would inevitably – by the hand of some benevolent, interventionist Spy God – spring into existence. To just throw your hands up and say, well, surveillance states gonna write programmes to help them surveillance state, nothing we can do about it! is to miss the point spectacularly.
posted by Len at 1:14 PM on July 31, 2013 [6 favorites]

Facebook and Interpersonal Privacy: Why the Third Party Doctrine Should Not Apply

Despite Smith’s implication that the Third Party Doctrine extends to Internet communications, the Supreme Court has not directly ruled on this issue and lower courts have disagreed on how to interpret the Third Party Doctrine in the Internet context. In 2012, the Court issued its most recent decision on technology and the Fourth Amendment, United States v. Jones, in which it held that placing a Global Positioning Satellite (“GPS”) tracker on a defendant’s car without a warrant violated the Fourth Amendment. Yet this decision did not settle the issue. The justices concurring in Jones raised meaningful concerns about the viability of the Third Party Doctrine in today’s technology dominated world.

and

Automation and the Fourth Amendment

Properly conceptualizing the disclosure of personal information to automated systems also points to serious defects in current conceptions of how to apply older bodies of law to new and evolving technologies. Finally, it exposes an overlooked flaw in Maryland v. Smith, the most important precedent for the application of the Fourth Amendment to new communications technologies. The Supreme Court has not yet addressed whether any form of personal Internet data is protected by the Fourth Amendment. But, given the increasing number of lower court cases struggling with this issue in recent years, the Court is likely to do so in the relatively near future. When it does face this difficult question, the answer it gives may determine the course of informational privacy for decades, just as Olmstead v. United States and Katz v. United States did in the previous century. Yet it is uncertain, at best, that the Court will answer correctly—it has certainly failed to adapt the Fourth Amendment to new technologies before.

So can we please once and for all bury this absurd notion that smith v maryland somehow settled the matter for all time and gives the government blanket power to surveil our every move on the internet. Your claim that phone records have never been protected is also specious as last time I checked telephones were invented long before Smith v. Maryland so it would seem that from that point until 1979 they were in fact protected by the fourth amendment.
posted by AElfwine Evenstar at 1:19 PM on July 31, 2013 [1 favorite]

It's true that to some extent, digital infrastructure is inherently auditable. Often, to a sysadmin, the last resort of troubleshooting is to look at the raw contents of network packets as they're transmitted over the wire. This ability is roughly analogous to an electrician's ability to diagnose wiring problems with a multimeter.

However, even in circumstances where this sort of auditability is vital, such as telcos, it's done in support of the system's larger goal. In this case, we're talking about a system whose sole purpose is to collect this audit trail and to render it into a stream of actionable "facts" which can be fed into a larger analysis process.

To put it in terms of running your own website, this is the difference between "my web server logs all requests so we can shut down common XSS attacks, etc." and "my web server logs are being shipped to Omniture so that they can be merged with other data sets to create a comprehensive profile of all of my visitors, where they live, their demographics, what browsers they use, their screen sizes, etc."
posted by feloniousmonk at 1:29 PM on July 31, 2013 [2 favorites]

jeffburdges: No, actually we don't know, because we don't know what the requirements are to use the tool and not win an all expenses paid trip to lovely Florence, Colorado. Which is sort of the big question.

(And to head off the inevitable followup, no, just because the tool itself doesn't contain the safeguards doesn't mean they don't exist. Matters like this are for policy, not technology.)
posted by NoxAeternum at 1:31 PM on July 31, 2013

(And to head off the inevitable followup, no, just because the tool itself doesn't contain the safeguards doesn't mean they don't exist. Matters like this are for policy, not technology.)

Nonsense. There's nothing that makes solving this inherently a matter of policy. The tools themselves certainly could be designed with built-in safeguards. But you're right in a sense, because it's the legitimacy of the whole enterprise that's really suspect. Maybe the government should be prohibited in policy from using these kinds of tools at all, regardless of whether or not they could theoretically be used properly. Imagine if we had a J Edgar Hoover in the White House with this kind of capability at his/her disposal. Bush trampled all over previously established policy during his time in office. There's no good argument for the government to have this kind of surveillance power that doesn't require dispensing with the idea that America values individual freedom and personal autonomy. This is a more sweeping surveillance capability than the Stasi ever had.
posted by saulgoodman at 1:41 PM on July 31, 2013 [1 favorite]

Question: On slide six, why is there a line of servers ringing Antarctica?
posted by compartment at 1:43 PM on July 31, 2013 [4 favorites]

Note that the header they use as an example of the system's HTTP parsing capability is a Google search for "Islamabad" from google.com.pk.
posted by junco at 1:52 PM on July 31, 2013 [1 favorite]

As for your claim that the Fourth Amendment protects phone records, where do you get that? It hasn't been the case ever, nationally.

Forget your weak strawman claims, allow me to make a claim for you:

Spying on and recording every most intimate detail of my life, without cause or warrant (recording everywhere I go, every person I contact, every purchase I make, every document I write in the (completely violated) privacy of my own home, and everywhere else), is either illegal under the constitution, or else the constitution is a meaningless joke and we have a lawless nation of law-theater.

And the thing is, is really doesn't matter if you think it's a jolly good idea, or if you can find some way to convince yourself that the things being done behind the shadows are not really happening in the ways we now know them to be, or to worm some blinkered misinterpretation of what is going on or what is constitutionally required of the government. It doesn't matter - what the NSA does remains either unconstitutional, or we are a country of lawless law-theater (or both).
posted by anonymisc at 1:54 PM on July 31, 2013 [12 favorites]

And that the next slide says that to "find a cell of terrorists" you have to look for "someone searching the web for suspicious stuff". We're all doomed.
posted by junco at 1:54 PM on July 31, 2013

"The only people who spend THIS much time "looking for needles" are addicts..." - Julian Sanchez
via Senator Leahy Calls Bullshit On Claim That Metadata Collection Stopped Terrorist Attacks
posted by jeffburdges at 1:55 PM on July 31, 2013

why is there a line of servers ringing Antarctica?

Better cooling? Or maybe it's a satellite network.

Andy Baio pointed out that NSA can't figure out the Powerpoint arrow tool, either.
posted by Nelson at 1:56 PM on July 31, 2013

...by any means at all, know anything about. Please stop.

Given the PR coup that one would achieve by having lots of articulate MeFites coming to one's defense, Greenwald certainly has motive to create a sockpuppet account for the purpose of self-criticism. I've never seen Ironmouth and Glenn Greenwald in the same place at the same time, come to think of it.

A very similar argument suggests that Edward Snowden is really Keith Alexander trolling us.
posted by kengraham at 2:07 PM on July 31, 2013 [4 favorites]

antonymous: "I love the timing with this being released the same day Keith Alexander is giving the keynote speech at Black Hat. Guess he won't be fielding questions afterward!

Also, while it's a bit early for too much meaningful analysis, I've found Christopher Soghoian's twitter feed quite useful in the past few hours."

Seems like Soghoian was a bit too trusting of the big corps in his past presentations on what was going on w/r/t government access, no?
posted by symbioid at 2:10 PM on July 31, 2013

"Too trusting of big corps" is not something Chris has ever been accused of, no. If you're thinking of his response to the PRISM slides, in which he suggested that there was not actual direct backdoor access to companies' servers, then he is still, as far as we know, correct. We don't yet know where the data for XKeyscore comes from, but my guess is surveillance over the wire, predominantly.
posted by Inkoate at 2:17 PM on July 31, 2013

Guardian: The White House declined to say on Wednesday whether the administration ever briefed the US Congress about a top-secret NSA spy program that, according to documents, allows analysts to to search through huge databases of emails, online chats and the browsing histories without prior authorisation.
-
When pressed, he claimed the Guardian's article contained inaccuracies, adding that "informing people about false claims isn't necessarily what we do". He did not specify which part of the report the White House believes to be inaccurate.
posted by Drinky Die at 2:23 PM on July 31, 2013

Nelson: "NSA can't figure out the Powerpoint arrow tool, either"

On top of everything else, the NSA is guilty of serious PowerPoint abuse. This guy wants to help.
posted by double block and bleed at 2:27 PM on July 31, 2013 [1 favorite]

He did not specify which part of the report the White House believes to be inaccurate.

I put $5 that it's the "without prior authorization" part, because the official line is that everyone in the building was officially FWD'ed an official copy of an official "TO WHOMSOEVER IT MAY CONCERN" warrant to officially search ANYONE AND EVERYONE IN THE WHOLE WORLD OR WHO EVER LIVED but only provided the search met the strict criteria of ANY HUNCH WHATSOEVER, OR, Y'KNOW, WHATEVER DUDE. NO-ONE IS GONNA CHECK.
So these outrageous claims that analysts lacked a warrant are just lying liars lying.
posted by anonymisc at 2:33 PM on July 31, 2013 [2 favorites]

The thing about Putin is, whatever he said at this news conference, he has repeatedly flouted America on any number of foreign policy issues, and Russia and the US are at odds about Syria at the moment. This is a man who gives no fucks. His vague wording, "harming"; why did he not say "so long as nothing else leaks" or what have you? I think there's little danger of anything that doesn't harm Russia imperilling Snowden. But more importantly, neither Snowden nor Greenwald are the story.
posted by Marisa Stole the Precious Thing at 2:52 PM on July 31, 2013

homunculus: Edward Snowden's not the story. The fate of the internet is: The press has lost the plot over the Snowden revelations. The fact is that the net is finished as a global network and that US firms' cloud services cannot be trusted.

Hardly. The conclusions that this author draws are based on a seriously diminished understanding of reality.

One - there are by some counts over 1 billion active users on Facebook. People who place a high priority on personal privacy in the digital age are a shrinking minority, no matter what polls or outraged message board posts may make it seem. I am not taking a position on this here, but I am suggesting that the behavior of people in practice strongly indicates that their adherence to strict protection of privacy is weak at most. It is implausible to conclude that, given this, any mass rebellion will ensue.

Two - the author states that Snowden is "not the story", but the reality is, neither is the NSA. The notion that the US stands alone or is exceptional in its intelligence gathering intents or practices is laughably naive. Even the Snowden leaks have demonstrated this. You will not see a serious rebellion by other major nations -- discounting a bit of political showmanship here and there -- because their intelligence gathering interests are all aligned with (and in some cases technologically intertwined with) that of the US.
posted by thebordella at 3:01 PM on July 31, 2013 [2 favorites]

Did nobody bring rotten fruit to Black Hat when they Keith Alexander scheduled? Too bad!

ACLU / EFF lawyer Kevin Bankston via Twitter this morning:

About to see NSA's General Alexander keynote at #BlackHat and just saw security guards confiscate 2 dozen eggs from someone....
posted by ryanshepard at 3:03 PM on July 31, 2013 [2 favorites]

ACLU / EFF lawyer Kevin Bankston via Twitter this morning:

Not that it matters overly much, but I believe Bankston is now with the Center for Democracy and Technology.
posted by Inkoate at 3:09 PM on July 31, 2013

thebordella: "People who place a high priority on personal privacy in the digital age are a shrinking minority, no matter what polls or outraged message board posts may make it seem."

[citation needed]
posted by mullingitover at 3:12 PM on July 31, 2013 [1 favorite]

As an aside, we should remember that, even if the NSA was merely a well paid addict^ that didn't harass foreign journalists , these tools are developed by private contractors who then develop unclassified versions they sell to the evilest governments in the world. Caveat, the FinFisher software bought by Egypt was produced by a German & U.K. contractor, but American companies indirectly sold Iran software to help Iran spy on dissidents too.
posted by jeffburdges at 3:22 PM on July 31, 2013 [1 favorite]

No, what is dead is the laughably naive idea that the Internet was somehow separate from the physical world it inhabits.
posted by NoxAeternum at 3:31 PM on July 31, 2013

I am suggesting that the behavior of people in practice strongly indicates that their adherence to strict protection of privacy is weak at most.

The onus is not on the people to cover our homes in a giant steel-and-lead box to seal out prying eyes. The onus is on the government to not use x-ray equipment to look through our modest walls.

Few people can build digital walls so thick that the NSA cannot see through them, and fewer still would be happy living inside the prison they've thus created for themselves.

We are entitled to expect privacy when we send private messages in Facebook. The creeping subtext that using modern networks indicates consent - that we're willingly inviting the government to pry into our lives, is pretty gross.
posted by anonymisc at 3:46 PM on July 31, 2013 [11 favorites]

Yeah. You should be on a list.

I think I am on a list. Here's what happened to me*:
*full disclosure, some of this is copied from another time I posted about this on another site.

Two years ago coming back from an international trip, after being away from home for four months, I took a picture of a sign that said, "Welcome to America" with two flags on it.

By the time I had made it down to the escalator, I was asked by two armed men to follow them. Apparently I wasn't quite out of customs, and I had been "observed using an unauthorized device in a restricted area." They asked me why I took a picture of the American flag. I told them that I take pictures of a lot of things.

Then a TSA agent interrogated me for 30 minutes. What were you doing in Country X? Who were you with? Why were you there? I made the mistake of mentioning I had spent time time with people from Berlin. They wanted their names, but I refused. They scanned everything, and even asked if had hidden illicit substances or explosive devices in the jars organic chocolate spread -- it looked like Nutella. Two jars were taken for samples. The rest were X-Rayed and returned to me.

They went through my phone. Thankfully they didn't get all the way to the end, where a friend of mine had taken a picture of his junk at my birthday party. They then asked why I had lied about taking one picture -- the HDR feature was turned on. After five minutes of explanation and a demonstration, they finally accepted that I had only taken one picture, and then required me to delete "both" pictures of the sign with the American flag. The only other thing in the picture was the sheetrock behind it.

"Are you serious?" I asked.

"Absolutely," she replied.

Since that day, I have been "randomly" checked at the airport three or four separate times. For a majority of the flights taken a year after that incident, my checked luggage would include that lovely little blue and white note (on cardstock!) that informed me the TSA had looked through my things. I think there's a pretty good chance that what I'm writing now will be looked at by the NSA. During the last "random" check I was flagged SSSS by the airline (sure!) and I was given the choice between a pat-down search or the millimeter scanner. While they send me over for my full body invasion, they went through my carryon luggage and tested it, I assume for explosive residues.

The thing about the picture really bothers me after the fact now. Just imagine if it had been some 17 year old kid at a house party I happened to be at? When is the last time you looked through every picture on your phone or camera to make sure someone hasn't been playing with it? "Arrested today at the airport, a 32 year old man charged with child pornography after he tried to smuggle in pictures of a 17 year old boy." Case closed. Life over. If the government cares to make it so.

My life, liberty, and happiness are no longer in my control. I have to trust that the United States government won't take it away from me.

Take the case of the woman who was sexually assaulted by a Marshall, and then arrested in front of that same person for "making false allegations on a police officer" in the words of the lowly pile of shit who assaulted her, while his "colleague" puts handcuffs on her. All of this happened while the "Hearing Master" Donna Patricia played with her child and ignored her pleas for help. According to the news story [trigger warning], it is not even an isolated incident.

Imagine that moment when the cuffs were put on her. And this is happening, supposedly, in a court of law.

Today I feel like the worst part about coming back from Canada was not another routine violation of my privacy and my person, it was realizing that I am now genuinely afraid to be home. My inquiries into the emigration pages of Canada and the UK have turned from curiosities into paperwork submissions to immigration attorneys, just to see how much it could and how likely it could happen. I'm not saying I'm out of here yet, but I'm definitely making sure I know where the exit is.

But that's what they say, right? Love it or leave it. Well, I'm pretty sure this feeling isn't love...

PS: I spent about an hour considering whether I should post this in what is essentially my first and last name, but then I realized they would probably know who posted it no matter what username is behind this IP address.

I guess now's a good time as any to start another sock puppet, but this time, using tor and with a temporary credit card bought at a random time before my use of it.

And yes, I thought about doing that before I posted this story, but then I realized that the "Preview" button sends the string I'm about to post back over the line, so they could have have a copy of what I thought before I posted it. But whatever man. That's just a conspiracy theory.
posted by deanklear at 4:04 PM on July 31, 2013 [30 favorites]

You won't need an attourney for the great white north; unlike the US's convoluted morass of departments, CIC's paperwork and process is straightforward no matter which route to residency you wind up following, though it does take time. Feel free to MeMail me.
posted by seanmpuckett at 4:18 PM on July 31, 2013

seanmpuckett: "My advice: drink moderately and stay out of the US.

It doesn't mean they will (or won't) spy on you, but it does mean they have to go through a court system that is not under rubber-stamp NSA control in order to get their hands on you physically. (Which isn't to say the NSA wouldn't be able to influence an extradition court in a sane jurisdiction, it just means they won't roll over immediately.)"

My (very sketchy) understanding of this is that those of us residing in countries allied with the US have even less recourse, because there's no laws at all preventing the NSA from cooperating with other intelligence agencies.

Say the Communications Security Establishment wants to find out what I've been writing on Gmail. They can ask the NSA for help. And because our nations are allies that exchange information all the time (and the CSE gave them a convincing reason), the NSA uses X-Keyscore and gives them everything I wrote on Gmail for the last week or so.

No law has been broken. In America, the NSA can spy on me without limit because I'm not a "US person," and here in Canada the CSE didn't actually do any spying. They just called on a friend for a little assistance.
posted by Kevin Street at 4:19 PM on July 31, 2013 [2 favorites]

NB as mentioned I am solely concerned about my body. My data, as everyone else's, is a lost cause.
posted by seanmpuckett at 4:24 PM on July 31, 2013

NSA: XKEYSCORE is used as part of NSA's lawful foreign signals intelligence collection system. By the nature of NSA's mission, which is the collection of foreign intelligence, all of our analytic tools are aimed at information we collect pursuant to lawful authority to respond to foreign intelligence requirements - nothing more.

Allegations of widespread, unchecked analyst access to NSA collection data are simply not true. Access to XKEYSCORE, as well as all of NSA's analytic tools, is limited to only those personnel who require access for their assigned tasks. Those personnel must complete appropriate training prior to being granted such access - training which must be repeated on a regular basis. This training not only covers the mechanics of the tool but also each analyst's ethical and legal obligations. In addition, there are multiple technical, manual and supervisory checks and balances within the system to prevent deliberate misuse from occurring.

Our tools have stringent oversight and compliance mechanisms built in at several levels. One feature is the system's ability to limit what an analyst can do with a tool, based on the source of the collection and each analyst's defined responsibilities. Not every analyst can perform every function, and no analyst can operate freely. Every search by an NSA analyst is fully auditable, to ensure that they are proper and within the law.
posted by Drinky Die at 4:26 PM on July 31, 2013

One thing I do believe is that the NSA keeps track of what analysts are doing while logged into their system. No doubt they have extensive logs.

But what is considered abuse, and what's just routine due diligence? Are they looking into thousands of people every day? There might be so much activity going on that no supervisor could monitor it all.
posted by Kevin Street at 4:34 PM on July 31, 2013

Right, can they audit for misuse before the analyst flies off to Hong Kong? So far, not looking like they can which is a scary idea if someone really does want to turn over information to bad guys.
posted by Drinky Die at 4:37 PM on July 31, 2013 [3 favorites]

You're pulling this "permission to publish" bullshit straight out of your ass. Greenwald has said since the beginning that Snowden released a block of documents and told the journalists to use their own judgment in deciding what to publish and when. The ones he didn't want to see the light of day were not turned over at all. Viz.

The link doesn't say that.

My basis for how one handles leaks is the procedure I used. I contacted a PR pro who told me how its done. So, that is exactly how I did it. Its SOP. It doesn't mean Snowden did that.

But the more important thing is this--it doesn't matter how he did it--GG is giving Putin the excuse he needs to get rid of the problem by saying Snowden didn't live up to his promise. Putin isn't required to take any of that into account. So Glenn aint exactly helping Snowden get asylum.

Without a doubt, if Snowden wanted asylum in Russia it would be in his interest to not publish again. Putin has made that known.
posted by Ironmouth at 4:43 PM on July 31, 2013

This is textbook concern trolling.
posted by Drinky Die at 4:47 PM on July 31, 2013 [11 favorites]

I think when they say that "every search by an NSA analyst is fully auditable" what that translates to is that they have a system that works basically like Google's search history, meaning that they have a log of all of an analyst's searches.

Until today, I don't see that they would have had any real incentive to actively monitor anything. The kind of system you would need to monitor this algorithmically would require people with the same kinds of skills as those who'd be writing the data mining algorithms to power the searches themselves, and this is not a very productive use of their time. I don't think that doing it manually is much of an answer, either. If an analyst's job is to synthesize raw data into reports, they're doing a lot of searches. In order to manually oversee this, you're talking about a second person with sufficient clearance to see everything the analyst sees as well as enough understanding of it to know when they're looking at something they shouldn't be. I'm guessing it's easy to find better uses of this person's time as well.

I'm skeptical that any real audit oversight exists. I think that is a really weak claim.
posted by feloniousmonk at 4:49 PM on July 31, 2013 [1 favorite]

Ironmouth: My basis for how one handles leaks is the procedure I used. I contacted a PR pro who told me how its done.

Have you ever handled leaks from a whistleblower who worked for a federal security agency, and who was handing over to journalists details about highly-classified programmes which s/he thought were an affront to the constitution? Because if not, there's not really a comparison to be made.
posted by Len at 4:50 PM on July 31, 2013

TSA employee misconduct up 26% in 3 years (GAO report)
posted by jeffburdges at 4:50 PM on July 31, 2013

Can we please stop it with Putin derail? Ironmouth's initial trollish or snarky question warranted bemusement, and maybe one correction, maybe, but you've collectively mentioned Putin at least fifteen times in this thread now. I wish I'd asked the mods to delete all those comments hours ago now.
posted by jeffburdges at 4:56 PM on July 31, 2013 [2 favorites]

Actual drawings of the door behind which the third branch of the US government protects your rights: The Door to the FISA Court

If the Foreign Intelligence Surveillance Court is supposed to be an actual Court, functioning in the service of the public and the Constitution as an independent overseer of the executive branch, where is its public face? Where are its unclassified records? Why can't we talk to its Clerk?

No photos of course, for security reasons. And next time we'll confiscate your pencils too, Osama.
posted by Joe in Australia at 5:01 PM on July 31, 2013 [5 favorites]

"I'm skeptical that any real audit oversight exists. I think that is a really weak claim."

No doubt. In the slides you can see a pull-down menu where the user picks a pre-written reason to authorize the search, to satisfy legal requirements. (FISA?)

It's a system that's set up to justify any action after the fact - if shit somehow hits the fan they can pull up the reason for each action an analyst took. But there's no way a supervisor is reviewing hundreds or thousands of identically written authorizations every day, that were picked from a menu.
posted by Kevin Street at 5:09 PM on July 31, 2013

What kills me is that we're being all watched by some shit software that still runs on XWindows. It's the SUN workstation from hell - XEmacs, Xeyes and XKeyscore.
posted by GuyZero at 5:09 PM on July 31, 2013 [1 favorite]

Kevin Street: No doubt. In the slides you can see a pull-down menu where the user picks a pre-written reason to authorize the search, to satisfy legal requirements.

"It looks like you're planning to conduct a warrantless piece of surveillance.

Would you like help?

0 – Get help with writing a warrant that will have to be signed by a federal judge who will be all pissed off that you're interrupting his Sunday morning game of golf

0 – Just go ahead and conduct the warrantless surveillance anyway without help from a judge because fuck it, who's ever going to know different

✓ Don't show me this tip again"
posted by Len at 5:31 PM on July 31, 2013 [4 favorites]

The link doesn't say that.

It is your contention, then, that in the sentence "He turned over to us many thousands of documents weeks and weeks ago back in Hong Kong and we’ve been the ones deciding which stories get published and in which order," the words "we" and "us" refer to different groups of people?

It's okay to admit that you missed something. This isn't court.
posted by Holy Zarquon's Singing Fish at 5:43 PM on July 31, 2013 [1 favorite]

If I'm understanding it correctly, the analyst just has to say that his search is connected to someone in another country, and the nice old judge doesn't have to be bothered at all.
posted by Kevin Street at 5:52 PM on July 31, 2013

So if half your family were German, for instance, and you wanted to maintain any kind of relationship with those relatives, you effectively wouldn't enjoy equal protection from surveillance under the law? Is that accurate?
posted by saulgoodman at 6:02 PM on July 31, 2013 [1 favorite]

The only difference is they wouldn't need to get an actual warrant to spy on you. But it's not like the FISA court ever denies warrants on US citizens (or tells anyone what they approved or denied). Keeping in touch with the German relatives just means there's one less fig leaf protecting your privacy.
posted by Kevin Street at 6:06 PM on July 31, 2013

Great. I just love how the future is shaping up.
posted by saulgoodman at 6:07 PM on July 31, 2013 [1 favorite]

saulgoodman: So if half your family were German, for instance, and you wanted to maintain any kind of relationship with those relatives, you effectively wouldn't enjoy equal protection from surveillance under the law? Is that accurate?

Oh, you'd get equal protection from surveillance under the law, yes. It just so happens that, going by everything that's been revealed so far, both you and your imaginary German relatives are entitled to the same protection, which is to say, none.
posted by Len at 6:10 PM on July 31, 2013

Too bad they're not imaginary. Also too bad that a guy whose dad was Kenyan wouldn't see the problem with this procedural arrangement.
posted by saulgoodman at 6:19 PM on July 31, 2013 [1 favorite]

NSA sez: Not every analyst can perform every function, and no analyst can operate freely. Every search by an NSA analyst is fully auditable, to ensure that they are proper and within the law.

We know this is pure bullshit (or more generously, PR spin) because if any of it were true, Snowden could never have done any of the things he did. The locks might technically exist, but they're not being used.
posted by anonymisc at 6:27 PM on July 31, 2013

Well, take particular note that the searches are auditable, not audited. Snowden has claimed about 5% of queries are checked for previous programs he has revealed:

The restrictions against this are policy based, not technically based, and can change at any time. Additionally, audits are cursory, incomplete, and easily fooled by fake justifications. For at least GCHQ, the number of audited queries is only 5% of those performed.

The possibility of a tax audit doesn't eliminate the possibility of tax fraud.
posted by Drinky Die at 6:39 PM on July 31, 2013 [4 favorites]

Can we please stop it with Putin derail?

Can't miss a chance to flog that Greenwald hobby horse.
posted by T.D. Strange at 7:14 PM on July 31, 2013

What's to be done? You could support 1984 Day this weekend.
posted by unliteral at 7:40 PM on July 31, 2013 [1 favorite]

Russia: What the hell are you doing?

U.S.A. : I’m kickin’ my ass – do ya mind!?
posted by Smedleyman at 8:29 PM on July 31, 2013

So if an analyst can copy a bunch of files and run off to Hong Kong out of pure idealism, what's to stop say, Apple from waving a huge wad of cash under an analyst in exchange for transcripts of all of Microsoft's emails? Isn't this going to be inevitable?
posted by happyroach at 8:34 PM on July 31, 2013 [1 favorite]

You could support 1984 Day this weekend.

Arse! I did that in April
posted by fullerine at 8:52 PM on July 31, 2013

Here's an excellent column from The New Yorker that sums up everything we've been talking about in this FPP and thread. It's good reading if you feel confused (or even if you don't):

PRESENTING XKEYSCORE: WHAT THE N.S.A. IS STILL HIDING

POSTED BY AMY DAVIDSON

“Select a Foreigness Factor,” the text on a National Security Agency training slide for a system called XKeyscore, made public by the Guardian, in a piece by Glenn Greenwald, tells its analysts. An arrow points to a drop-down menu with choices like “Foreign govt indicates that the person is located outside the U.S.” and “The person is a user of storage media seized outside the U.S.” Foreignness matters because the N.S.A. is not supposed to spy on Americans. The one selected for the sample search might be the easiest: “In direct contact w/tgt overseas, no info to show proposed tgt in U.S.” In other words, We found a link between you and someone abroad we’re interested in, and you haven’t shown us that you’re American—so let’s take a look...

posted by Kevin Street at 9:11 PM on July 31, 2013 [5 favorites]

Drinky Die: "Those personnel must complete appropriate training prior to being granted such access - training which must be repeated on a regular basis."

If this is like any other "training" I have been mandated to receive in either the public or private sector, the analysts are like 'pffft whatevzzzz' and do what ever the fuck they want to do anyway.
posted by ArgentCorvid at 9:22 PM on July 31, 2013 [1 favorite]

Here is the thing about this. There is no way to stop this through the political process. Anybody who sticks their head up on this is going to have a whole series of revelations about their personal lives put out into the public, if they aren't just flat out put into prison with whatever evidence they can dig up and get to a friendly reporter or prosecutor.

Who is going to stand up to the intelligence apparatus when you know they can destroy your life at will? And that if you support them, they'll help you win election after election.
posted by empath at 10:23 PM on July 31, 2013 [1 favorite]

So if half your family were German, for instance, and you wanted to maintain any kind of relationship with those relatives, you effectively wouldn't enjoy equal protection from surveillance under the law? Is that accurate?

If you've ever visited a foreign website for any reason. Or even an American one with a data center overseas, or if they feel like looking into you, because there are no checks on the system.
posted by empath at 10:25 PM on July 31, 2013

Who is going to stand up to the intelligence apparatus when you know they can destroy your life at will?

If things keep going this way, my senator, Ron Wyden. Who'd the rest of you vote for? Yeah, I'm feeling a little smug, because I think this is the fight of his career, and I think it's his time.
posted by dubwisened at 11:01 PM on July 31, 2013

If things keep going this way, my senator, Ron Wyden

We'll see how long that lasts. If he ever gets any traction, there will be a scandal or something. Or a well-funded opponent.
posted by empath at 11:06 PM on July 31, 2013

I wonder if China, Russia and other nations have these capabilities as well? If so, it could be that we're seeing the end result of a kind of surveillance arms race here, with US intelligence services arguing that these capabilities are vital to maintain parity with other nations and possibly even non-state actors. I don't necessarily buy that argument, but maybe there's some behind the scenes MAD posturing being used to justify this stuff. If so, it seems to me a better approach than continuing escalation would be to get hard to work on rebuilding with more secure protocols because the reliability and value of the Internet as a system for transacting business (let alone as a channel for personal communication) is at long-term risk otherwise. No doubt, there are far more enterprising cynics that would abuse these kinds of surveillance capabilities now and in the future than there are idealists. No doubt there have already been players in the intelligence community double-dealing on this tech just as there's been an ugly history of the same kinds of double-dealing in nuclear secrets.
posted by saulgoodman at 4:23 AM on August 1, 2013 [1 favorite]

Snowden has left Moscow airport. He has been granted a 1-year asylum in Russia.
posted by Pendragon at 5:19 AM on August 1, 2013 [2 favorites]

"A strongly worded US reaction can be expected shortly, as the news sinks in in the US, our correspondent says."

Indeed. I imagine somewhere that the person who was in charge of this mess is banging their head on a table over and over and over.
posted by lesbiassparrow at 6:04 AM on August 1, 2013 [1 favorite]

Without a doubt, if Snowden wanted asylum in Russia it would be in his interest to not publish again. Putin has made that known.
[...]
Snowden has left Moscow airport. He has been granted a 1-year asylum in Russia.

Gee, it's almost like Greenwald, and not Snowden, is responsible for the publication of this information.
posted by one more dead town's last parade at 6:10 AM on August 1, 2013 [3 favorites]

Snowden has left Moscow airport. He has been granted a 1-year asylum in Russia.

It's almost like Putin doesn't even care what Ironmouth thinks about Greenwald.
posted by T.D. Strange at 6:39 AM on August 1, 2013 [22 favorites]

I'd soo love it if countries started backing out of existing extradition treaties with the U.S. over American exceptionalism, the American judicial system's use of intimidation and torture, etc.

America’s extradition actions regarding Snowden are extra-legal in International Law
posted by jeffburdges at 6:49 AM on August 1, 2013

We linked Molly Crabapple piece from the Bradley Manning thread, but her commentary on Weev nails the Snowden situation as well.

"I was in Fort Meade to draw. It was not the first time I had drawn a young computer expert facing jail. In March, I had watched court security officers bash Andrew 'Weev' Auernheimer's head into a table during his sentencing for a hacking crime. As the prosecutors argued that he should spend years in a cage, it became clear that his punishment wasn't about him at all. It was a strike against the future."

"The trials of Auernheimer, hacktivist Jeremy Hammond and Anonymous-affiliated journalist Barrett Brown's represent the old world fighting back against the new. Their verdicts decide whether we will embrace technology's possibilities for truth and egalitarianism or whether we will retreat behind violence and bureaucracy."
posted by jeffburdges at 6:53 AM on August 1, 2013 [4 favorites]

It's almost like Putin doesn't even care what Ironmouth thinks about Greenwald.

I get the feeling that the long drawn out process of this had far more to do with Putin making it as annoying for the Americans as possible, all while holding out the tiniest bit of hope that he'd cut Snowden loose if he went too far, than anything else. I'm sure he's cackling his head off in the Kremlin.
posted by lesbiassparrow at 7:01 AM on August 1, 2013 [2 favorites]

Another sign that Obama is slipping into Lame Duck irrelevancy. Putin would have been a hard case when Obama's influence was at its zenith. But Hong Kong, with that smarmy letter? And the various LatAm nose-thumbers?

He'll have a few months this fall to get something done, then it's the midterms, followed soon by the next presidential election campaign season. Not much agenda setting (look at how well his latest Economy Tour has gone!); lots of reacting to others' agendas.

Already he's given Kerry an early start on every Lame Duck's last gasp; Mideast Peace.
posted by notyou at 7:27 AM on August 1, 2013

If he ever gets any traction, there will be a scandal or something. Or a well-funded opponent.

Small plane crash is traditional.
posted by notyou at 7:29 AM on August 1, 2013 [5 favorites]

Google Pressure Cookers and Backpacks, Get a Visit from the Feds

But the US government isn't spying on Americans. They promise.
posted by ryoshu at 8:42 AM on August 1, 2013 [6 favorites]

That's scary. I just bought a backpack and googled around about it a bit. I guess now isn't a good time to try and purchase a pressure cooker. I'll stick with making the beans in the slow cooker for now.
posted by Drinky Die at 9:01 AM on August 1, 2013

Great, I was thinking about getting one for canning tomatoes this summer. Nevermind we researched backpacks a la Rick Steves prior to our Italy trip earlier this spring. Wonderful.
posted by dukes909 at 9:06 AM on August 1, 2013

I've been debating making a FPP about that FBI visit for pressure cooking searches. It's largely unrelated to this XKeystone discussion. It's FBI, not NSA. And the author believes she was flagged for Internet web searches, which suggests monitoring or collusion with search engines. That's a frightening abuse of domestic federal police.

I'd like to think I'd have the courage to refuse the FBI permission to search my house, to insist on a lawyer to talk to them. But it's hard to know how I'd react to six polite men showing up with guns and implicit threats.
posted by Nelson at 9:08 AM on August 1, 2013 [3 favorites]

I'd love an FPP for this once we get slightly more information. Amazon or eBay might be the culprit rather than Google, who knows.
posted by jeffburdges at 9:19 AM on August 1, 2013

It's largely unrelated to this XKeystone discussion. It's FBI, not NSA.

To my knowledge the NSA does not have a police force, so any flags raised on domestic searches would be sent to the FBI.
posted by ryoshu at 9:26 AM on August 1, 2013

I wonder if Snowden's lawyer told Putin there was one more story coming out and that was it and after that story published, they were letting him in the country. That's the only explanation I can come up with.
posted by Ironmouth at 9:39 AM on August 1, 2013

It's largely unrelated to this XKeystone discussion. It's FBI, not NSA.
Hahahahahahahahahahahah
You still don't get it do you.
Laws are for the little people like you and me. The US authorities and the secret state do what they like, when then like and those that call them on it get taken out out of circulation.
posted by adamvasco at 9:40 AM on August 1, 2013 [1 favorite]

I wonder if Snowden's lawyer told Putin there was one more story coming out and that was it and after that story published, they were letting him in the country. That's the only explanation I can come up with.

Snowden has no control over the stories.
The stories, which are being published by the Guardian, are not subject to a veto by Snowden.
Glenn Greenwald and other reporters are deciding what to publish.
Snowden no tiene ningún control sobre la publicación de estos artículos.

Any of this getting through?
posted by Holy Zarquon's Singing Fish at 9:44 AM on August 1, 2013 [8 favorites]

FBI and NSA work together, of course. (Although famously, not as well as would be good for their mission statement). What's different with Catalano's story is that local police were involved and made a casual visit, along the way tipping off everyone they're illegally monitoring people's search traffic like this. It's just crazy. And well beyond NSA building an over-reaching monitoring system that we still sort of hope is aimed accurately at the bad guys.

Honestly I found the story implausible other than Catalano's personal credibility. But The Guardian is reporting they have confirmation from the FBI.

A spokesman for the FBI told to the Guardian on Thursday that its investigators were not involved in the visit, but that 'she was visited by Nassau County police department … They were working in conjunction with Suffolk County police department.'

posted by Nelson at 10:13 AM on August 1, 2013 [1 favorite]

It's largely unrelated to this XKeystone discussion. It's FBI, not NSA.

Nelson, the NSA coordinates with the FBI. I am not sure to what extent they do so, but I know that past NSA projects have generated leads that were then passed on to the FBI. For example, Stellar Wind was an NSA mass-surveillance program that sent cases over to the FBI.

According to Time magazine, "leads from the Stellar Wind program were so vague and voluminous that [FBI] field agents called them 'Pizza Hut cases' — ostensibly suspicious calls that turned out to be takeout food orders."

Stellar Wind is also the program that tipped off the FBI to Eliot Spitzer's use of prostitutes.

It sure is weird how an NSA terrorist-catching program wound up catching a Democratic governor's sex scandal during a Republican president's administration, isn't it?
posted by compartment at 10:18 AM on August 1, 2013 [7 favorites]

And when that dude was about to use investigations of Wall Street as a springboard to higher political office.

I wonder if Snowden's lawyer told Putin there was one more story coming out and that was it and after that story published, they were letting him in the country. That's the only explanation I can come up with.

A couple more shovelfuls and you'll be in Beijing.
posted by notyou at 10:28 AM on August 1, 2013 [2 favorites]

Ok, not FBI, but local police. How did local police get access to a reporter's internet search history? And could the cops have had worse timing?
posted by ryoshu at 10:29 AM on August 1, 2013 [1 favorite]

> Crime will be eliminated for a fraction of what we pay now

What? No. Cheaper crime fighting might be in the top 10 claims for more invasive, more technology-dependent tools, but the reality is that the prison/enforcement/consultant/armament nexus is "good" business that needs its wars on terrorism and drugs. (the other 9 claims are jobs, protecting the children and fear, fear and fear).

If it wasn't for meth giving the drug enforcers something to justify purchasing bearcats and stingrays, pot wouldn't be de-criminalized or legal in 1/3 of of the united states.

We all remember that the Chertoff Group consulted for Rapiscan, right?
posted by morganw at 10:34 AM on August 1, 2013 [1 favorite]

Ok, not FBI, but local police. How did local police get access to a reporter's internet search history? And could the cops have had worse timing?

ryoshu: As I'm understanding Nelson's comment, the local police were the ones dispatched on scene, but they were acting at the behest of the FBI, who (as others have outlined above) likely got their information from the NSA.

Remember, coordinating all these different entities to work together better has been one of the main reform pushes over recent years, so it would make sense they'd all be working together and sharing info in this way.
posted by saulgoodman at 10:34 AM on August 1, 2013 [1 favorite]

I think what I'm really trying to say is Catalano's police visit is a new and different kind of abuse of the surveillance system than what's documented in XKeystone. And that it deserves its own attention, its own front page post.

I fear a lot of Americans are not too concerned with the various Snowden-initiated revelations, because in their mind it's still "they're spying on the bad foreigners, I'm OK with that". Having local cops show up at a random American citizen's door with a copy of her search history in hand is a different kind of abuse, one I think many Americans will recognize as dangerous.
posted by Nelson at 10:57 AM on August 1, 2013 [2 favorites]

Honestly I found the story implausible other than Catalano's personal credibility. But The Guardian is reporting they have confirmation from the FBI.

I think this is one of their biggest assets - what the NSA is doing is so far beyond the pale that we just can't conceive they could really be that bad, or even in the same ballpark as that bad.

Snowdens revelations were things that we already had plenty of evidence for, and at some level knew were not just possible but probable, but which on another level seem so far out there that part of us just mentally files them under fantasy and make-believe and goes on with the day as if the observation wasn't real.
posted by anonymisc at 11:01 AM on August 1, 2013 [7 favorites]

It get's even worse... (Related.)
posted by saulgoodman at 11:12 AM on August 1, 2013 [1 favorite]

Spencer Ackerman and James Bamford were discussing all this on Democracy Now today:

As Edward Snowden Wins 1-Year Asylum in Russia, NSA Program Tracking Real-Time Internet Use Exposed

NSA Confirms Dragnet Phone Records Collection, But Admits It Was Key in Stopping Just 1 Terror Plot
posted by homunculus at 11:16 AM on August 1, 2013 [3 favorites]

But Obama said tyranny is not lurking around the corner, so it must be true.
posted by NakedShorted at 11:38 AM on August 1, 2013 [1 favorite]

Bruce Schneier: NSA secrets kill our trust
posted by homunculus at 11:48 AM on August 1, 2013 [1 favorite]

But Obama said tyranny is not lurking around the corner, so it must be true.

When did Obama start saying "America" like Dubya?
posted by AElfwine Evenstar at 12:37 PM on August 1, 2013 [1 favorite]

Ironmouth, could you help to shed light on a statement that was made today by The Guardian's national security editor, Spencer Ackerman? In the following statement he refers to documents provided to Congress members not on the select intelligence committees:

"They never say in the documents that these are all Americans’ phone records, that these collection programs occur without any suspicion of any American to any act of terrorism or espionage, which is what the underlying statute authorizing them says."

Can you tell me what part of section 215 might have led him to this conclusion, and how he might have reached it (erroneous or not)?
posted by compartment at 1:32 PM on August 1, 2013

It sure is weird how an NSA terrorist-catching program wound up catching a Democratic governor's sex scandal during a Republican president's administration, isn't it?

A candidate for governor, let's not forget, who was notorious for being willing to enforce the law against Wall Street.
posted by junco at 4:08 PM on August 1, 2013 [2 favorites]

Ironmouth, could you help to shed light on a statement that was made today by The Guardian's national security editor, Spencer Ackerman? In the following statement he refers to documents provided to Congress members not on the select intelligence committees:

"They never say in the documents that these are all Americans’ phone records, that these collection programs occur without any suspicion of any American to any act of terrorism or espionage, which is what the underlying statute authorizing them says."

Can you tell me what part of section 215 might have led him to this conclusion, and how he might have reached it (erroneous or not)?

You can read it here for yourself; starting on page 16.

I don't know why you would be asking Ironmouth as he has no credibility left when it comes to these issues. Ever since the NSA story broke he has been claiming ad nauseam that Smith v. Maryland was the final word on whether the government has the right to search any data or information you give to a "third party". As I demonstrated above this is a completely false claim. I linked to three academic articles on the issue that disagree with Ironmouth's appraisal of the situation, and if you check the notes from those three articles you will see that there are many, many more. The Supreme court has not directly ruled on the third party doctrine and the lower courts have recently been grappling with these same legal issues. There has also been a fairly influential academic criticism of the current interpretations of the 3rd party doctrine. All one has to do is use the google to check out if what I'm saying is true. So either Ironmouth is unaware of the academic and legal debates currently underway and doesn't really know what he's talking about, or he is a bald faced liar.
posted by AElfwine Evenstar at 5:45 PM on August 1, 2013 [1 favorite]

Ironmouth has a pretty reasonable legal interpretation of these issues from what I have read. I disagree with some of his conclusions, but that is from a non-lawyer perspective relying on groups like the ACLU and other prominent legal minds who have put forth different views. He is a good guy to ask for legal insight even if you disagree with his ultimate conclusions.

That said, his track record on other aspects of this story has been, and I'm sorry IM, but really godawful. A lot of assumptions stated as fact in these threads that have quickly been proven dead wrong from what appears to be a desire to see Snowden face the American justice system to evaluate the appropriateness of his actions and the programs to be viewed as a bit more innocuous than they should be viewed even if one concludes they are legally and morally justified in the end.

Not trying to make this thread personal or anything, but this has been a repeating pattern on Snowden topics from the start and it's not in character for IM to be doing this.
posted by Drinky Die at 7:15 PM on August 1, 2013

So either Ironmouth is unaware of the academic and legal debates currently underway and doesn't really know what he's talking about, or he is a bald faced liar.

He's an attorney for law enforcement officers. He's just making the same sorts of arguments here that he'd make in court. It's not exactly arguing in bad faith, but getting at the truth isn't really the primary goal of lawyers who are attempting to win a case.
posted by empath at 7:19 PM on August 1, 2013 [2 favorites]

we're doomed

I wonder if the lack of virtual places to do things will result in people doing things IRL

the laughably naive idea that the Internet was somehow separate from the physical world it inhabits.

The internet is text and pictures, it is by definition removed from reality by at least one step
posted by This, of course, alludes to you at 8:00 PM on August 1, 2013

but getting at the truth isn't really the primary goal of lawyers who are attempting to win a case.

Metafilter isn't a legal case and if that is the way some people treat it then I would argue that they are by definition participating in bad faith, but whatever I've made my point.
posted by AElfwine Evenstar at 8:26 PM on August 1, 2013 [4 favorites]

Some interesting stuff from the Federation of American Scientists on how the relatively new "insider threat" policy equates the actions of spies, terrorists, and leakers. The policy emphasizes the importance of auditing user activity on government networks. It would be interesting to know how the anti-leak auditing procedures compare with auditing procedures designed to ensure legal compliance.

The FAS article ends with a good quote from the late Daniel Patrick Moynihan: “If you want a secret respected, see that it’s respectable in the first place.”
posted by compartment at 10:02 AM on August 2, 2013 [4 favorites]

Bruce Schneier: The Public-Private Surveillance Partnership
posted by homunculus at 1:36 PM on August 2, 2013 [2 favorites]

Whoa. Apparently just symbolic, but whoa: Germany ends spy pact with US and UK after Snowden
posted by Joe in Australia at 2:54 AM on August 3, 2013

Great, Orson Scott Card runs the NSA. That explains a lot.
posted by GuyZero at 3:24 PM on August 12, 2013 [1 favorite]

In related news, there are allegations that the data-slurping has been used to spy on a New Zealand journalist.

NZ prime minister John Key: We have to spy on you because al-Qaeda has training camps here. Also: FISH!
posted by homunculus at 12:31 PM on August 14, 2013 [1 favorite]

As we see it, there is now a significant gap between what most Americans think the law allows and what the government secretly claims the law allows.
Thirteen Things the Government is Trying to Keep Secret from You.
posted by adamvasco at 11:11 AM on August 27, 2013 [1 favorite]