Schneier: what we need the whistleblowers to tell us about America's surveillance apparatus

Bruce Schneier writes in The Atlantic to comment on the leaked court order showing that the NSA has been secretly engaged in bulk domestic surveillance, recording who everyone is talking to, when, for how long, and where they are when they do. Schneier points out -- as many have -- that this is the tip of the iceberg, and lays out a set of government secrets that we need whistleblowers to disclose in order to grasp the full scope of the new, total surveillance state:

We need details on the full extent of the FBI's spying capabilities. We don't know what information it routinely collects on American citizens, what extra information it collects on those on various watch lists, and what legal justifications it invokes for its actions. We don't know its plans for future data collection. We don't know what scandals and illegal actions -- either past or present -- are currently being covered up.

We also need information about what data the NSA gathers, either domestically or internationally. We don't know how much it collects surreptitiously, and how much it relies on arrangements with various companies. We don't know how much it uses password cracking to get at encrypted data, and how much it exploits existing system vulnerabilities. We don't know whether it deliberately inserts backdoors into systems it wants to monitor, either with or without the permission of the communications-system vendors.

And we need details about the sorts of analysis the organizations perform. We don't know what they quickly cull at the point of collection, and what they store for later analysis -- and how long they store it. We don't know what sort of database profiling they do, how extensive their CCTV and surveillance-drone analysis is, how much they perform behavioral analysis, or how extensively they trace friends of people on their watch lists.

We don't know how big the U.S. surveillance apparatus is today, either in terms of money and people or in terms of how many people are monitored or how much data is collected. Modern technology makes it possible to monitor vastly more people -- yesterday's NSA revelations demonstrate that they could easily surveil everyone -- than could ever be done manually.

What We Don't Know About Spying on Citizens: Scarier Than What We Know



  1. We need people to pay attention to this stuff longer than a week so congress might do something about it.

    1. I’m sorry, did you say you thought Congress might “do something“? They say Jesus is coming back, too, but I’m not holding my breath.

  2. Something confuses me about all of this. If the FBI and NSA are already getting all of the meta data on phone calls for all subscribers, why does the DOJ need to get records directly from the carriers as well?

    My suspicion is that the real problem is that none of these agencies are sharing the information they collect with each other yet, which I seem to recall being one of the main elements of the Patriot Act.

    1. the real problem is that none of these agencies are sharing the information they collect with each other

      No, the real problem is they aren’t installing cameras directly in our homes.  How are they going to stop terrorists without having cameras in our homes?

        1. Supposedly the green led light is wired in such a way that there’s no way to disable it remotely nor without physically opening the display (and even then it’s a difficult and time-consuming process). It’s supposedly a simple circuit that turns on when there is power to the cam. (If someone has photographic evidence of this, please share it.)

          The way things are going maybe Apple gives law enforcement a secret backdoor into the camera chip’s firmware to disable the light somehow that’s not readily apparent to us, but I think this is extremely unlikely since I think it would be pretty easy to take the iSight apart and check it for this.

          Then again, I haven’t seen photographic evidence of this wiring and Apple will allow the government to snoop into your “encrypted” iPhone, so why trust them at all with your privacy, really?

          Either way, you don’t need ugly tape to disable the camera completely, you can use this handy applescript instead:

          I personally don’t really think Apple has a way to remotely disable the green light while the camera is on, but I have to admit I’d like to see rock solid evidence for that wiring setup as well. I’ve never seen any evidence, just hearsay. And, I’m sure as hell not going to take Apple’s word on it.

          Maybe iFixit would take the challenge to prove it once and for all? I dunno.

          1. Nice little script, but I prefer tape. I’m sure clever people working for an unfriendly government (ahem) could disable the script remotely. It’ll take human hands or an FBI-controlled robot to remove tape.

  3. The NSA now has a treasure trove of data to blackmail people with. Has a prominent politician, judge, or businessperson ever visited a porn website or had many conversations with a person who is not their spouse? Have they bought sex toys? Have they talked to ‘suspect’ federal employees? We’ve got the data! I can only imagine the amount of extortion that could be used with such a data set. Of course, this will never occur because the NSA never lies to us and their security precautions are perfect (except for the times they have lied to us and the existence of their data-mining programs were made public). Let’s just say that a few hard drives of this data would be worth a million lobbyists. With a couple of terabytes of data, you could pretty much rule the country.

    1.  This right here is where this is going (or has already been used). It’s not like we didn’t just catch the IRS being used as a weapon.
      Some of the blackmail will be by the powers that be, some will be insiders getting bribed millions for the right information.

    2. “I’m a Verizon customer. I could care less if they’re looking at my phone records. … If you’re not getting a call from a terrorist organization, you got nothing to worry about,” said Sen. Lindsey Graham, R-S.C.

      Now it should be easy to find out if he really does have gay lovers!

      1. And because this is a democracy, the Tea Party, as loathsome as they are, had nothing to worry about. Until they system broke and the IRS went rogue.

  4. The biggest spying operation in US history and its against its own citizens. I can see I haven’t been paranoid enough these past 20 years and I’m the tinfoil hat bearer in my family.

    1. One good thing is now whistleblowers can tell people about things they know and not sound crazy to cowed Americans as much anymore.

      Hopefully, the floodgates will open.At this point the revolution will be televised, because they’ve got us all under surveillance.

      It’s time to bring… it… all…  DOWN.

      1.  This story seems to have hit a nerve with the children of the network, unlike other stories that have surfaced from the  government.

        I share your desire for a reboot.

        1. It might just be faster to use the task manager to end useless and non-responding processes.

  5. I’d call Obama a wolf in sheep’s clothing but I actually like both wolves and sheep.

  6. So… when Microsoft says they will never use the XBox One to spy on you in your living room (unless you opt in), maybe they were telling the truth…?

    They’ll simply allow the NSA to use it to spy on you instead.

    I’m not kidding, by the way.  Why should I be?

  7. I think we have a pretty good idea of what the NSA is going for and all. They’re building that huge facility in Utah, a couple of billion dollars worth I believe. The goal is to siphon up and collect EVERYTHING that passes through the telecomm system. They’ll worry later about how to mine the data – that’s why they’re developing the fastest computers in the world, mind-numbingly fast. That, and the computers will be able to zip through various permutations of encryption methods. There won’t be much they won’t have. The big stumbling block is finding what they need in all that data.

    Even if they can’t make sense of the data, it won’t stop them from going after people they think are threats. For example, the CIA’s drone program classifies human targets in one of two basic ways – known individuals, and individuals whose activities appear to be terror-related.

    I’m not worried about any of it though – their procedures and policies are foolproof…

    1. And in a couple of generations, when all that data is made freely available to all via your New Smithsonian, your great grandchildren will be able to see how you worked, lived, loved, and loathed. A valuable future genealogical resource for the future. But I may be missing the point.

      1. your great grandchildren will be able to see how you worked, lived, loved, and loathed.

        I’m not sure they’ll want to see all the “loved” parts, if you know what I mean.

  8. How about we tear the entire system down and figure out what it was doing as we dismantle it and make a list of things that will never be allowed again in the name of protecting “Freedom”.

    1. The problem is that our system like other governmental systems, is designed to be resilient and hard to dismantle. My fear is that it’s going to take something that most Americans don’t have the stomach for.

      1. It is better to try and fail than to not try.
        And if it looks like we might fail, we just pull the records on Congresscritters and the rich and powerful and “acquire” their assistance in tearing it down.

  9. I think I would prefer lawmakers that made warrantless surveillance illegal and punishable with jail time.

    1. It’s already illegal (that didn’t stop the NSA in 2001), but the FISC is the mechanism by which the surveillance is made legal by issuing secret warrants. Going back to the previous parenthetical, the NSA just bypassed the FISC altogether, conducting illegal surveillance with very little hesitation.

      What I’m not clear about, and I don’t have the time to research right now, is how domestic surveillance is being justified. The NSA’s legal mandate is to conduct signals surveillance of non-US targets. If either of the parties in a communication is in the US or is living overseas but is either a citizen or legal US resident (I can’t remember which), the surveillance must immediately stop.

      That restriction was ignored by the NSA and pushed down through the military chains of command to various military analysts, with such clever excuses as “what if the (citizen’s) phone was stolen by a terrorist?” Yep, child-like logic.

      It’s going to take a huge shift in thinking in Washington to put people behind bars. Illegal surveillance, especially done with a wink and a nod from lawmakers, points too may fingers back at the people who can make that happen. The guilty will have to accuse themselves.

  10. In the mean time I suggest to fill the web with disinformation about how we plan to blow up Buckingham Palace or the White House. Let those ff-ers drown in all the noise.

  11. One thing’s for sure, ‘terrorists’ aren’t what’s motivating these agencies. It’s uprisings like Turkey that keeps these folks up at night. If and when the time comes all this collected data will be used to swoop down on ‘trouble-makers and anarchists’ or whatever they will be labelling demonstrators at the time. Nothing has changed, really, just the methodology. Socialism, or some variant thereof, is what keeps the rich and powerful up at night. If the population ever wakes up and decides that national wealth should be by the people/for the people etc the game will be over for these parasites and they know it.

    1. If uprisings like they have seen around the globe are keeping them up, why have they failed to connect the dots to see that spying on your own citizens tends to make them want to riot?

      If you send police in full on SWAT riot gear to a peaceful event, it often stops being peaceful as those who came dressed for a riot push to get a riot to start.

      Cause and effect… and yet over and over they can’t seem to grasp that more they push citizens the more they push back.

  12. To quote Dr. Richard D. Wolf, “The problem is the system…”  In the 90’s there was a long hard fight to prevent and restrict corporations from collecting data on people that user of their systems, telephone records, internet usage, etc…  In the US we mostly lost.  In Germany their are protections from collecting user data.  To quote Bill Joy, formerly of Sun Microsystems, “You privacy is gone.  Get over it.”

    We are not getting over it and we have neglected this problem for decades so there is a lot of work to be done.  The best approach is to deal with this from a systems perspective.

  13. First of all, if it can be done, it is being done, because others are
    doing it.

    Second of all, if informing the public of what is being done may
    result in riots or other loss of security for those doing everything
    possible to do, it is deemed secret.

    Third, those who talk about protecting privacy are delusional
    and serve the needs of those who removed it from everyone
    who need to keep the public believing they still have some
    privacy to fight to protect.

    Forth, in government, the public is not informed of things unless
    necessary, and most of what is done is done in secret while the
    public is cultured to live a false history, as seen on TV.

    Those who wish to know the extent of the global surveillance
    state of the world should just read J. Assanges new book where
    he adeptly writes of the actual scale of things, which is nothing
    like the public imagines in their clinging to notions of comfort,
    moral fabric, and a delusional default condition called “privacy”
    which is still being perpetrated so that wrongdoers continue to
    imagine they have some, that they may be ensnared.

    Continue about your legal business as usual.

      1. I am an informed writer, and so I write
        about it a bit when others talk about it,
        but I see your question is serious, and
        is a good question about what to do.

        I think all there is to do about it is to
        educate people, when their minds are
        open, but the direction of society
        is towards no privacy.  For my part,
        I abandoned privacy in 1999, and so
        I have no expectations of any, and
        so I am not uncomfortable with the
        surveillance state which is now
        becoming more concerned about
        maintaining it’s own privacy, which
        it is naturally losing according to the
        laws of physics.

        What comes around goes around,
        and governments who take security
        and privacy from others, lose their
        own, just the same.

        I teach people who would like to
        have security and privacy to deliver
        it to others, like I do, and then they
        shall be given some, as well.  

        This is how life works.

Comments are closed.