That's how a police state works. (XKeyScore += 5)
My mother was involved in civil rights, so she has a file. It's fine that I have a file too. Hopefully I'll be gone before they start going door to door.
edit: http://www.linuxjournal.com/content/nsa-linux-journal-extrem...
This is where the "mass surveillance" and "let's monitor everyone just in case they might do something bad" thinking inevitably ends up.
Considering this is PRECISELY how spam filtering works, it doesn't seem entirely irrational.
Much like spam filtering, it would all come down to dialing in your filters and picking a good threshold.
Hell, if the system was good enough, it could actually improve freedoms. We currently arrest many innocent people as part of the legal process (who are later exonerated). What if our "arrest filter" outperformed the current system, in terms of percentage of innocent people arrested? It doesn't have to be perfect to be better.
It will be another system which grants permission at the whims of the department, one that absolves individual officers of blame, punishment and consequences for bias and abuse they'll continue to revel in.
Spam filtering also works in a very different context - the spam-to-nonspam ratio is something like 90% spam and 10% nonspam, which means that there is lots and lots of spam to filter out; if an important email slips through, people are bound to notice and either adjust their spam filter or do something about it. In the other setting, you have 99.99% or more of people who have nothing to do with terrorism or criminal activities, and maybe one or two dozen (among tens of millions) who you are actually targeting. First thing, erroneously targeting a substantial chunk of your non-interesting population ties up resources - you're spending your time investigating people who are not terrorists - but since it's difficult anyways, at least you seem like you're doing something with all the money you receive, and nevermind if some of the data is used for industrial espionnage or hunting people that only poultry farmers and fracking magnates would call terrorists. And if you miss one of the two dozen other people, well, they won't do anything harmful this year or the next because they also have to fear regular law enforcement, and when they do it'll be in a moment that's probably suitable for you to ask for more money.
tl;dr: Because we don't have a large sample of actual terrorists on hand, it's hard to evaluate activities like the NSA's, which would however be desirable since we're giving large chunks of money to them that could be fruitfully used in making everyone safer if used to fight actual crime and not some fuzzy notion of terrorism.
> "It doesn't have to be perfect to be better." (Yes it does...)
The problem used to be approached by presuming innocence (demanding perfection), rather than with a willingness to accept false positives (20 years ago spam filters weren't available as an analogy...). It is always possible to wrongfully judge someone, but it was never a valid or acceptable outcome ("It is better that ten guilty persons escape than that one innocent suffer" - Blackstone). We accept that spam filters give false positives (not to mention that one person's spam is another person's opportunity), so I think comparing the justice system to detecting spam is a mistake, and more over that a goal of "prevention" itself is a red herring.
The goal of prevention encourages us to accept lower thresholds of guilt probability, and that is wrong. In other words, if prevention is an end, then it is worth deliberately (rather than accidentally) restricting innocent people on the basis of virtually any nonzero probability of guilt. 80% "guilty" by association (for using Tor for example), 45%, etc, would all be enough to justify legal action - and the thresholds would certainly depend on whoever is in power and has access to the database that week. This is a very different model than presuming innocence, and having not only a goal of 0 false-positives, but also providing satisfaction when the justice system is in error.
I think today we are mostly talking around the fact that a crime has to have been committed in order for it to deserve to be punished, and that, for that reason, prevention cannot be a valid goal in itself (but it's nice when it happens).
Rationalizing surveillance as a tool to "prevent" rather than to justly punish wrongdoers (which centralized surveillance does not do because it is centrally operated, due to the conflict of interest; everyone owning a camcorder on the other hand...) implies that the central database needs to go IMHO (and that individuals need to be empowered instead).
I was thinking more in terms of automated drone strikes, but yeah for the facade of democracy arrests may be the way to go for now.
Or maybe welcome to Oceania of 1984, having to deal with Thinkpol:
http://en.wikipedia.org/wiki/Thoughtcrime
"The Thought Police (thinkpol in Newspeak) are the secret police of the novel Nineteen Eighty-Four. It is their job to uncover and punish thoughtcrime."
Yup, we don't have thinkpol yet (and hopefully we never will), but we do have a pretty damn good analogy to it: https://en.wikipedia.org/wiki/Predictive_policing
This is just how life is when databases are ubiquitous. After I bought a house and my name began appearing in property tax databases I started getting lots of (paper-based) commercial spam for things homeowners are more likely to buy, like different sorts of insurance, refinancing, satellite TV service yadda yadda.
When it emerged after 9-11 that various government agencies had failed to 'join the dots' by not sharing intelligence information effectively, there was a lot of public support for better-coordinated and more proactive intelligence gather, notwithstanding warnings about the risk to civil liberties. So collectively we got what we asked for. The lack of public outrage or mass demonstrations against the NSA strongly suggests that a large majority are OK with this state of affairs, especially since they're used to data collection in a commercial context.
A little bit of war, however, will probably dull any of that.
Why care about the rest of your family that will still be here to endure the rest... or the rest of us. You have no kids, right?
If I were planning to stay here for the rest of my life, I wouldn't risk political posting on the internet, donating, or subscribing. You'll get more help for me as long as I can rationalize it as only worsening a temporary situation.
That's just stupid.
After 10 years of pervasive surveillance and not being able to catch a single terrorist I can't believe the NSA is trying to rationalize it as being a good thing. It's too bad the bill to defund the NSA didn't pass: http://defundthensa.com/
The NSA does an awful lot of hiding things. It might therefore be reasonable to conclude that it is bad and should, at the very least have its funding cut.
Anecdotally reminds of this guy that was key in setting up the British porn filter being arrested for child pornography: http://www.telegraph.co.uk/news/politics/david-cameron/10675...
No, that's not the reasoning. People that do bad things try to hide them. Therefore, a good first filter to catch bad people is to target those who hide things. They can narrow the search field afterwards.
..aaand the ones who get "caught" and are away with a slap on the wrist before you can say "this is a joke, I just cannot believe the hipocrisy of this, double standards much?" (because let's be realistic, it's not instant)
Is it really a surprise people in power wish to remain in power?
Except, you know, this guy named Osama Bin Laden. http://www.ibtimes.com/nsa-snowden-leaks-satellites-drones-c...
Well that idea isn't exactly new, unfortunately, remember Eric Scmidt.. "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place."
Whereas he bought himself a specially isolated penthouse in order to live his open marriage in perfect privacy.
After 10 years of pervasive surveillance and not being able to catch a single terrorist
Questionable. I wouldn't expect the NSA to put out a press release every time someone is nabbed on the back of their information-gathering, that wouldn't be very smart.
While your statement is true, it doesn't really give any justification on targeted spying. That is, unless of course, we consider the desire to hide things to be a signal of being a bad actor. Thinking along those lines is a very slippery slope though. The erosion of freedoms is just another side-effect of policies and actions shaped by such thinking.
Pardon the bluntless, but it seems like an a priori conclusion that only people taking pains to hide their data/communications should be targeted. That is not because the vast majority of those people are innocent (they are) but because that is the only group that contains a subset that poses a real & present threat.
So, that ignores your slippery slope argument about personal liberties, which are totally valid. How do you balance national security and personal liberty in this case? That's the million dollar question.
Please let me know if you question my reasoning. I'm purely looking at it as a 2x2 matrix of (highly encrypts personal data, does not ...) x (seeks to harm people/nation interests, does not ...)
So only the people hiding their tracks that seek to harm are the ones to worry about. Those that don't hide their tracks are a lot less likely to be operationally successful</euphemism>.
However, I assume that the 99.95% of people that highly encrypt personal do not seek to harm anyone, and are collateral damage here.
Constitutional tradeoffs happen all over. Fire in a crowded theater, felons rights to vote, personal rights to own certain weapons, etc. This is another one that needs to be decided very carefully. But I think both sides have very valid concerns.
Imagine if Chrome, Firefox, Safari, all of them had, just like the incognito mode, the private mode. Of course, as anonymity also depends on the behavior of the user online, other actions are needed to really ensure security and privacy. But making it the default will educate more people about the importance of privacy and, more importantly, make the point that privacy isn't only for criminals, terrorists and wrong-doers, but that "normal", law abiding citizens also should have the right to be private. And that is paramount for a democracy to work.
As you say, the tools have always been there, but no one uses them. That might be because it's a chicken-or-egg problem. At the same time, it might be because the people in the positions to develop and promote the tools, even if only for their own use, are being prevented by a one-track culture that encourages them to sell out their client's privacy in addition to discouraging them from working on projects like Tor. (Again, the HN forum is an example of that conflict - being a largely business-oriented forum; surveillance technology sells... Even DuckDuckGo, a favorite startup in this community, has filters to protect us.) Rather than peer-to-peer solutions like Gnutella, Gnunet, Tor, and even open wireless, people continue to make websites with JavaScript encryption, despite the proven MITM threat.
I don't think JavaScript and CSS will get us out of this, but if this latest revelation doesn't wake people up in the tech community specifically, nothing will, since BoingBoing readership is a large number of them - which to me means that the tech and programmer categories are themselves a primary focus of the surveillance that some highly-respected tech pundits (and HN forum members) have defended and rationalized as only being used for terrorists and perverts. That definition now includes anyone with enough knowledge to build or use strong privacy tools. The definition now includes everyone on this forum.
Unfortunately, this is key to making strong encryption commonplace. A social graph and real-time communication could be used to make key exchange easy and secure. Open client software is needed to make security verifiable. And the storage and email infrastructure and clients need to make using encryption the default.
All the pieces of a "trust nobody" environment are there, and so are the pieces for making it an easy to use default.
Hopefully, doing this will be required for American service and technology companies to regain trust.
How do you authorize a new device in an "easy and secure" way without simply outsourcing the problem to an intermediary who is then in a position to attack you by authorizing its own devices?
This issue has quite concrete implications for the security and convenience of lots of existing security tools, from GPG to iMessage to Skype to Firefox. They've chosen different approaches but the underlying problem and associated tradeoffs apply to all of them.
On the bright side, there are now a lot of people exploring the space of possibilities for dealing with these tradeoffs.
Just authorize. If you have perfect-forward secrecy, as long as you aren't being man-in-the-middled right now, you're safe.
It's better to have all people doing everything encrypted by default than not.
The goal isn't for one individual to be safe against a targeted NSA attack. That's insane--if the NSA wants you, specifically you are screwed; it simply has far too many resources to bring to bear.
The goal is to make it expensive for the big agencies to do pervasive surveillance. If everybody is encrypting all the time, random peon at Three Letter Agency has to get up from his chair and actually authorize a wiretap, get a warrant, etc. At that point, it's not going to happen unless you've actually done something very wrong.
WTF? I guess I am on a list. Who knew being an extremist was so easy?
4'th bullet point from the top in case you wish to check again.
/*
These variables define terms and websites relating to the TAILs (The Amnesic
Incognito Live System) software program, a comsec mechanism advocated by
extremists on extremist forums.
*/
Journalists gotta journalize.
I'm also willing to believe that hackers who want to use encryption and other privacy-oriented technologies use and read about open-source technologies. Although my guess is that this includes nearly all serious security researchers, experts, and implementers.
That said, to claim that people who read LJ are extremists, or that the magazine is something of an "extremist forum," misses the mark in so many ways.
Merely searching the web for the privacy-enhancing software tools outlined in the XKeyscore rules causes the NSA to mark and track the IP address of the person doing the search.
Again the media makes it sound like there exists a dragnet on (Google) searches. But this time one of the authors is J. Appelbaum.
So which is it? Terrorist Scores based on search engine searches sounds fantastically insane to me. But unencrypted it is possible to intercept. So perhaps it is something in between: All accessible searches are monitored, and search engines do not cooperate with this directly, unless they have to legally comply with the request?
And if it is not possible on the technical level, the NSA will find the people to access the data they want.
The NSA data is collected under search issued by a FISA court. So, during a suppression hearing, defense counsel can challenge the validity of the warrant. If their challenge is denied, they can appeal. If their appeal fails, they can petition the Supreme Court. In all these courts, the proceedings are public record and the standard for a warrant can be debated by lawyers and the public alike. We have an open process for checking the work of the humans issuing FISA court warrants; Use it.
Even if the warrant was valid, the NSA might have overstepped its bounds. This can also be challenged when the NSA defends the admissibility of its criminal evidence in a suppression hearing. An independent judiciary can decide if the executive branch has acted outside its bounds. No, an investigator isn't punished for the overbroad evidence collection, but they are embarrassed by having a criminal get off due to their sloppiness. We have an open process for checking the work of human investigators in this country; Use it.
It isn't as if the government just takes that evidence and unilaterally decides to blow people up. We have due process in this country; Use it.
/s
https://www.eff.org/deeplinks/2013/08/dea-and-nsa-team-intel...
The EFF calls it Intelligence Laundering. The DEA calls it parallel construction. Either way it is sinister and immoral and a court hasn't had a chance to rule on it precisely because it is very difficult for defendants to prove that both the prosecutor and judge were lied to.
So, I thought I'd try sarcasm. But I couldn't come up with a concise way to address the fact that parallel construction means that their info actually is used in criminal cases. Oh well, back to the drafting board...
On an unrelated news, http://mayday.us campaign still has two days left.
Well, except when they do, in Afghanistan or Yemen, say.
It's no wonder so many plea out to a lesser (but certain) sentence when given the choice.
This should not actually be a complicated inquiry.
http://www.theguardian.com/technology/2014/may/27/-sp-privac...
Look at Ukraine. War just pops up. I wonder which list they will go by first.
Until they clean house and stamp out the far right, they'll have a problem attracting new voters.
http://www.sueddeutsche.de/bayern/piratenpartei-und-rechte-u...
Pirate Party as a new and mostly undefined movement attracted all kinds of freaks - but it can only work as a movement of those that understand how the Internet can be used in politics, both the dangers and the potential for good, and who value the freedom and openness that was associated with the early net.
There were two versions of this story on the front page. This thread has the fuller discussion, the other the original source. In such cases we usually merge them by reassigning the url and burying the other thread.
Edit: The title and link of this HN article have changed. The link changed from a BoingBoing article to the original German article, and the headline used to be a question ("Who is the NSA spying on..." or similar) that gave the GP comment more context.
In reality, there is hard epidemiological data showing that selling raw milk (edit: e.g. through the normal store channels) can lead to serious harm including deaths. So FDA bans it for interstate sales, but it's up to the state to decide how to regulate in-state sales. Just like any other food safety issue.
NSA is extremely unlikely to be involved in enforcing regulations against raw milk in reality, but in the mind of the conservative conspiracy theorist it's all of one totalitarian piece.
Please STOP spreading misinformation. The only two deaths from raw milk in the last 20 years were traced back to bad queso fresco. In fact, over the same time period, there were more deaths attributed to pasteurized liquid milk than to raw liquid milk[1].
It's amazing what 30 seconds of Googling can do.
[1] http://www.realrawmilkfacts.com/raw-milk-news/story/outbreak...
Electronic surveillance used to be more stigmatized in some ways, but it's becoming more culturally normalized as a basic government tool (at least in the culture of government agencies -- I hope not as much elsewhere). So you see it used in more and more contexts.
I'm totally unfamiliar with the raw milk regulations, but I think that people who are concerned about them could reasonably worry that electronic communications surveillance will be used to enforce them in the future. Likely not by NSA itself, but perhaps through something that's in part technological trickle-down from NSA development or procurement.
I'd love to see the evidence, and see it compared to other food sources.
I grew up in India. There all we got was raw milk from the cowherd; in fact, even today, my parents send the helper to get milk in a pail from the cowherd. It's always been raw milk, warm and fresh from the udder. And the first thing they do is to boil it.
If I were to conjecture, it's that the "no raw milk" diktat forces farmers to go to big distribution companies with the requisite facilities for pasteurization.
The first sentence goes "If you read Boing Boing, the NSA considers you a target for deep surveillance".
So, if you find this interesting, maybe you shouldn't read it.
First they came for the Socialists, and I did not speak out— Because I was not a Socialist.
Then they came for the Trade Unionists, and I did not speak out— Because I was not a Trade Unionist.
Then they came for the Jews, and I did not speak out— Because I was not a Jew.
Then they came for me—and there was no one left to speak for me.
I don't agree at all with these practices.
Heard that one before.