EFF Interviewed About Their Case Against AT&T

ntk writes "Glenn Greenwald from Salon has a long, informative interview with Cindy Cohn, the EFF attorney leading the suit against AT&T over their warrantless wiretapping of their customers. It talks about why the White House is pushing for retroactive immunity against the telco, what the suit has revealed so far, and how little Congressfolk appear to know about how Internet traffic is being monitored."

They should be suing others

In particular, QWest and Verizon. Has nobody noticed the 100 Billion+ telcom award that went to the 3? Think that the FCC award it to them for their high bids (they were the TOP bidder).

Re:They should be suing others

[rs79]

Just a guess, but wouldn't it be easier to go after others if you have the (assuming they prevail) winning precedent in hand?

Re:They should be suing others

[Aaron+Denney]

Actually, Qwest probably wasn't involved with the spying. The CEO, Nacchio is being pursued by the SEC apparently in retaliation for declining to spy illegally. Naturally, his attempts to bring this up at the trial are being quashed.

Re:They should be suing others

Qwest in fact should not be sued. I don't like Qwest overly much personally, due to their slooooow DSL deployment. However, when the NSA et al. went to Qwest to ask for surveilance, Qwest said in effect "That's illegal. Piss off." And they DID lose some expensive contracts in retaliation.

Just don't trust the middle

[mwilliamson]

The public needs to understand and accept the fact that neither telecos nor governments are trustworthy. Privacy is up to end users and they are free to secure their own traffic by wrapping it in real crypto. GPG, OpenSSL and OpenVPN are just a few free open-source toolkits available to provide secure ways to communicate without having to worry about the trustworthiness of the pipe between here and there.

It's just naive to wait for some politician to protect your privacy when you have the tools to insure this yourself. As a matter of practice, stick your letters in an envelope instead of waiting for the postmaster general to outlaw literacy of postal employees.

Re:Just don't trust the middle

[pikine]

I agree with what you said. The same technique also works to evade the great firewall of China.

The mentioning of OpenSSL also implies that HTTP should go over TLS whenever possible, as long as you trust the website for properly handling your data. That means websites should provide an HTTPS version. There is a problem, though. Many websites on the web are name-based virtual hosts. SSL doesn't work on them because you have to exchange the certificate, which is site specific, before sending the Host header that decides which site you want.

Re:Just don't trust the middle

[Daniel+Dvorkin]

It's just naive to wait for some politician to protect your privacy when you have the tools to insure this yourself.

As long as those tools are legal. The US already has ridiculous export restrictions on crypto (as though people in other countries aren't capable of writing this stuff on their own!) and IIRC, the UK government has argued for a central, government-run crypto key database, such that it would be illegal to encrypt anything in a way that law enforcement can't immediately crack. What's naive is thinking that just because the tools exist, you'll always be able to use them without getting your door kicked down in the middle of the night, a flashlight shined in your face as you're hauled out bed and cuffed, and a booming voice asking, "Citizen, what are you trying to hide?"

Short of armed revolution, which is not something that any sane person should want to become necessary, our best defense against government intrusion is to get politicians on board. Laws protecting citizens from abuses of power can and do work; for most of its existence, the Bill of Rights has been a sterling example. On those occasions when the government chooses to disregard these laws, it is the responsibility of We The People to put it back in its place -- and it is far preferable to do that with ballots than with bullets.

Re:Just don't trust the middle

[mrsteveman1]

Ignoring what the government does just because you can encrypt things at the moment is foolish.

I might add that if anyone had an interest in cracking popular encryption schemes right now, it would be the government that is trying to read every packet you touch. Things like this are never certain but I wouldn't trust my life to encryption anymore regardless of keysize or cipher length.

Re:Just don't trust the middle

[blackest_k]

sure your internet usage you can do something to ensure some privacy, any suggestions for what the end user can do to secure their telephone calls?

Voip and instant messaging programs probably could build in pgp or something similar so that whats transmitted isn't plain text or voice but I've yet to see anything like that, why is that?
A public / private key system should be easy to implement even over a standard messaging service like AIM or MSN or any of the others.

It would make sense to routinely encrypt instant messages, just to ensure some privacy.

With Internet access over Satellite for example its relatively easy to use a packet capturing program in combination with a simple satellite card. just takes time and some hard drive space.

There is also an interesting possibility of using automated pre and post processing of instant messages to communicate across languages. For example French to English and back again. (ok most machine translation is quite poor but you can adapt to the limitations and get a good approximation of what you want to say).

The closest thing I ever saw to this was a muppet swedish chef script which took normal English and translated it. /bork what ever :)

Re:Just don't trust the middle

[WindowlessView]

Privacy is up to end users and they are free to secure their own traffic by wrapping it in real crypto.

Sadly, Either the crypto has to be built into the product, in which case the gov will either outlaw it or demand back doors, or you are faced with the same situation that secure email has always been in i.e. for every person willing to encrypt there are a thousand who don't understand it, don't care, or just too lazy.

Re:Just don't trust the middle

[PopeRatzo]

The public needs to understand and accept the fact that neither telecos nor governments are trustworthy.

People keep throwing out this "cain't trust the gummint" garbage without realizing that the government is supposed to be us.

If Americans would just stop basing their vote on the rantings of Right-Wing radio idiots and start exercising their ability to influence the people we elect, we might actually be able to have a little trust in the government, in ourselves.

The authoritarian plutocrats have been spending billions to create this nonsense that government is the root of all evil, and if we'd just put all the power in the hands of corporate managers, life in America would be utopia. It's actually become conventional wisdom now that the private sector can do everything better than the public. The problem is, our experience with insurance companies, communication companies, energy companies, the very biggest of the big corporations, is uniformly horrible. But now we're supposed to happily turn over health care to those same insurance companies, media to those same communication companies (think of your cable provider) and the fuel of our lives over to Exxon.

I don't know about you all, but the last time I went to the DMV here in Chicago to renew my driver's license, it was a quick, inexpensive and efficient process. I was in and out in less than 15 minutes. I went to the DMV because the Secretary of State of Illinois sent me a timely letter telling me that my license was about to expire, and giving me instructions as to what I should bring and where I should go.

How was your last interaction with your insurance company?

I'm thoroughly sick of hearing people stridently assert that government can't do anything right. If any part of that is true, maybe it's because a certain segment of our ruling class and their corporate masters have been working and spending hard to destroy that very government, hoping that we'll happily open our wallets and our lives to them so they can do it right.

Maybe we ought to think about saving our government as created by our founding fathers with our Constitution before we decide to turn over control of our lives to the corporate sector, who, when it comes down to it, cares a lot more about their quarterly profits than about our welfare.

Re:Just don't trust the middle

[ScrewMaster]

Short of armed revolution, which is not something that any sane person should want to become necessary

Most people wouldn't consider Thomas Jefferson to be insane, and yet he would consider us long overdue for a rebellion. I think the problem may have gone too far, the rot set in too deep, for political/legal measures alone to have much effect. I know some people that left the FBI because of what they saw happening there, because of the kind of people that are working there now. It's not good, and if the only real hope we have for improvement rests with Congress I fear all is already lost.

Re:Just don't trust the middle

[Suicide+Drink]

That's fine and all, but I thought one of the things they were tracking was the connection itself, between who/what.

Re:Just don't trust the middle

[Daniel+Dvorkin]

Jefferson was quite sane, and he knew that things had indeed gone beyond a political solution. But it should take a lot before anyone ever gets to that point. There had been mutterings about rebellion in the Colonies since at least the 1720's, but except for isolated local incidents (which were quickly crushed) it never came to anything before 1776, and up through 1770 or so most people thought, quite rightly, that the idea was pretty dumb, because the Colonies simply didn't have the resources to make it work.

Americans often don't realize how profoundly lucky we were, I think. Ours could very easily have been one in the long, depressing series of wars of colonial liberation in which the colonists Throw Off The Hated Chains Of Oppression only to descend into dictatorship. We were lucky that Washington didn't want a crown, lucky that it was Washington rather than Arnold who ended up as the hero of the day, deeply lucky that the authoritarians among the Founders generally didn't get their way. A million things could have gone wrong; we threaded the needle and -- just barely -- got it right. Meanwhile, South America and Africa have provided many tragic examples of how difficult this is.

Also, our "Revolution" was a war of colonial liberation, not a revolution in the ordinary sense; as bad as colonial rebellions often are, internal revolutions, attempts to replace a government in place by armed force, are generally worse. To tell the truth, I'm not sure I can think of a single example that's really worked out well -- and the ascending scale of horror represented by the English Civil War, the French Revolution, and the Russian Revolution show how easily they can work out badly.

Sometimes revolution is the best of several bad choices, yes. But that's the best it can ever be. People who talk about it casually have no idea what they're playing with.

Re:Just don't trust the middle

[SpaceLifeForm]

Agreed. Face to face communication is actually
the most secure communication possible, as long
as you take normal precautions.

Re:Just don't trust the middle

[ScrewMaster]

They're playing with fire, no argument. I don't think you're giving enough credit to the Founders themselves, so far as our needle-threading is concerned, but you're right that we were remarkably fortunate they were there at that point in history. In any event, avoiding the violent fate suffered by so many other national governments depends upon our continuing ability to influence our government via legal process. That's being taken away from us, at an accelerating pace. Granted, it's our own fault, but that is what is happening. So what do we do? About the only influence most of us have are a. casting our votes and b. writing our Congresspersons. That doesn't seem to be enough anymore, although I certainly I agree that we're better off with a political solution rather than a violent one.

What concerns me is the common attitude that "This is America, such things just can't happen here!" We're not bulletproof, our economy isn't powered by magic. Right now most of us have far too much to lose to even consider armed overthrow of the United States Federal Government. I know I do: the political and economic collapse of my country wouldn't do me personally any good. But, what happens when a significant number of us don't have anything left to lose? There's plenty of historical examples of what happens when an economy fails to provide for its people.

Re:Just don't trust the middle

The government our founding fathers intended is a government that would protect the borders and otherwise keep the hell out of our way.

It's certainly not the monster of red tapes and conspiracies it's become. Distrusting this particular form of government so that the government our founding fathers intended (and the one we deserve) can again flourish is the most patriotic thing any American can do.

Re:Just don't trust the middle

[Agripa]

The use of strong encryption does not preclude defending the 4th amendment. There is no reason not to implement defense in depth to reach the goal of secure personal communications. If anything, the events of 9/11 show the weakness in relying on brittle security in any form.

Re:Just don't trust the middle

[iamwahoo2]

I think the best way to protect our data is to not send it through a series of tubes. Instead send it on a dump truck.

Re:Just don't trust the middle

[IdahoEv]

To tell the truth, I'm not sure I can think of a single example [of armed revolution] that's really worked out well -- and the ascending scale of horror represented by the English Civil War, the French Revolution, and the Russian Revolution show how easily they can work out badly.

True. However, in some cases government replacement can be accomplished through force of social pressure without recourse to armed conflict. You should look up the ouster of Slobodan Milosevic. Most of the USA forgot about the man after the Bosnia conflict, though he was still the dictator of Serbia when we left. But afterwards, he was removed by a popular revolution, basically orchestrated by a group of students who coordinated immense popular opposition to the government.

Otpor! (Resistance!) flooded the streets in protest and demanded he step down entirely so they could hold elections. They managed to do it with such overwhelming force of numbers that conflict was simply not an option: you can't order the army to shoot everyone and send them home when the whole damn country is in the street.

Milosevic, one of the last of the 20th century's string of nasty/immoral/brutal dictators, stepped down without a single shot being fired. So there is a possibility for nonviolent change to become a more common option in the 21st century.

Re:Just don't trust the middle

[Sanat]

I imagine that if we were to ask Ben Franklin what he might think of our government today as compared to 1776 that he would be alarmed at the volume of attorneys presently holding office at all levels of our government. I somehow feel that this possibility was never envisioned by our founding fathers.

Re:Just don't trust the middle

[PopeRatzo]

The government our founding fathers intended is a government that would protect the borders and otherwise keep the hell out of our way.

The government our founding fathers intended is supposed to be of, by and for the people. The government our founding fathers intended was supposed to always get warrants before performing any searches of citizens or property. The government our founders intended had three co-equal branches of government. Oh yeah, the government our founders intended gave no rights to African-American slaves, but that's OK because they were making us big money.

It has become a government of, by and for the rich. There's nothing in the Constitution about corporations having rights. As long as we allow corporate contributions to be covered under free speech, the whole thing will continue to be perverted.

And why is it that people who want government to "protect our borders and otherwise keep the hell out of our way" usually have no problem with the Executive Branch spying on citizens without warrants?

Re:Just don't trust the middle

[PopeRatzo]

I'm sorry, I have unfairly put you in a category in which you may not belong.

I'm with you. It's time for us to show a little resistance to what our government has become. But remember one thing, when the founders said government was "supposed to stay out of our way", they were referring to individuals. Corporations have stretched the definition of "individual" to include them, and the definition of "speech" to include "money". Especially today, when multi-national corporations are increasingly not us, we have to be just as leery of corporate power as of government power.

At least until we learn to exercise a little control over both.

Re:Just don't trust the middle

one word, http://anonet.org/ the more people that participate, the higher the distribution, the better we all are. take your stand against the oppression and not support their way!

Re:Just don't trust the middle

[ScrewMaster]

No kidding ... his one remark about "a countryman between two lawyers is like a fish between two cats" says a lot about his opinion of attorneys.

Re:Just don't trust the middle

[ciggieposeur]

The government our founding fathers intended is a government that would protect the borders and otherwise keep the hell out of our way.

It also had no concern for civil rights, women and blacks voting, workplace safety, food and drug safety, building codes, emergency services, primary education, universities, or environmental protections. Its main provisions were contract enforcement, crime punishment, and military action.

Governments like the original Constitution still exist today, but you probably wouldn't want to live under them.

Re:Just don't trust the middle

[irc.goatse.cx+troll]

Comcast already QoS de-prioritizes encrypted traffic, how many years until it will be socially acceptable to outright drop it 'in the name of terrorism'?

Yeah, you'd break a few popular apps at first, but it's entirely possible to do l7-filtering and only allow SSL connections by certain keys, so you could still allow the big names in https (banks, webmail, etc) while blocking self signed certs and others.

Re:Just don't trust the middle

[CRCulver]

The ouster of Milosevic was seemingly accomplished by mere students, but said students had training and equipment provided by the CIA.

Re:Just don't trust the middle

[mi]

The public needs to understand and accept the fact that neither telecos nor governments are trustworthy.

And neither — to judge from the article — is the EFF... And here is why.

Privacy is up to end users and they are free to secure their own traffic by wrapping it in real crypto. GPG, OpenSSL and OpenVPN are just a few free open-source toolkits available to provide secure ways to communicate without having to worry about the trustworthiness of the pipe between here and there.

Cindy Cohn talks about "wholesale surveillance" of "millions of Internet users". What she is not saying — and this is why your proposed defense is both unnecessary and useless (in this case) — is that the surveillance is not on any particular communication, but on the volumes themselves. Indeed, with the traffic dominated by connections where one of the ends is a dynamic IP, identifying an individual is very difficult.

And, anyway, the volume is what's often even more important than the content. Sudden spikes in the number of connections — encrypted or not — to a particular site or two may indicate, a new bin Laden's video being readied, for example. Visiting such a site is not illegal — and nobody is prosecuted for doing so. But monitoring the traffic could be quite illuminating.

In other words, NSA neither knows, nor cares to know, what M Williamson (however subversive or critical of Bush you may be) said to his friends. What may arouse their interest, is that certain sites get more visitors or certain e-mail servers — more messages, before (or after) certain events take place...

And before you ask, although the government still does not want the details of it to become public, such monitoring would not be illegal — it was ruled long ago in the pre-Internet postal era (when "mail" did not have the "e-" prefix), that what's written on the envelope is not secret and can be observed by police and subsequently used as evidence.

Re:Just don't trust the middle

The founding fathers' government was supposed to always get warrants because it could not be trusted. They set up a whole series of checks and balances, divided the government into three branches, and generally tried to cripple it at every turn because they realised that trusting one administration to use power responsibly is trusting every single subsequent administration to use power responsibly. Hence, the government cannot be trusted. Because even if the one you have right now is of, by and for the people, you have no guarantee that any after it will be. And any power you give your trustworthy government will be handed down to all those probably untrustworthy governments.

Re:Just don't trust the middle

[Sloppy]

and it is far preferable to do that with ballots than with bullets.

It's also a lot easier. People do a lot of bitching, but every election day, they say, "More oppression, please." When 99% of the voters say that our current government is pretty close to optimal, I somehow doubt that armed revolution could succeed. It would take a lot of bullets.

Re:Just don't trust the middle

[Sloppy]

Ignoring what the government does just because you can encrypt things at the moment is foolish.

Granted, but failing to encrypt just because you don't think the government is looking, is also foolish. Fix all the problems with government, and you still have an untrustworthy network.

Re:Just don't trust the middle

On topic: How efficient the DMV is has nothing to do with trusting the government. Officials under Bush have consistently lied, then gotten caught lying, then said like "Oh, that was a misstatement" or something (therefore lying AGAIN.) That is not trustworthy behavior. Theyve' tried to gain power illegally, also not trustworthy behavior. Enough of that....

Off topic: MY trip to the DMV. (This part isn't to negate your statement, just saying my trip wasn't as smooth..)

          MY last trip to the DMV. The state of Iowa does NOT send out warnings that your license is about to expire, for no reason that I can think of. Therefore, I found out my license had expired after I got pulled over and told my license had expired. I was luckily not fined for this, or worse, told I couldn't drive my car home. I went to the DMV. After a significant wait in line (45 minutes or so), I had to then wait AGAIN for a test station to free up (about another 45 minutes.) They don't do the paper test any more; several questions were like "What does this color sign mean?", but they had scanned in paper photos with a broken scanner; therefore all color photos were a pale greenish brownish blue color (like the food photos at some chinese restaurants where the chicken etc. all look green in the photo.) Therefore for those questions I just had to guess. I passed but I got all the color questions wrong 8-).

RIAA vs. Government

[cygtoad]

I see a lot of criticism about these telecoms cooperating without warrants with the government. I don't think it is as bad as ISP's cooperating with private agencies like RIAA without a warrant. One might argue that the government could at least have some shadow of the public good in what they do. The RIAA is completely self serving. If the government is called into question for these activities, then maybe it will cascade down to privacy concerns that don't get as much press.

Re:RIAA vs. Government

[visualight]

You really cannot compare the potential damage of an RIAA lawsuit to the potential damage of the U.S. government.

The potential for a "Brazil" like episode is very real and I would be surprised if it hasn't already happened.

Re:RIAA vs. Government

[Daniel+Dvorkin]

Yeah, the RIAA can't send you to Gitmo.

Yet.

Re:RIAA vs. Government

[Jeff+DeMaagd]

If the White House didn't like the laws, they should have asked for revisions or new ones. They could have gotten them in the "rubber-stamp" Republican congress, but they waited for years and until after the programs were publicized. The government may have a legit reason, but the problem is that it's rife with potential for abuse. As far as I'm concerned, that potential is always a good reason to narrow down and eliminate any change that a law is used for something other than the stated intention. If they don't expect to use a law in a certain way, then make sure it is worded such that it doesn't get used in that way.

I think there's a fair chance that this sort of surveillance is used against legitimate protesters too. Maybe the White House would protest that suggestion, but really, if they want me to trust them, they need to earn that trust and allow independent oversight. The other problem I have with the White House is that they seem to be very reluctant about that.

Nope - in both cases it's wrong

The principle is that there are laws, and none should be above the law (something Bush doesn't seem to get either).

Change that and you change justice. Full stop.

VeriSign's role as an NSA subcontractor

[Burz]

Required reading here.

Look at how gleefully they advertise exploiting their trusted thiry-party (SSL Certificate Authority) status.

I think we need to consider switching all our browsers to a more trustworthy CA.

Re:VeriSign's role as an NSA subcontractor

[rs79]

If you dig deep enough you'll see Verisign/Netsol was founded by ex SAIC staffers. SAIC is sort of a retirement home for ex intelligence types. Even later hires at netsol came from the intelligence community.

I did some work at netsol almost a decade ago (writing diagnostics for the registry/regiatrar protocol). Those dudes are seriously smart people and good at what they do.

It's easy to see why people hated netsol. It was full of very smart people very good at what they do.

Re:VeriSign's role as an NSA subcontractor

[Burz]

OTOH, spies are justifiably hated whether or not they are good at it.

The irony of this situation is that we have the tools to improve privacy and trust, if only the 'geek' community would focus on the doings of Certificate Authorities as a major issue instead of constantly prattling about shiny-shiny.

Re:VeriSign's role as an NSA subcontractor

[DavidTC]

DailyKos is not a technology site, and the person who posted this diary doesn't understand that all Verisign normally gets is the signing request. (I'll probably post something like this there also.) They don't have your private key, they can't decode your communications.

What they could do is intercept it and man-in-the-middle it. With Verisign's help, they can trivially make a key that works in every browser. (And buying a non-verisign key won't help...end users will just be handed a 'legit' verisign one and don't know that server has a different one.)

I urge everyone with an SSL server to post the MD5 and SHA1 fingerprints of their public key, or even their entire public key, on their site and I urge people to occasionally check them against what their browser reports. Sadly, Firefox, at least, doesn't seem to actually report the public key in any usable format, and I can't see how to get the MD5 and SHA1 fingerprints from the key using openssl. If anyone has a set of step-by-step instructions, that tell exactly what to put up and how to instruct end users to check it, that would be nice to link to.

And if you have an SSL server and a Linux shell somewhere else, and run 'openssl s_client -connect example.com:443' from both the server and that other place to make sure the 'BEGIN CERTIFICATE' part matches.

I seriously doubt the NSA is doing this, but it should be easy enough to notice if it is.

And, speaking of 'occasionally checking', it would be nice if there was some Firefox extension to inform you that the encryption key had changed, and what the old and new key were. If the old key wasn't due to expire, and the new key has the same date as the old, it probably means someone is running a man-in-the-middle attack. They'd keep the dates the same, along with all the other info, to make it harder to notice, whereas while someone could buy a new key in advance, they wouldn't get one with the same date as the old.

Re:VeriSign's role as an NSA subcontractor

Explain what you mean by "exploit" please. I see a bunch of ignorant comments on Daily Kos about this. Things like "well, I'm getting my certificate over an untrusted network, so anybody could intercept it, right?". Sure. Except that RSA keys are altogether different than a shared key. Unless you are stupidly and pointlessly sending your private key around with your certificate requests, all Verisign is doing is signing the public half of the key pair. That doesn't give them some kind of magical ability to decrypt your traffic.

So again, please explain what you mean by "exploit". (Not that I'm fond of Verisign, mind you, quite the opposite; but FUD will ultimately just cause people to lose trust in the people spreading it.)

Re:VeriSign's role as an NSA subcontractor

[Burz]

By exploit I mean eavesdrop on (otherwise) encrypted internet traffic using the means that is available to them as a CA: MITM.

They have a number of pages advertising "Legal Intercept" services.... under the expanded CALEA (voice and data having any kind of international route) what do you think this means? Any CA with a real privacy policy wouldn't get within a million miles of government eavesdropping activities. Sadly, the short-term windfall from eavesdropping contracts probably far outweighs any certification revenues they could expect.

ISPs can collect encrypted packets day-and-night and hand them to the govt still encrypted without breaking a sweat. Why VeriSign has to get involved in the eavesdropping process ought to be painfully obvious.

Re:VeriSign's role as an NSA subcontractor

Ah duh, I didn't think of MITM at all. Well that's just gross.

Re:VeriSign's role as an NSA subcontractor

[Sloppy]

So again, please explain what you mean by "exploit".

X.509 identities, unlike OpenPGP identities, can only have one introducer. You can be betrayed by a conspiracy of .. one. You think you're talking to your bank, or a certain store, or your webmail server, and the CA says that you are, but if the CA is a liar, you could be talking to anyone. Maybe you talk to whom you think you're talking to. Or maybe it's the government. Maybe it's the CA himself. Maybe it's the Russian Mafia.

This is why I recommend people take a look at GNU TLS. It can use much more appropriate crypto.

LIARS

[visualight]

GG: John Boehner, the House Minority Leader, was on Fox News on Sunday arguing for telecom immunity, and this is one of the things he said in explaining why he believed in amnesty: "I believe that they deserve immunity from lawsuits out there from typical trial lawyers trying to find a way to get into the pockets of the American companies."

I have no doubt that Congressman Boehner is aware of the EFF's true motivations and is deliberately spinning them. His motivation for doing so can only be to defend the Bush Administration. Most importantly, He is absolutely aware that what has happened and is still happening is illegal and he is willing to lie on national tv to defend this. In board rooms, on conference calls, in the break room, at the pool hall down the street, people can't get away with this shit and they know they'll be called out for lying. We really need the people who interviewing these traitors to be more aggressive. Fuck politeness, just once I want some anchorman to say "Wo, hold the fuck on John, we all know that's bullshit."
Our elected officials (all of them) lie and spout meaningless rhetoric with impunity everyday and that needs to change. They need to be put on the spot and grilled once in a while.

Re:LIARS

If the POTUS has the right to ignore (some) laws because it's a terrorism emergency, do COURTS have the right and duty to ignore laws when there is a Bill of Rights emergency? -- say, for example, a law granting retroactive immunity for an illegal act?

Re:LIARS

[Telvin_3d]

Yeah, there is a reason that it will be a cold day in hell before someone like this would be willing to go on the The Daily Show. It is really sad when the 'reporter' with the fewest constraints and greatest record of calling bullshit is on a comedy network.

Re:LIARS

[oliphaunt]

If the POTUS has the right to ignore (some) laws

He doesn't. Ever. Full stop. See, e.g., Youngstown Sheet and Tube, 343 US 579. Anyone who tells you otherwise is lying and has probably been committing war crimes.

do COURTS have the right and duty to ignore laws

No. That's the whole point of a having a society based on laws, rather than one based on a personality cult. Nobody is allowed to just ignore laws.

Courts, however, have a duty to say what the law is- so if Congress passes a bad law, federal courts have a duty to hear challenges to that law, and to strike it down if it does not comport with the Constitution. Unfortunately Congress tends to act much faster than the courts, which leaves us with a whole lot of bad laws just waiting for the court to get around to them.

Glenn Greenwald, AKA Socky McSockPuppet?

Isn't this the same guy who went around using sock puppets to say how great a guy Glenn Greenwald was?

Salon was the wrong outlet for this article.

[Animats]

Accessing the article, all I get is: Salon cannot set a cookie on your browser. This for an article on protecting privacy.

Re:Salon was the wrong outlet for this article.

[fgaliegue]

Goes further than this. I run FF with the NoScript plugin, and all I get is a link to go to salon.com. Not even this "cannot set a cookie" message.

Re:Salon was the wrong outlet for this article.

I'm confused. I thought the whole point was to comment on the articles without trying to access them.

Re:Salon was the wrong outlet for this article.

[Meneth]

I managed to get in by using PrefBar to disable JavaScript.

Re:Salon was the wrong outlet for this article.

[jjohnson]

Because a website tracking users and the NSA tapping your phone without a warrant with the willing co-operation of telcos are exactly the same degree in concerns over privacy.

I know you don't really want to RTFA, but . . .

[Version6]

just go to Salon.com and enter "EFF" in their search box. The article actually comes up first (and yes, I use Firefox with NoScript, which another poster complained about.)

Sadly,

[gillbates]

What Bush & Co have been doing is legal, at least according to the letter of the Constitution. The Constitution allows the President to suspend civil liberties (even habeas corpus) in cases of warfare, or for national defense. And the interesting thing is that the determination of national defense purposes lies with the executive branch.

If you have a problem with this, then you have a problem with the Constitution. Maybe the Constitution needs to be changed to support civil liberties even in times of war; maybe the American people believe terrorism warrants this erosion of civil liberties. Regardless, in a democracy, people get the government they ultimately deserve - you, and every other voter, chooses the President and members of Congress. If you feel your liberties are being unfairly compromised, rather than blaming Bush & Co (or Congress, who despite having a Democratic majority, continues to support the President), blame your fellow Americans. They elected Bush not once, but twice. If their civil liberties have been eroded, they have no one to blame but themselves.

Rather than whine about how our liberties have been eroded, we need to take the issue to the public, and present it in terms the average American can understand. And if you can't make it relevant to the average American, maybe the issue is not that important.

Re:Sadly,

[Daniel+Dvorkin]

The Constitution allows the President to suspend civil liberties (even habeas corpus) in cases of warfare, or for national defense. And the interesting thing is that the determination of national defense purposes lies with the executive branch.

Can you provide a citation on that? Article I, Section 9 states "The privilege of the Writ of Habeas Corpus shall not be suspended, unless when in Cases of Rebellion or Invasion the public Safety may require it." -- but that is in Article I, which lays out the powers and limitations of Congress, not the President. Article II describes the role of the President, and I honestly can't see anything there that backs up your claim. (Not to mention that the US is neither in a state of rebellion nor being invaded at the moment.)

Re:Sadly,

[bitspotter]

* This is not a war. Constitutionally, Congress reserves the right to declare war, and they have not. the "AUMF" is not a formal declaration of war. No other circumstances stipulated in the Constitution authorize the suspension of Habeas Corpus.

* The 2000 and 2004 elections both elected the Democratic candidates, and were overturned by electoral fraud favoring Republicans. If you want to imply that we get the government we deserve, then you only have the rather weak form of the argument that says we elected a government prior to those elections that didn't care to pursue and remedy electoral fraud.

Don't get me wrong; there is a frighteningly significant number of Americans who still support "mister 26%". Indeed, the only reason that electoral fraud is a viable tactic is that the country was so evenly split in previous elections. But what if the election were held today, after almost 3 years of a unitary executive who is almost completely unaccountable to the People or it's Congress? If the People were voting for anything, it was what was apparent to them from the first four years of the Bush presidency, before Gonzales' USA firings, before the exposure of warrantless wiretaps, before the Plame outing, before the "surge", before Katrina, before the Military Commissions Act, and before the SCHIP veto. I could go on, obviously.

Just because our previous elections have been contentious doe not mean that the system is not broken, or that it has not been compromised by corrupt interests. The Rovean Culture War is not a sign of a healthy democratic republic.

Re:Sadly,

[gillbates]

Even though Congress hasn't officially declared war, the mantra in Washington is that we are at war. With a noun. And this stretched definition of war ("We are constantly under threat of invasion by terrorists!") is sufficient to convince the Supreme Court, the Congress, and the Executive branch that the suspension of liberties is not illegal, per se. Yes, it is probably against the spirit of the Constitution, but that's hard to prove. Even so, you'll have people who would argue that if the founding fathers could have forseen Islamic terrorism, they would have included it in the Constitution as well.

The interesting thing, though, is that Clinton was impeached for lying about having "sex" with an intern, while GW has misinformed the Congress and the whole United States about WMD, and Congress does nothing.

So, IOW, we've elected a bunch of spineless Senators. While you might be able to claim election fraud wrt to Presidential elections, it would be a quite a stretch to claim the same for the Senate, especially considering the majority party is the Democrat Party.

So where is the voter outrage? Why hasn't GW been called on the carpet in the same way as Clinton? Do you really expect us to believe that the Democrats are part of the conspiracy as well?

It just might be that America is getting the government they deserve. The system of checks and balances is either completely broken, or our current situation is the result of indifference, or perhaps even support for, the "illegal" spying program. (As IANAL, I don't know if the program is legal or not, but I do know that I certainly don't like it.)

And it should be taken for granted that corrupt and partial interests are trying to control government. But we as the voters have the responsibility to root out corruption. Sadly, it appears that all too many Americans are content to endorse the Bush interpretation of the Constitution. Even the Democrats.

Re:Sadly,

[Sanat]

I agree with what you are saying and adding that the "financial contributions" to the congress persons from companies and associations such as the RIAA, MPAA. and etc. have great sway with the decision makers and cause them to lose sight that they are our sworn representatives. It is as if the whole goal is to stay in office by saying anything necessary whether it is really intended to be pursued or not.

My personal opinion is that an Association/Company should not be permitted to donate money which is merely a form of buying the vote and the sway.

Re:Sadly,

[Duhavid]

"The Constitution allows the President to suspend civil liberties ".

Then why doesn't he have the testicles to come out and *say*
that, rather trying to slip something over.

And that suspension is supposed to be temporary, for the
duration of the emergency.

Re:Sadly,

[Artifakt]

So, IOW, we've elected a bunch of spineless Senators.

Worse, we've elected a bunch of senators who expect their party to gain all the powers Bush has usurped.
I'm actually leaning just a trifle towards Democrat of late because there have been at least some real efforts to reign in the abuses, and we have a few true statesmen (of either gender) up there, but it looks like the party as a whole has decided to keep everything Bush is about to leave them.

Re:Sadly,

[PPH]

The war is over. I seem to recall a "Mission Accomplished" banner.

Re:Sadly,

[Chowderbags]

What Bush & Co have been doing is legal, at least according to the letter of the Constitution. The Constitution allows the President to suspend civil liberties (even habeas corpus) in cases of warfare, or for national defense. And the interesting thing is that the determination of national defense purposes lies with the executive branch. Uhh, no. You're wrong. Read up on Ex Parte Merryman, which specifically says that the president "cannot suspend the privilege of the writ of habeas corpus, nor authorize a military officer to do it."

If you have a problem with this, then you have a problem with the Constitution. Maybe the Constitution needs to be changed to support civil liberties even in times of war; maybe the American people believe terrorism warrants this erosion of civil liberties. Regardless, in a democracy, people get the government they ultimately deserve - you, and every other voter, chooses the President and members of Congress. If you feel your liberties are being unfairly compromised, rather than blaming Bush & Co (or Congress, who despite having a Democratic majority, continues to support the President), blame your fellow Americans. They elected Bush not once, but twice. If their civil liberties have been eroded, they have no one to blame but themselves. The point of a constitutional government is that no matter how stupid the majority is, they still can't trample on the essential rights of the minority. And as far as electing Bush twice, many would disagree that that's the case (though at this point it's purely an academic debate).

Rather than whine about how our liberties have been eroded, we need to take the issue to the public, and present it in terms the average American can understand. And if you can't make it relevant to the average American, maybe the issue is not that important. Considering that the administration seems to insist that questioning it's policies could lead to another terrorist attack, many people get swept up by irrational fear, though I think at this point it's being replaced by a feeling that no matter what happens the government is just going to ignore popular demand no matter what it is. Look at the Democratic congress, which apparently doesn't understand that the people that elected them wanted to have a branch of government to stand up to the executive branch. Heck, even if Congress did nothing at all, it would be preferable to what they're doing now. (Hey Congress, if you want to get us out of Iraq, stop sending money. Wars can't be fought without cash.)

Blackmailed Representatives

...and how little Congressfolk appear to know about how Internet traffic is being monitored.

Oh, I'm sure they know. Just ask the ones who are being blackmailed because the NSA intercepted their online transmissions when they were perusing some gay porn, or communicating a message their constituents would highly disapprove of, or making some shakey electronic financial transactions online, or what have you.

How safe is SSL if Verisign is complicit in taps?

[schwaang]

So does this mean that communications with my bank (just for example) could be tapped under CALEA etc., since my bank's SSL certificate is maintained by Verisign? Or is SSL still safe so long as the bank itself doesn't cough up it's own private key?

without real oversight, it's a ticking time bomb

Yeah, it's really ugly that they didn't just ask for changes to FISA either before doing stuff or during the years after they started. Even Ashcroft (wtf!?) didn't think some of this was legal. That alone should have been a cluestick.

But even if I totally trusted the current administration and it's motives, by doing something that Congress doesn't understand and doesn't oversee (in any serious way), they are creating a real danger of abuse by any future president. How can any conservative go along with that??

Against?

[evilviper]

It talks about why the White House is pushing for retroactive immunity against the telco,

Why does the White House need immunity from prosecution by AT&T?

I didn't realize AT&T had that kind of power.

I also thought I heard the White House was rather pushing for retroactive immunity for the telco.

Re:How safe is SSL if Verisign is complicit in tap

Your bank would have to cough up the private key.

The weak link in SSL security is most likely the quality of the random number generation used to generate the keys. Most popular pseudo-random number generators do not accept very large seeds. If I can run the the same pseudo-random generation algorithm as you, and the seed lengths are small, then I can enumerate the all of the random number sequences that you might have conceivably used to generate your keys. It's a lot of work, so I'm sure this isn't done routinely, but it's not a complicated proposition, and I'm sure the NSA doesn't stockpile supercomputers for nothing.

What the fuck?

[Khyber]

"They elected Bush not once, but twice"

Excuse me? Last I recalled the only opposition to Bush in the last election conceded. He wasn't elected, he WON BY DEFAULT. I don't call that an election, I call that handing the keys over to a drunk driver.

Re:How safe is SSL if Verisign is complicit in tap

[Burz]

Your banking SSL is open to eavesdropping if the Certificate Authority (like VeriSign) offers its resources in staging Man In The Middle (MITM) attacks. Unlike what AC said, your bank would not have to offer its private key or get involved in any way to facilitate the surveillance.

Succesful revolutions

[Per+Abrahamsen]

Portugal's revolution in 1974 was pretty successful. So was the revolutions in many of the Eastern European countries around 1989.

Corporations own the world

In America, corporations and gov't are merely quid-pro-quo whorehouses sold to the highest bidder. When the gov't needs illegal wire-taps, AT&T and Sprint allow them secret rooms to listen in on calls. When Haliburton (and KBR) need more revenue, the gov't hands out no-bid contracts. When the gov't dislikes literature, Amazon and Wikipedia ban the book "America Deceived". We The People had our rights sold out from beneath us.
Final link (before Google Books caves to pressure and drops the title):
America Deceived (book)

complete bullshit

[Scudsucker]

What Bush & Co have been doing is legal, at least according to the letter of the Constitution. The Constitution allows the President to suspend civil liberties (even habeas corpus) in cases of warfare, or for national defense.

Habeas corpus may be suspended - but only in times of rebellion or invasion. We've had neither.

Even though Congress hasn't officially declared war, the mantra in Washington is that we are at war.

Irrelevant. A war isn't a War until Congress has declared one, and it hasn't.

Also Lucky That....

[maz2331]

We're also lucky that Aaron Burr put a pistol ball right through Al Hamilton's liver. Hamilton was a true and complete authoritarian who's continued influence could well have turned the USA into a near dictatorship in short order.

Re:How safe is SSL if Verisign is complicit in tap

[Sloppy]

So does this mean that communications with my bank (just for example) could be tapped under CALEA etc., since my bank's SSL certificate is maintained by Verisign? Or is SSL still safe so long as the bank itself doesn't cough up it's own private key?

You tell your browser to go to your bank's website. Your browser connects to Mystery Computer. Your browser has the little padlock icon. If you are one of those unusual people (i.e. a computer dork) who actually clicks on the padlock to check the cert, you see that Verisign claims that Mystery Computer is your bank. That identity is what a CA "certifies."

If the CA is trustworthy, then the Mystery Computer happens to be owned by your bank, or their designated agent.

If CA is not trustworthy, the Mystery Computer is owned by ... ???

In the aforementioned link, Verisign has pretty much admitted to being untrustworthy.

Put it all together, and you've got classic MitM.