Slashdot Mirror
NSA's Legal Win Introduces a Lot of Online Insecurity
Nerval's Lobster writes "The decision of a New York judge that the wholesale collection of cell-phone metadata by the National Security Agency is constitutional ties the score between pro- and anti-NSA forces at one victory apiece. The contradictory decisions use similar reasoning and criteria to come to opposite conclusions, leaving both individuals and corporations uncertain of whether their phone calls, online activity or even data stored in the cloud will ultimately be shielded by U.S. laws protecting property, privacy or search and seizure by law-enforcement agencies. On Dec. 27, Judge William H. Pauley threw out a lawsuit filed by the American Civil Liberties Union (ACLU) that sought to stop the NSA PRISM cell-phone metadata-collection program on the grounds it violated Fourth Amendment provisions protecting individual privacy and limits on search and seizure of personal property by the federal government. Pauley threw out the lawsuit largely due to his conclusion that Fourth Amendment protections do not apply to records held by third parties. That eliminates the criteria for most legal challenges, but throws into question the privacy of any data held by phone companies, cloud providers or external hosting companies – all of which could qualify as unprotected third parties."
The insecurity is on the side of the NSA.
They wouldn't go through such hoops if we didn't have the most powerful freedom tool ever, namely the Internet.
Use it properly and they shall vanish.
If the fourth doesn't apply to records held by third parties... what if your records are in a rented storage unit or a bank safety deposit box? If your property is held by a third party (your money in the bank), do constitutional protections against the government just seizing your money also not apply?
It would be easy to do but you would need access to the internet backbones blank ssl certs and much more you can't get without either owning the infrastructure or having the force of the government on your side. Oh and you would need to have the equipment manufactures give you backdoors as well as the owners of the major propriety OS's. So unless you are the government or own everything its not going to happen.
---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
Obviously, if you don't want the NSA to read your data, make sure they can't read them. Make sure your data is not stored outside your control by someone who could at least in theory read it (like Lavabit). Make sure the data is not stored in the USA at all if you can avoid it.
The way to deal with exposure is not to use insecure communications for information which must be kept secure.
There will be much thrashing as users attempt to get secure outcomes because people are hard-headed.
Water is wet and the Sun rises in the East.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
It is fun to watch the USA dig themselves in a deeper and deeper hole everytime...
Obviously, if you don't want the NSA to read your data, make sure they can't read them. Make sure your data is not stored outside your control by someone who could at least in theory read it (like Lavabit). Make sure the data is not stored in the USA at all if you can avoid it.
Unfortunately there are large hypocritical corporations as well as governments colluding to prevent people from being more in control of their data by hosting it on residential servers.
http://arstechnica.com/information-technology/2013/07/google-we-can-ban-servers-on-fiber-without-violating-net-neutrality/
Due to the scale of NSA data collection, it is safe to assume that the NSA has data about every single US judge.
The data NSA has may render the judges unable to render impartial judgement.
A bi-partisan political review of all NSA data about every US judge should be conducted to verify that the judges are in the position to do their jobs.
By now the entire US legal system might be corrupted by the virtually unlimited NSA data collection.
Aren't judges supposed to be impartial adjudicators? This judges statements read like an NSA PR release touting all of the "wonders" of the NSA program without providing any evidence or noting any of the drawbacks.
During the cold war, we heard stories about how the Communist governments monitor their citizens.
Now our government is monitoring us in ways that the East Germans would envy.
Here's something useful you can do:
-- Find out how your Congressman and Senators voted on these policies.
-- Add it to their Wikipedia page.
-- Don't vote for them if they don't support the Fourth Amendment.
What I want to know is, why the phone company is considered a third party at all? As I understand it a legal third party is a party uninvolved in the transaction. If I give you $10 and Bob happens to walk by, Bob is a third party. However, if I give $10 to Bob to give to you he is now an intermediary, not a third party. By the same reasoning the phone company is an intermediary in our telephone conversations.
--- Most topics have many sides worth arguing, allow me to take one opposite you.
There is already case law to that effect, take a close look at the megaupload case.
The article summary is misleading. The Supreme Court ruled, in Smith v. Maryland, 442 U.S. 735 (1979), that you don't have a reasonable expectation of privacy in records you don't control. It's not Judge Pauley's conclusion, it's binding precedent that the court that rucked against the NSA handwaved away with not good explanation.
Disinfect the GNU General Public Virus!
Given the wealth of information on the NSA programs, it is possible to reverse engineer each NSA program and then apply each to the communications of the White House, President and Vice President to do the them what they intend to do do to us before they have a chance to "do us."
Instead of engaging in revenge fantasies it would be a more productive use of your time to write your Congressional representatives.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
If after all that has happened someone is still uncertain about this, then i'm quite certain that something is wrong with his/her cognitive abilities.
Pitting the two legal 'sides' against each other in a figurative battle and commenting on the results (as TFA does) is missing the point completely. We live in a time when the technical capabilities and resources for surveillance have become so much more powerful than those of privacy than, in effect, window blinds and draperies no longer exist and we are all unintentionally parading around in front of uncovered windows without any clothing. To put it another way, governments will monitor all communications for no other reason than that they can. Even if the NSA is stopped, you can be sure than every other country in the world either has its own program underway or is in the process of rapidly doing so. You should assume that someone somewhere is logging your calls, surveying your internet traffic, gathering your voicemail data, recording your online banking profile and purchases, and so forth...because they can. This situation will not change until the technology available to defend yourself from digital intrusion catches up with the technology already available to the offense...and that might be a while yet.
It's just wrong, that's all. Wrong because our emails are *clearly* the "papers" mentioned in the Constitution. If there's a law that makes 3rd party possession of same somehow the equivalent of "it suddenly not being yours" then it's THAT law that has to go. This is how it is in most of Europe BTW. YOU control your phone records, not Verizon.
I could almost live with TIA if I thought that it would only be accessed via a court order, but that's not what we have. What we have is secret FISA orders, executed in secret, using secret criteria in accord with secret interpretations of secret executive orders.
I sympathize with this judge's concerns, I do, but the real world consequences of what they're doing are more likely to be worse than the real world consequences of stopping them from doing it, even if we have another 9-11 every year.
Our democracy will not survive if the government can data mine all our "anonymous" data until programs it wrote decide that we fit a "profile" and THAT itself constitutes "reasonable suspicion". This can be used to stifle all dissent, and will be used for exactly that, starting, obviously, with people who speak out against the legitimacy of this process in the first place. A guy like Howard Zinn would just be destroyed by this.. we wouldn't have legitimate dissent in this nation.
Here's something that should help people think clearly on this topic. The NSA line operators and management REFUSED to permit the NSA to apply the same level of monitoring to THEM as they apply to us. They didn't want Congress to second guess them or know what they were doing.
(Binney) ".. also explained that NSA never developed and implemented technology in order to have the capabilities to track activities by employees on the agencyâ(TM)s systems because of two groups of people: the analysts and management.
The analysts âoerealized that what that would be doing is monitoring everything they did and assessing what they were doing. They objected. They didnâ(TM)t want to be monitored.â
Management resisted because it meant one would be âoeable to assess returns on all the programs around the world.â It would be possible to âoelay out all the programs in the world and map [them] against the spending and the return on investment.â
It meant the agency would be âoeexposed to Congress for auditing,â Binney added.â Management did not want that."
From:
http://dissenter.firedoglake.com/2013/12/27/interview-with-nsa-whistleblower-bill-binney-afraid-were-spreading-secret-government-around-world/
But this is the ONE thing that MUST be implemented. If an NSA operator cuts a fart, I want Congress to be able to know what he had for lunch. Unwatched watchers cannot be permitted to exist. Period.
At the heart of what's going on here is the people at the NSA are looking into their own hearts and deciding that they're all right and the American public has nothing to fear from them or their intentions. Bully for them, I'm sure it's true, but they won't always be there.
It's not about them or their intentions. It's about the institution, the process, *the machine* and how we're building that machine.
You can't say to yourself, as an NSA employee, by way of assuaging your own secret apprehensions, "Well, if push ever does come to shove, if it came right down to it, an unconstitutional, openly fascist-level of abuse would just never happen because WE'D never permit it". At least, you can't tell yourself that and also bash guys like Snowden and Binney because THOSE guys , whom you hate so much they make you grind your teeth , they're exactly the hypothetical WE you posit in the above safeguard. It doesn't look any different that THIS .. THIS THIS that is before your ey
"The decision of a New York judge that the wholesale collection of cell-phone metadata by the National Security Agency is constitutional ties the score between pro- and anti-NSA forces at one victory apiece.
I call BS. Nowhere in the article did the judge even mention the Constitution. From the information provided in the article, the judge is obviously either paid off or incompetent. He states that
In the 54-page opinion issued in New York, Pauley said the sweeping program "represents the government's counter-punch" to eliminate al-Qaeda's terror network by connecting fragmented and fleeting communications.
which has nothing to do with legally acquiring evidence or the Constitution, and
"There is no evidence that the Government has used any of the bulk telephony metadata it collected for any purpose other than investigating and disrupting terrorist attacks," he wrote.
which once again was irrelevant to the question before the court. Just because the government has NOT YET been caught using the data illegally has nothing to do with it being illegally acquired.
The judge also quotes extensive justifications from the Patriot Act, which last I checked, is NOT part of the Constitution.
President George Walker Bush granted the Telecoms with impunity from USA laws in the beginning of this mess.
Now a District Court Judge finds Bush's NSA, which Obama inherited, is all legal.
If this Judge is correct, then was the Bush White House correct to grant all Telecoms impunity? If no then can Bush be tried for treason?
Can the NSA's "methods and techniques" be reversed engineered? Yes. And in doing so applied to the communications of President Obama? Yes. Would that be legal? Given the Judge's opinion, if not overturned on appeal, the answer is Yes!
Has Google reversed engineered the NSA "methods and techniques"? Let's hope so.
Even if it *were* ruled as illegal, they'd still go and do it anyways... the only difference being that we wouldn't know about it. It would still be just as ineffective, and you'd still be paying for it, so, as I said... is this really that serious a problem that it's explicitly legal for them?
File under 'M' for 'Manic ranting'
Remember: No expectation of privacy -- which means that secrecy is a complete no-go..
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
How long before lack of adequate federal revenue justifies the seizure, archiving and datamining of all business records and transaction?
Not that I'm against such daylight... I believe that we'd be better off if ALL such dealings were a matter of open public record. Then no one would be able to use their wealth or privilege to avoid responsible and necessary contribution to the common wealth or engage in politics by surreptitious means and methods without the possibility that their interest, activity and opportunity for personal gain could be hidden. 501c4 nonprofits currently disguise far too much activity on the part of those who seek to slip the brass ring through your nose using public airwaves, astroturf-like 'grassroots' organizations, politically oriented foundations and group-think tanks. Mushrooms may be happy with their diet in the dark, but no reasonably intelligent American should be.
What would happen if we all could know what every person and artificial person was doing with their wealth; what they supported, who they did business with and why so much of their wealth went into the black market or was spent promoting unenlightened self-interest.
the founder recognized the rights and DUTY of the people to put off Tyranny.
Its not law, its more powerful than law, its the foundation and spirit of all legitimate law.
With this that judge is up for being fired.... someone just need to do so...... Tell him he is fired.
The status of the law isn't all that different than it was 30 days ago. The only "win," defined as a finding that the NSA's activities may not be legal, is a preliminary injunction for two people, and the case has yet to be decided. That isn't a win yet. It is also unlikely that complainants in the suit winning the injunction will ultimately prevail upon appeal. You can read some informed legal commentary from an actual law professor here:
Another Problem With Judge Leon’s NSA Opinion: Absolute vs. Relative Measurements and Fourth Amendment Reasonableness
Can the DC Circuit Use the Mosaic Theory to Invalidate the NSA Telephony Metadata Program?
This same law professor comments on the last case here:
Judge Pauley of the SDNY Upholds NSA Section 215 Program
The bottom line is nothing is really different.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
"able to assimilate it all"
They do not need to assimilate it. they only need to search it.
We cannot win this war by voting or begging for privacy. We can only fight back harder. Turn the surveillance back on them.
More leaks.
More Encryption.
Expose all government, judges, police etc...
Less facebook.
More Anonymous.
With a sufficient quantity of data coming in, even simply searching it is not necessarily viable Try doing a grep on a constantly growing data stream.... now imagine what happens when the rate of data you have going in exceeds your computer's ability to process even for something as simple as a search. The amount of information moving around the net every second is immense. You'll end up either with a constantly growing backlog that never gets empied or else you end up with large amounts of data being ignored because based on random sampling, it's assumed that nothing of import is going to be found in temporally proximate data packets. Either way, large amounts of data never get examined.
File under 'M' for 'Manic ranting'
i suppose being the girl/boyfriend of a terrorist does make you a valid target.
Being the girl/boyfriend of a NSA Employee does not make you a valid target.
whoosh
Sleep your way to a whiter smile...date a dentist!
You don't spy on your countrys people.
Sometimes you do.
---- Booth was a patriot ----
Even google can't search through the entire world's communications in real time.
File under 'M' for 'Manic ranting'
The archive everything to be processed later. They pick targets (strangely enough, this tends to be politicians, allies, and corporations, not terrorists for some reason) and are able to pick out anything they've ever done online. They can filter from there. Should they choose to, they can then employ other tactics to listen in realtime. Don't even pretend they cannot listen to your phonecalls or internet connection in realtime once you've been targeted.
Except that real-time communication doesn't ever stop. It just keeps coming in, incessantly, causing an ever growing backlog of data that will inevitably consume all available storage space, and eventually data will be ignored, or else they will have to restrict their search to quantities that they can search in real time without creating a backlog (which would be a small minority of the actual data out there).
File under 'M' for 'Manic ranting'
Pitting the two legal 'sides' against each other in a figurative battle and commenting on the results (as TFA does) is missing the point completely.
Boy howdy. This judge ruled it's legal under sec 215 of the patriot act. The other judge ruled section 215 is unconstitutional. Both judges can be right.
Imagine if the legislature passed a constitutional amendment instead of a law in 2001. They had the votes to do it. BTW, I agree with your conclusion. If the NSA isn't submitting broken encryption standards and bad commits, then someone else will. Even if they stop, this is the wake up call.
If you aren't working on NSA proof apps/protocols now, you're wasting your time. Nobody will comply with hijackers after 9/11. Nobody will blindly trust your code after Snowden's leaks.
Exactly what I have thought myself thanks.
CrazyOldMan
The US gov wants to keep it all for a legal, court usable replay over your lifetime.
...."gotten together with the DOD where we've put together this technology database where I can go in, and I can, with one query, I can get all past and all future e-mails from a person,"
Every call, email contact, a book buying list, travel arrangement, banking detail, friends, friends of friends, family, credit card use...
So if you become political, take up some issue in your State or federally, protest "the" next war, write to the press, write to political leaders, use your income for political issues, support charity events, support faith based groups - you end up on lists.
http://www.slate.com/articles/news_and_politics/frame_game/2013/06/surveillance_lockbox_why_can_the_nsa_search_your_phone_records_without_a.html
http://thelead.blogs.cnn.com/2013/06/18/nsa-whistleblowers-obama-administration-misleading-on-surveillance-programs/
From testimony to the Senate Judiciary Committee on March 30, 2011:
Parallel construction: https://www.eff.org/deeplinks/2013/08/dea-and-nsa-team-intelligence-laundering
The tracking seems to be keyword and new contacts to know people, organizations, voice prints, call data, email, postage use, internet logging.... been seen at a protest or been linked to one.
With 2 -3 hops from any person been considered - the numbers of people been looked from one individuals positive identification: 1 person to 10-100 friends/contacts and all their 100's of friends/contacts and beyond with any their issues been linked back down that one person...
http://arstechnica.com/information-technology/2013/07/you-may-already-be-a-winner-in-nsas-three-degrees-surveillance-sweepstakes/
Domestic spying is now "Benign Information Gathering"
"The 4th amendment uses the term reasonable; but the "reasonable person" idea is a sophist distortion of intent. "
Only if you interpret my statement that way.
What problem do you have with determining that electronic communications constitute "papers and effects"? Paper was how any communication that was not face-to-face was performed in those days.
But YOU are conflating here two different things. Our LEGAL SYSTEM itself (though not necessarily the Constitution) is supposed to adhere to the "reasonable person" standard. This is completely aside from the Constitution. The Reasonable Man standard was from Common Law, which predated the Constitution.
You need to remember that the Constitution does not define our rights. It DOES explicitly say that the government may not infringe certain of those rights, but we also have rights that are NOT in the Constitution.
For example, the Supreme Court has ruled that we have the RIGHT to privacy and anonymity, even though they are not mentioned in the Constitution, because without them a democratic government cannot exist for long.
The amount of information one could gather about a person simply from their cellphone is outright scary. Shine a light to your eyes until you see that green spot, and start reading something. Notice how that spot lands on exactly the word you are reading. Using the front facing camera and a constant screenshot stream from your phone and I could even tell how you feel about certain words to some extent.
It's possible that someone you haven't met could know everything about you, and you'd never know that they do.
In a day and age when just about every app gets permission to your camera and GPS location, and most people just press "Install" as a habit, I'm truly glad we're having this conversation.
The law is an interpretation.
... what this means?
That interpretation is given by people according with their own realities, and in this case, according with the specific US laws and regulations.
Then, THE CLOUD is over as a concept, and it only needs to be considered within each country limit, because the "not owned" data belongs to the country where the servers are located and not to the individuals whose data is used to derive that "not owned" information. As many services, including the "big ones" are located in the US territory, the rest of the world is basically a set of second class individuals.
I am part of this second class, so what I can do is to try not to share anything I consider private on the Internet
A complete fragmentation of the Internet. No more private data traveling it.
Each country needs to derive its own local services that will be ruled by their own regulations. The United States is forcing the World to follow what North Korea and Iran are doing, to build big intranets instead of being integrated as part of the connected Internet, this would make this surveillance system completely useless.
This is far of being a solution, and from my perspective, it is the most stupid and naive way of working. This is like a naughty child trying to find a justification to continue being naughty instead of learning to grow up and behave with more common sense and reasonings. What is being justified is brute force behaviour instead of intelligent one.
"My problem is that the courts are not given the option of using the "reasonable man" principle in regard to search and seizure"
But yes, they are. When determining what constitutes search and seizure. That's where they invoke "reasonable man" and "reasonable expectation of privacy".
"The government is forbidden to pursue search and seizure except as authorized in the constitution."
I think we're basically in agreement. I was just pointing out that sometimes there is a gray area regarding the decision as to whether something WAS a search or seizure, under the law.
My point is that they are going to do it anyways, even if it is illegal.
As it is, the fact that there's so much data to have to search through means it's inviable for them to really search it all.
Your privacy, therefore, is secured from the fact that your life is just a drop in an unending ocean of data.
File under 'M' for 'Manic ranting'
Re going to do it anyways
At this point many still have freedom of speech, association, the press, faith, political support, charity work, travel, reading of books/web use... courts, warrants and witnesses...
Once you face the "lockbox" it all becomes sealed to the court and your lawyer gets to see your 'past' and do what? Can they talk about the methods, challenge the collection, call experts - your back to a very old legal idea the https://en.wikipedia.org/wiki/Star_Chamber with a fun web 2.0 update.
Domestic spying is now "Benign Information Gathering"
is a shit-eating, dog fucking son of a whore that represents all the is corrupt in Amerika. May he soon die a horrible painful death.
The Girlfriends and Ex's of NSA employees who were being spied on.
There, I've said it....now go screw yourself.
Right, like Tsanarev whom the U.S. government's security agencies were repeatedly warned about but didn't even bother to monitor. Cause they're way to busy spying on all the rank and file Americans.
We have one other document that is actually higher than the Constitution. No, it is not a legal document, for it transcends the laws and even exceeds the SCOTUS
We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.--That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed, --That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness. Prudence, indeed, will dictate that Governments long established should not be changed for light and transient causes; and accordingly all experience hath shewn, that mankind are more disposed to suffer, while evils are sufferable, than to right themselves by abolishing the forms to which they are accustomed. But when a long train of abuses and usurpations, pursuing invariably the same Object evinces a design to reduce them under absolute Despotism, it is their right, it is their duty, to throw off such Government, and to provide new Guards for their future security.
THIS GOVERNMENT IS GETTING DAMN CLOSE TO THAT LINE
You forgot to mention where it states that he will also have the authority to listen to every phone call, intercept emails, papers and parcels. All without warrant?
You also forgot to mention the oath of every serviceman to DEFEND the Constitution against POWERS both FOREIGN and DOMESTIC
Yes, I'm shouting. We need a little shouting. Cause this crap is inexcusable.
Then you sir, need to tie a cinder block around your neck and go swimming in a pool. I doubt you'll foresee what affects that might have either.
But suffice to say, the U.S. government security agencies were repeatedly warned. And I will wager you a $100 that had they monitored their phones and communications that they would have easily foiled the Boston Bombing.
NSA isn't concerned about any threats. Neither is .gov. If they were, they'd have equipped the U.S. Coast Guard with anti-submarine capable cutters and drones for monitoring our coastline. # threat to America is a 25 ft sailboat with a nuke or dirty bomb sailing from West Africa or Indonesia into a U.S. port.
No, they don't care about foriegn threats. All of this is about monitoring U.S. citizens. Because they're far more afraid of US than THEM.
We're not at war. Congress hasn't declared a war in my lifetime. You want to call that bullshit, than call it right.
Furthermore, we're not pointing to one failure. But the fact that NSA, TSA, etc, have failed to stop anything. The only cases they have stopped were ones instigated and pushed by the FBI themselves.
What essential liberties? The right not to have my daughter groped by a TSA thug. The right to not have my papers (be they paper or electronic) searched, seized, detained without a warrant.
Hell, how about the right not to have to buy a product??????????
Can we PLEASE block the IP addresses of the NSA so they can't keep posting anonymously.Thx ;-)
The Constitution already forbids it...
DOESN'T APPLY TO RENTERS. ONLY HOMEOWNERS BENEFIT
(Note, .gov is currently talking with justices to see if the fact that you pay property taxes in fact means you do not truly own your home, so that we can interpret the 4th Amendment as not applying to homeowners either.)