More NSA leaks: how the NSA bends the truth about spying on Americans while insisting it doesn't spy on Americans

Discuss

31 Responses to “More NSA leaks: how the NSA bends the truth about spying on Americans while insisting it doesn't spy on Americans”

  1. deaconblu says:

    Yesterday, as I was driving, minding my own business, a passing police officer looked Directly At Me. My face, along with the approximate time and location are almost certainly now stored in his memory…

    There can truly be no privacy until all government officials are prohibited from observing innocent, law abiding citizens. They should only be allowed to observe convicted criminals.

    Yes, that’s absurd, but so is the notion that the world is a safe, secure little mountain dell, where we all take naps in between hugging sessions. Remember 9-11? That happened. The same sort of people are out there right now, praying for another shot at blowing up thousands of civilians. 

    It’s absolutely necessary to consider, and weigh,  the costs of security. It is absolutely foolish, however, to pretend that security is unnecessary, or that it can come at no cost. 

    • Luther Blissett says:

      I disagree.

      I could argue with you, I could shout at you, but I guess I’ll be never able to convince you that you misunderstood the concepts of freedom and of security. What a pity, this is the interwebz.

      However, please try to consider the implications of your current belief.

      And please consider the facts. Consider what we’ve learned from the leaks. Consider what you might have learned about checks and balances, about the political system of the US, and especially of other countries.
      Please, consider history. We can learn from it.

      • Charles-A Rovira says:

        Sadly, as Hegel wrote, “We learn from history that we never learn anything from history.”

    •  So… that police officer that looked directly at you yesterday searched you, your web history, your physical and electronic mail, your computer and laptop, your telephone, your smart-phone, the contents of your house, the photo albums from your last trip to Europe? He touched your genitals and commanded you to undress? He questioned you for days, detained, without any contact with any kind of lawyer?

      NO?

      Fuck off, Sir!  

    • oasisob1 says:

      Hello and welcome to BoingBoing. We hope you stick around to share more of your beliefs, and that you didn’t come along for just this one little comment.

    • Cowicide says:

      It is absolutely foolish, however, to pretend that security is unnecessary

      Tell me, who is this mythical beast that thinks all forms of security are unnecessary?

      Did this beast come to you in a dream or did you conjure it up in your mind with your wild imagination?

      Remember 9-11?

      Yep, and other things too…

      http://www.fair.org/blog/2013/04/16/terror-returns-but-when-did-it-go-away/

      There can truly be no privacy until all government officials are prohibited from observing innocent, law abiding citizens. They should only be allowed to observe convicted criminals.

      Let me introduce you to the Fallacy Of Extension:

      http://www.don-lindsay-archive.org/skeptic/arguments.html#straw

      Remember 9-11? That happened. The same sort of people are out there right now, praying for another shot at blowing up thousands of civilians.

      This unconstitutional, suspicionless surveillance on innocent Americans isn’t about protection, it’s about money.

      http://www.washingtonsblog.com/2013/06/the-dirty-little-secret-about-nsa-spying-it-doesnt-work.html

      FTA:

      Daily Caller: So what are they doing with all of this information? If they can’t stop the Boston marathon bombing, what are they doing with it?

      Binney: Well again, they’re putting an extra burden on all of their analysts. It’s not something that’s going to help them; it’s something that’s burdensome. There are ways to do the analysis properly, but they don’t really want the solution because if they got it, they wouldn’t be able to keep demanding the money to solve it. I call it their business statement, “Keep the problems going so the money keeps flowing.” It’s all about contracts and money.

      How many of your civil rights are you willing to give up in the name of corruption and security theatre?

      Also, I’d like to quote another, brave American hero for you:

      ” … US officials also provide misleading or directly false assertions about the value of these programs, as they did just recently with the Zazi case, which court documents clearly show was not unveiled by PRISM.

      Journalists should ask a specific question: since these programs began operation shortly after September 11th, how many terrorist attacks were prevented SOLELY by information derived from this suspicionless surveillance that could not be gained via any other source? Then ask how many individual communications were ingested to acheive that, and ask yourself if it was worth it. Bathtub falls and police officers kill more Americans than terrorism, yet we’ve been asked to sacrifice our most sacred rights for fear of falling victim to it. … ”

      - Edward Snowden (former CIA/NSA, Booz Allen Hamilton/etc.)

    • Humbabella says:

      This is an article largely about how the NSA was allowed to justify lying to congress, the arm of government that is supposed to be a check on their powers.  It is not about pretending security doesn’t exist, it is about an organization being given billions of dollars to act without any kind of oversight or accountability.  We cannot expect any such organization to accomplish anything real or positive, security or otherwise.

    • dragonthc says:

      Liberty has a cost. It’s not worth giving some up for perceived security.  ever. If you think it’s ok, you deserve neither liberty nor security.

      And the real issue isn’t whether they’re looking at your private communications, it’s that they are storing them. In direct violation of the 4th amendment, they’re storing them. If you get pulled out of line trying to get on a plane for a “random” extra check, what’s to stop them from poring through your last five years of life? “I see in 2011 during a phone call with your cousin, you made a comment about harming the President.  Now you’re going to jail.  Sure it’s hypothetical, but 5 years ago, so was storing all of our communications, wasn’t it?

      • bardfinn says:

        The real issue really is that they’re looking at your/our communications. They’ve worked hard to shift the Overton Window so that it no longer seems to be the real issue.

    • donovan acree says:

      The fact is that the US government kills more US citizens than the terrorists could ever hope to match. If we need security and protection from anything, it would be the US government.What is truly absurd, is your defending the notion that committing a crime is the right way to go about securing our safety.

    • steveboyett says:

      Here’s a more apt analogy: Yesterday, as I was reading at home, the police broke in and ransacked my house because they saw that I had lowered my shades. The fact that I did not want everyone to know what I was doing in my house was suspicious, and they felt entitled to see for themselves.

  2. Aldous Schenck says:

    Of course, it you send an encrypted email then obviously you have something to hide, making you ipso facto suspicious.  

    The clear endgame of this kind of warped institutional mentality is a tacit demand from the state that its subjects bare all, all the time.  “If you would just stop trying to keep things from us, we would stop watching you.”

    To paraphrase Milan Kundera, who knew a thing or two about the machinations of totalitarian regimes: The more secretive the state becomes, the more transparency it demands from its subjects.  

    Even if what the NSA is saying – and what they’re saying changes every day – is true (it’s only metadata, there’s proper oversight, because terrorists, blah blah blah), the ultimate goal of all this data collection and aggregation is to predict future behavior.  Which means that at some point the government will believe it knows what you are thinking.   

    Combine that with the fact that the state recently granted itself the right to detain you, an American citizen, indefinitely, without charges or due process.  Today it’s vindicative IRS audits (the Tea Party) and grandstanding federal DAs (Aaron Swartz).

    Tomorrow you just disappear.  

    But hey, nothing to hide, nothing to fear, right?   

    • Charles-A Rovira says:

      The lack of transparency is what is really at issue.

      I would not mind having to “live a life examined“, as Socrates would have wanted, as long as that meant that I was not judged for being too benign, mundane or boring.

      When I am watched, I want to know about it. “Quis custodiet ipso custodes” and all that.

      If I can assume that I am watched, then I want to know to what degree can I depend on that situation.

      Its a trade off so I want to know what am I getting in return.

      It is not all going one way. My privacy is a valuable commodity. What am I getting in return?

      We could/should/would get into the details of what do we all say I have to trade and for what.

      But we have to be open about it.

  3. mrmcd says:

    Eh, the retention of encrypted material seem more about code breaking than believing that people with encrypted messages have something to hide. Basically, some crypto systems have very subtle flaws where each message in a stream, or certain parts of a conversation, will “leak” small amounts of information about the cleartext or key. Therefore if they’re trying to break the encryption on a specific target, it’s useful to retain the whole set communications, even if some comes from a souce identified to be American.

    More troubling is the part about retaining messages regarding security vulnerabilities (section 5, paragraph 3) or technical information about exploiting communications systems. So basically if they happen across you discussing a new zero day, or login credentials or ssh keys, and it might be useful to breaking into a server or exploiting a target they’re interested, they’re allowed to just keep it. Even if you’re American and have done nothing wrong.  NSA in ur email, stealin’ ur zero days.

    Also if you’re a dirty non-American, then you have pretty much zero rights. Wave to the NSA folks!

    • Charles-A Rovira says:

      Also if you’re a dirty non-American, then you have pretty much zero rights. Wave to the NSA folks!

      Except the right to evolve better and better encryption algorithms and to use them.

      • mrmcd says:

        Depressingly, the fact is that only a tiny, tiny fraction of users actually bother to learn and use encryption of data-at-rest with keys held only by the user, meaning the NSA doesn’t really care that much. 

        I’ve always thought that the speculation about the NSA’s ability to secretly break current crypto algorithms is over blown. The reason we don’t see more pushback on civilians using encryption is that even SSL coverage is spotty at best, and when it is used, almost no one bothers to go through the trouble of encrypting data once it leaves the transport and gets captured and stored by servers. Why go through all the trouble of breaking someones SSL connection to gmail.com when you can just force google to hand over the whole mailbox?

        • awjt says:

          Or the NSA already has the other key to read everything, because they infiltrated the CAs on a previous warrant.

        • Luther Blissett says:

          Depressingly, the fact is that only a tiny, tiny fraction of users actually bother to learn and use encryption

          ^ This.

          As long as PGP/GPG encryption is not included in email clients by default, especially including a very intuitive key generation and general purpose interface, nobody will use it.

          It should come with any high-price fancy smartass product. It never ever should need a command line. Everything more complicated than a button “secure mail” or “secure phonecall” is to complicated. Even the key sharing should be just included in this. You click, a p2p server network is asked to deliver the recipients key, you get either a green (trusted), and orange (valid key and signature, but unconfirmed) or a red (valid, but untrusted) background and the mail heads off. No more tinkering, no cmdline “gpg –anything”, not a single time.

          Why, pray, is this not delivered? Even on a full-blown multi-purpose computing device running current OS’, users have to read a full tutorial about how encryption works, how it is installed and how you should manage your keys before even sending the first encrypted mail goes out.

          Screw the programmes who design this. It’s nice to be able to admin this, root that, and sudo something, but at the end of the day the thing which is intuitive prevails. Be able to, yes. Need, never.

          Hell, get going, programmers of this interwebz.
          There will be cake!

        •  Seriously, try picking some random friend or relative, and send them an encrypted e-mail with a secret word.  Tell them that you will give them $20 if they reply to this e-mail with that word.  Let me know how many takers you get.

          The problem is one of standards.  https is a standard, so it is easy to use.  How many e-mail clients (or even webmail) support encryption.  I am a geek, and if I received an encrypted e-mail, I have no idea where to even find the public key.  Where would I publish my public key?  And even if I did do all of this, I could only send encrypted e-mail to people who wear tin-foil hate.

          In order for encryption to actually work, it needs to be *standard* on all clients, and easy to set up.  Really, it needs to be the default setting.

          Or, the other option is to actually elect a President who cares about privacy.

          • theophrastvs says:

            gpg --keyserver pool.sks-keyservers.net --search-key 'Kevin Harrelson'
            gpg: searching for "Kevin Harrelson" from hkp server pool.sks-keyservers.net
            gpg: key "Kevin Harrelson" not found on keyserver

            yes indeed, the evidence nicely supports your point (if that is your name [wink])

          • Luther Blissett says:

            @facebook-1073720809:disqus , nice idea. Does not work, though: I can’t encrypt something for someone without to have his/her pubkey. Sadly, nearly nobody among my contacts has a key, because it’s not included to create one in outlook, thunderbird etc. – which would be bring back to my post above.

            BTW, pgp is a quasi-standard. And most key managers can search public key servers where people could deposit their keys. You could as well. Just try, e.g., gpg4wind, it’s all included.

            Re:elections: Don’t they all care about privacy? As in “how can we avoid to much privacy?”

          • mrmcd says:

            A friend of mine who’s moderately technical but not in a profession way pinged me about this chrome extension recently: http://www.mailvelope.com/

            It’s a nice, cross platform OpenPGP implementation that runs on top of webmail services. It’s about as close as you can get to turnkey PGP on gmail, yahoo, hotmail, etc. However, it’s still incomplete (no message signatures, no encrypted attachments, no trust chain and key signings). Even if/when those features are finished, it still highlights several major obstacles to getting people to use encryption in their everyday life:

            Key management – Explaining public/private keys, keychain management, and fingerprints, message signing, and trust settings to ordinary, not IT professional users is really really hard, much less getting them to use these things correctly and safely. This is further complicated by the fact that most of us use multiple devices now, and now have an expectation of being able to seamlessly switch between them. If I pickup my iphone and suddenly my email is all gibberish, that’s a dealbreaker for lots of people. So then we have a problem of how to manage private keys across multiple devices securely without exposing them to adversaries and still making it easy enough for grandma to use. 

            Search – Even if google gave up on adwords tomorrow and decided to become a money losing web service charity, they still couldn’t implement client side encryption of everything without killing search. Most people, myself included, have come to rely on being able to search back months or years through lots of email to find the one with my old forums account login name, or my friend’s passing recommendation for taco places in San Diego. If everything is cipher text, you can’t index it without the indexer also having the key, which kind of defeats the whole purpose of client side encryption. It’s also not practical to download 5 years of email, decrypt, and reindex it everytime you want to find that address for a taco stand. 

            Backups – Most users don’t do backups like they should, which means they won’t backup their private keys. This means when a hard drive crashes there’s a good chance some ordinary user’s 5 years of email stand a good chance of becoming indecipherable gibberish. This is kind of a bad user experience for most people. To say nothing of redistributing a new public key and getting everyone to be aware of it and switch over for new communications. 

            This isn’t to suggest we should give up and there isn’t a great, easy, everyday solution to all these problems. I’m just pointing out there’s still serious obstacles to widely deployed encryption of all everyday communications that explain it’s lack of adoption beyond lazyness, stupidity, or webmail developers taking orders from the NSA.

        • Revanse says:

          You think the NSA doesn’t have a copy of Google’s SSL keys?  And Microsoft’s, and Yahoo’s, and Twitter’s?

          If they can’t get them through the courts, they’ll have an officer reach out to a patriotic employee.

          That’s why the NSA hoovers all of Google’s raw data feeds.  Sure, it’s encrypted, but the NSA has the keys.

  4. Luther Blissett says:

    Depressingly, the fact is that only a tiny, tiny fraction of users actually bother to learn and use encryption

    ^ This.

    As long as PGP/GPG encryption is not included in email clients by default, especially including a very intuitive key generation and general purpose interface, nobody will use it.

    It should come with any high-price fancy smartass product. It never ever should need a command line. Everything more complicated than a button “secure mail” or “secure phonecall” is to complicated. Even the key sharing should be just included in this. You click, a p2p server network is asked to deliver the recipients key, you get either a green (trusted), and orange (valid key and signature, but unconfirmed) or a red (valid, but untrusted) background and the mail heads off. No more tinkering, no cmdline “gpg –anything”, not a single time.

    Why, pray, is this not delivered? Even on a full-blown multi-purpose computing device running current OS’, users have to read a full tutorial about how encryption works, how it is installed and how you should manage your keys before even sending the first encrypted mail goes out.

    Screw the ones who design this. It’s nice to be able to admin this, root that, and sudo something, but at the end of the day the thing which is intuitive prevails. Be able to, yes. Need, never.

    Hell, get going, programmers of this interwebz.
    There will be cake!

  5. Cocomaan says:

    This is what a slow motion military coup looks like.

    • rocketpj says:

       In time.  This is the early part.  An authoritarian coup is basically a seizure of power by a segment of the elites – rich, military or a combination.

      Step 1a.  Erosion of rights and expansion of police/state power over individuals.  Combine with removing accountability and democratic oversight.  Happening now.

      Step 1b.  Capture of regulation and government by elites – financial, money and some military elites.  This is happening/has happened.

      Step 2.  Inevitably, when government is in thrall to private interests, corruption begins and expands.  Over time, the economy stagnates and even begins to collapse.  The wealthy and other elites are insulated by the above factors, the rest begin to suffer.

      Step 3.  Rot and collapse begins to get out of control.  Elites still largely unaffected.

      Step 4. The public begins to get upset (Occupy was a beginning, but just a polite warm up for the kind of upset I mean).  They have been robbed and have lost their freedom in the process.  Things get ugly in the streets.

      Step 5.  Military/corporate coup to ‘restore order’.  Then it’s over for a generation or two, corruption goes up another notch. 

       

      • Cocomaan says:

        I see where you are going with this. Government is very predictable in how it reacts to things.

        Fortunately, that can be used in our favor.

Leave a Reply