(note/edit: I've made an error of conflation between the recently reported massive phone record sweep-up and PRISM, which according to the WP, simply allows analysts to trace (essentially) the totality of someone's online interactions, though not everyone at once. So really, things don't seem that much different than last week when it was well known that the government has discretion to warrantlessly tap us. Still, $20M a year is a pretty good price for a government contract)
Isn't it kind of surprising that the leak for this came from a career intelligence officer and not one of the many tech-utopia idealists who work at these kinds of startups? Not necessarily someone at the executive level, but one of the scores of employees required to assess, review, and implement the alleged backdoor? It's not just a matter of ethics, but just that you'd think someone must be idealistic/reckless enough to leak it from the companies' side
Edit: Also, as has been pointed out elsewhere...this program only cost $20M a year? If that's the price of eternal security, I'd say we got a pretty goddamn good deal. The shitstack that is the government's stimulus contracts database alone cost $18M to build (http://www.propublica.org/article/stimulus-transparency-watc...). And what percentage of a fighter jet's paint job does $20M cover?
I'd say it's possible that the government is unconstitutionally intruding on our privacy but also doing it in a bumbling way (which also has its downsides).
> I'm very surprised to see this kind of reasoning on the hacker's forum
I'm not. HN is typically more liberal than what some might consider a traditional hacker to be; I'd imagine the real hackers congregate somewhere else. Somewhere less "white hat-y", if you will.
The problem with getting through to people who are willing to surrender their freedoms for a false promise of security is that they don't see the government as a threat. If the government is not a threat then why not surrender your freedom to them? Are they not there to protect us?
This idea has been present throughout history and most notably in western literature. It's believed by some that in order to have an achievable utopian society we must enslave ourselves to the government only at the cost of our personal freedoms. By this definition we've long been enslaved, it's just that some are now noticing it.
Of course some level of opposition will always be present. However the size of such is so small that the power they have must be leveraged through some alternative means. Some say this is the internet. We now know that's not true.
The $20M is probably not a full number--that might be the portion of it that gets credited to the program while other major costs (storage!) are already covered somewhere else.
To be honest I'm still catching up on a lot of the details with these stories, but it's this comment that made me wonder if there is a bit of hyperbole going around. Companies make leaks all the time on the most mundane things (hell Apple can barely contain the new iPhone that is usually coming out.) I'm hesitant to believe all the conspiracy theories going around that the companies willingly did this, or that it's as easy as it sounds.
> “They quite literally can watch your ideas form as you type,” said the “career intelligence officer” who gave documents describing PRISM to the Washington Post.
Think of the engineering needed at multiple endpoints to allow something like this...I can believe the NSA has some of the best cryptoanalysts, but our best front-end hackers as well (do they have their own Meteor.js)? I'm only being slightly pedantic here. If this is "literally" possible, then the amount of work needed for the collaborating companies is non-trivial. It's one thing to pass along uber-authentication credentials allowing an NSA-agent Zuckerberg-like privileges...that could be something implemented with as few as a couple people. But to bake in something right out of a hacker movie?
It just makes a few of the claims sound a bit suspect...because what is terribly frightening is the government's ability to aggregate and analyze this information in bulk, not to peep in on you as you're typing in real-time, which would be one of the least efficient ways ever to spy on the general American public's online activity.
And no, I'm not being an apologist for federal expansion of powers. I'm pointing out that some of what this source is leaking seems to be beyond reality, not because of technological sophistication, but because of the number of mundane moving parts and actors that would seemingly have to be involved (theoretically, wouldn't they have to have as many datacenters as all the companies they're vacuuming from?). The entire PowerPoint slide set looks like something a get-rich-quick contractor would whip up to win a fat contract that would never actually be scrutinized for viability.
But still, even if the government doesn't actually have the capability as described, it is wrong for them to not disavow it...it's not any good if their mindset is: "Oh we're not doing that...yet...but we would love to, some day)
I think "as you type" means different things to an intelligence officer and a programmer. The intelligence officer probably means "real time" (no need for a judge/approval/etc). A Google Wave like interface is probably not in the backend, but if the FISA route took weeks and the new kit takes seconds I could see "literally as you type" being a description that fits.
Yes...maybe I reacted too strongly to the often misused "literally."
But even real-time interception would not (seemingly) be that valuable to analysts. Assuming that suspects aren't dumb enough to use their own personal accounts and to talk of their plans explicitly, it seems analysts would want the historical aggregate of which alias accounts talked to which other alias accounts.
Hell, Facebook can already figure out if you're connected to someone even if you've never directly interacted on the service...if the allegations are true, I wonder how much of the requested data comes with pre-baked network-calculated goodness?
Obviously all conjecture here, but what came to mind for me is things like having a keyword filter on a bunch of accounts (whoever you're watching). The moment they Google for something you want to see you get an alert that it happened.
You do not need to have belief systems; knowledge is more powerful. And conspiracy theory is a loaded term. Remove both from yourself to process information better.
Some parts of this technology are actual prisms (several patents pop-up via google) , this might remove all parties legally speaking.
Furthermore these can be installed fairly easily without anyone really knowing, though some physical access is required.
The same technique was used in http://en.wikipedia.org/wiki/Room_641A and pretty much all over every pipe, including the one this data went throught to show up on Hacker News.
I'm not sure why this is a big surprise to anyone. I'm a cynic, but if anyone asked me whether I think the NSA, CIA, or FBI are eavesdropping on personal communications, I would say, "of course they are." This is nothing new: ECHELON, Clipper/Skipjack, Carnivore, ...
How many times does some one have to say this? I'm sorry, but this sort of comment is getting pretty tiresome.
Yes we all "knew". All of us "knew". Some of us have "known" for something like 15 years. (Which, BTW, is why I'm most sure why Obama is getting so much flack. Its a Clinton - Bush - Obama scandal.)
But none of us, not one, actually did know anything at all. We suspected, or assumed. But we did not know. Not unless one of us is working for the NSA, etc, etc. (Ironic if I have just picked on the one poster who is)
Now we do know. It is absolute. No doubt, no shouting down, we know.
There is a huge difference: Before we were written off as conspiracy nuts jobs. Now we have certain knowledge.
Im not picking on you personally. Your post is one of many in the past couple of days. As such I have not down voted you, that would be unfair. But please, can people stop with this sort of comment? We all know we "knew".
No. Don't downplay people concerned with privacy who noticed a series of obvious, blatant actions over a period of literally decades as cynics or conspiracy nuts.
You are picking on people; we really did know, not "know." It was obvious, it remains obvious, and the fact is that its going to continue and get worse despite the revelations of this week, unless we do something.
Painting rational people who notice and complain about government overreach as paranoid is precisely what enables the expansion of these policies. You should be asking what you can do now to help rather than setting us up to be further discredited or ignored by implying our years of complaining weren't substantiated until just now.
Am I the only one to think this is too good to be true? I mean, this can have the exact opposite effect, and become a big "don't trust what you read on the Internet, kids".
NSA doesn't even have to deny anything. Let the other interested parties wash their hands, and leave with a "told ya" smile.
Not sure if it was intentional or not, but seems a very convenient prank. I know, Conspiracy theory^-1. We'll see.
I mean, I guess I see what you're saying, but obviously at least a handful of people at each of the member companies knew. I believe those are the people the parent comment is talking about.
I guess I'm not so surprised that it's happening and I'm more surprised with the transition from "yeah it definitely looks like they're doing it" to "we have hard evidence that they're doing it."
It's not about surprise, it's about proof. Comments like this are nothing but highschool cool-table karma whoring. "I knew it all along" adds nothing to the conversation. Congratulations for nothing.
Carnivore definitely was, and it wasn't really kept secret. If you worked long enough in telecom or Internet service, you probably got to install a Carnivore box in your data center.
Echelon was indeed confirmed, afaik, although in less apocalyptic terms than initially described, hence deflating the related news-cycle. In a way, 20 years later, all the fuss looks very naïf compared to what GCHQ and friends do nowadays.
Two days, two major reveals, wouldn't be suprised if tomorrow I wake up to find out that they've been switching on the microphones and cameras on webcams and cellphones.
I've always wondered how a government agency would reliably set up cameras in everyone's home 1984 style. I find it hilarious that we may just go down to Best Buy and install in our own homes.
There was of course that one amusing Onion article about some US intelligence agency making its own social network so that everyone would just voluntarily give up all their information.
Not to mention all of the revelations over the past few weeks. Either the administration is trying to top Nixon or there is some kind of conspiracy playing out.
I wonder how the Obama administration will repond to this other than the usual "Terrorism is bad and you need to trust us that we do all this for your own safety"
Depends on the level of criticism, I suppose. I expect to hear the perennial favorite at some point: "It's all Bush's fault because he did it first!"
If things get really bad, perhaps there'll also be a bit of "I was as shocked and angry as you were when I learned about these things for the first time from my morning paper," followed by a few rounds of "Quick, look over there, some right-wing guy said something stupid!"
I hate to be this guy but there are people lighting off bombs out there and as soon as a big one goes off people will demand they do a lot more than this. Would you rather have your Facebook scanned or see a car bomb go off in Times Square during rush hour? That's not hyperbole, that's the decision we have to make.
That is hyperbole. The number of terrorist incidents is massively low, and the few that the government claims to have stopped were such laughably unrealistic plots that one wonders the government even bothered. Meanwhile, we have a government surveillance program that literally surpasses the level of the Stasi, here in the United States, and simultaneously an administration that will not even reveal the criteria used for deciding when to engage in an extrajudicial killing.
Sorry, but you cannot scare me with terrorism. I would rather see the rare terrorist attack than live in a country where I have to think twice about what I say on the phone.
Bullshit, 'the Stasi"? Go talk to somebody who lived in East Germany. And they catch people all the time trying to get bomb materials, how did you think they were doing it, luck? (In the case of the car bomb in Times Square you're right, it was dumb luck, the timer malfunctioned.) If the average person didn't freak out and start yelling retarded things like 'Stasi!' I'd say fine, maybe my fucking Facebook is worth people's lives but they do freak out and then they pass things like the Patriot Act, or worse. So to prevent mindless fear I say fine, scoop up whatever crap you need, if I want something kept secret I know how to do it.
My partner grew up in East Germany and has told me of the Stasi and their activities. I note that the GP wrote 'we have a government surveillance program that literally surpasses the level of the Stasi' - emphasis mine, and I think this is a fair statement.
Also, on a meta-point, every time I see someone start their post off with the word 'Bullshit' on HN - and I see it quite often, like it's some sort of HN meme - I always think: gee, that post would have lost nothing from the exclusion of that first word and probably would have been a little more in service of promoting civil discourse.
How old's your partner, I've known two people who escaped from East Germany and one from Romania. I asked them all about what it was like living there & how they escaped because of course I'm an asshole American and all I got was the thousand yard stare. When the Berlin Wall fell there were hundreds of divorces because they found out their spouses were spying on them. Bugging people's homes was routine. If you said anything against the government you were shipped off or executed. In the case of the Romanian guy I've never seen that kind of look on a man's face. In all three cases I feel terrible for even asking, and I won't be doing it again. Datamining your worthless Facebook page does not compare to what they went through.
I have a general policy of not divulging exact personal details of friends or family on the Internet without their express consent. But suffice it to say she was old enough to understand what the Stasi did, and lucky enough to have not been directly affected by them as an individual, although some people around her were: interrogations, permanent disappearances, etc.
However, not everything was beatings, disappearances and terror. Believe it or not, East Germany wasn't all downsides. People were employed, general crime was apparently quite low, children felt relatively safe, children were given education (though indoctrination was certainly a heavy component), they were clothed and fed. While the standard of living sounded like it was relatively low across the board, it also seemed that this standard of living was more evenly distributed than might have been the case in some other places at the time. Obviously traditional Communism has borne out to be more or less unsustainable, and I won't be participating in any debate about Communism vs other dogmas, but I feel I would not be accurately conveying all that I've been told were I not to mention these counterpoints to the Stasi's behaviour.
One fascinating thing my partner has told me is that for some reason, the memories she has of East Germany before the wall came down tend to be in black and white, in her mind's eye.
As you retell, the Stasi were quite big on the human intelligence angle, but I doubt they would have had to resort to such measures would they have had access to the kind of communication infrastucture that is common in the developed world today. Such a system as the NSA et al have access to now, would have been a Stasi wet dream, I'd imagine.
> Bullshit, 'the Stasi"? Go talk to somebody who lived in East Germany.
I grew up as a kid in Romania, we didn't have the Stasi but we did have the Securitate (http://en.wikipedia.org/wiki/Securitate), which were as bad if not worse. I would like to confirm that from half a Globe away what I'm reading about the NSA gives me the chills.
They don't catch anyone! The only plans they intercept are their own fucking plans! Have you not noticed that every would-be "terrorist" they've caught was entrapped? That is, without the US government talking them into it and supplying the materials they wouldn't have done shit? Get your fucking head out of your ass, you're selling our freedoms to fight shadows.
Nobody wants to see a car bomb go off in Times Square, but the problem with this line of reasoning is that it requires an unrealistic amount of trust that the government won't take this power to extremes. It's just human nature that power tends to corrupt, and absolute power will corrupt absolutely -- especially if left unchecked. In the case of these revelations, how can something be kept in check if its mere existence is kept secret by those who abuse it?
I'm just happy someone found a productive use for Facebook.
But right, it can't be kept in check because it will bleed out into other areas of law enforcement. Then we hit back. But I do think people's thermometers are good enough to know when something like this is warranted and when it's not. When you remember that we are at war, on our own soil, this is a very minor thing. But if one major attack happens though it will create a panic and then we'll see major changes to our way of life. And a lot of the same tough guys here from New York and San Francisco will be the ones demanding it.
So in 20+ years we have 12 cases? And how do we know any of these cases are actually true? Because the people who benefit from wiretapping us claim it's true? The cases I follow have all been clear cut cases of entrapment (where the victim still went to jail!).
You're a moron. We had none of this infra in place until recently and what have the "terrorists" managed to pull off? Two WTC attacks in 20 years and the biggest one killed 3k people. I'd rather take the chance on a bomb going off in Time Square at rush hour. That happening is insanely unlikely, but the government abusing privacy information has already happened. The more they have the worse it will get.
The only "terrorists" I worry about is the US government itself.
Did I sleep in the day we actually made that decision? Because from where I'm standing it looks like the government made that decision for us, without telling us about it.
Had we been asked to participate in the decision somehow, armed with a bit of the 'transparency' this government keeps talking about, we might have weighed the evidence and democratically chosen the exact same course of action - although I'm not 100% sure of that. But none of us were asked.
All of this deserves impeachment. Will Congress oblige? That's the real question. Normally, Republicans would be more than happy to do it - but for something like this? I'm more skeptical about that.
I think their is a high placed mole. It might even be that Obama is the source of the leaks, and he's a good guy after all. Jury is still out on that one.
This got me thinking. Linux distros has usually been seen as a safe harbor for people. We now have proof that MS and Apple has been in bed with the governments for a long time, and but even before it wouldn't have been too wrong to think MS/Apple has some kind of back door.
Years ago, something called Ubuntu came up to spread linux to the masses. While it was hard to install and maintain a linux pc before, Ubuntu made it so that it was almost as simple as windows. I know this is a baseless conspiracy theory, but would it be too far fetched to think maybe Ubuntu was sponsored by the government to spread linux and lull the people into a false sense of security in their linux environment?
At least with KDE you can define sizes for a whole lot of things, I guess that should help. (I like OpenSUSE by the way, it gets slicker and slicker all the time)
I wonder if the NSA and the politicians that enabled this realize the amount of economic damage this could do to the US by promoting the balkanization of the world's telecom networks and spreading mistrust for US tech and telecom companies. This seems very short sighted, if they care about that stuff at all.
According to slide 2, all of it. You might be confusing this with yesterday's Verizon story, which was "only" metadata -- caller, sender, time, and duration. This one is "actual" data -- email content, chat text, audio/video of VoIP calls.
(From the article, there's also a parallel NSA program (BLARNEY) that collects metadata only. I don't know why there's two of them).
Rather, I'm trying to hold onto the idea that my mail is not directly piped, entirely, into a government tracking and storage system. No questions asked, no filters: just everything.
BLARNEY is data-mining from IP metadata collected at Internet backbones, which is obviously a far broader net than backdoors at a few specific services.
Here is hoping that there is zero.zero percent corruption in the FBI, NSA, and CIA. A lot of disruptive start-ups and research institutions use Google business[1] and education[2] apps...
I think YouTube too, saw a mention of it in one of the articles linked from HN. Which I guess makes sense from their point of view, there was this case about 3 months ago of two Russian spies caught in Germany who had "taken orders" by way of YouTube comments (http://online.wsj.com/article/SB1000142412788732453200457836...).
And then of course there's all the "jihadist" YT videos (Arabic Nasheeds and all that) with lots of comments that may hold "useful" data, like IP addresses of those commenting. Of course I've long time ago created a YT playlist with a couple of these nasheeds (even though I don't understand a word some of them do sound really nice), which I hope to counter-act in NSA's eyes by my loyal membership to /r/murica and limitless fanboyism for the works of Thomas Paine.
Most Google services can work over SSL (after years of pressure). That trumps ISP's DPI. And live traffic is nothing compared to your search history (with location and profiling) and email.
Do you think the NSA has gotten all the internet giants to bow down but somehow failed to get root certificates? SSL is not going to keep you out of this sort of surveillance.
They lend their face and their bullshit smile to the government towards which many people have a much more healthy distrust. I agree that this doesn't make them the main culprit, but they don't get to completely wash their hands of it either. Big (monstrously huge, actually) corporations make the job of tyrannical governments much easier; how about we chop them into more manageable bits without having personally hard feeling towards them, and deal with the government(s) at the same time?
No, it's absolutely productive and helpful. We the people have no voice. Companies like Google who makes billions are the ones with a voice. If a million people left Google in protest you could expect action. If a million people signed some bullshit online petition nothing at all would happen.
What really shocks me is why wouldn't a technologist/coder / etc - Whisteblow this sort of information. Why would they sit behind a computer, deploy/design such software, and not have some concern, and go public with this?
This is not about the "NSA, CIA, or FBI" - it's about those other companies enabling those gov agencies to gather such information, why doesn't someone from those companies speak up that deploys this software?
Is it really about $$$? Is it the same reason programmers create SPAM bots?
SOOooooo, which one of you geeks wrote the code to track call data, then wrote a script to export the data to the NSA - THEN you didn't tell the rest of tech community.
Most programmers are very much unlike you or I. Think about those legions of DoD/DoD contractor engineers that trust government implicitly and totally, and really don't give a shit about more "hacker"/"technologist" subjects.
oh please. like this has a thing to do with POTUS. I worked at an ISP in 1998 when we were contacted by the FBI and required to install carnivore. This has been going on a very long time.
I'll make the middle-ground argument then: Obama is at fault and should have done better, but he's also done a lot of other good things. This is one aspect of his presidency I am not happy with; for a lot of other aspects, I think he has been quite reasonable and progressive.
Plus, careful wording allows all sorts of out. Google says they don't provide a "back door", but this sort of thing could be defined as coming in the front door.
At least as far as we know. We're in new territory here--this is a secret court with secret rulings so it's unknown what kind of orders have been issued. There may very well be one that requires denial. Or the NSA could be skipping a step and be making use of its backhaul fiber firehoses and a cache of certificates to decrypt SSL traffic. Hopefully we'll find out...
Confirming or denying, or stating the (in)ability to talk about it is a breach of the requirement to keep the information classified. The proper response is 'we do not know what you're talking about'. Which is what they said. It can't be conflated with something stupid like 'cannot confirm or deny' which tells you right away.
Not exactly. From the article:
>Google specifically denied that it has a "back door for the >government to access private user data."
>Apple told CNBC, "We have never heard of PRISM. We do not >provide any government agency with direct access to our >servers, and any government agency requesting customer data >must get a court order."
They are not providing a back door, but it isn't the _means_ of providing information to the NSA that citizens are upset about, it is the 'providing information to the NSA' part.
Actually it's the backdoor bit that's more problematic. If they hand data by court order that is acceptable but if the government has direct lines to servers that is much more problematic.
Isn't it kind of surprising that the leak for this came from a career intelligence officer and not one of the many tech-utopia idealists who work at these kinds of startups? Not necessarily someone at the executive level, but one of the scores of employees required to assess, review, and implement the alleged backdoor? It's not just a matter of ethics, but just that you'd think someone must be idealistic/reckless enough to leak it from the companies' side
Edit: Also, as has been pointed out elsewhere...this program only cost $20M a year? If that's the price of eternal security, I'd say we got a pretty goddamn good deal. The shitstack that is the government's stimulus contracts database alone cost $18M to build (http://www.propublica.org/article/stimulus-transparency-watc...). And what percentage of a fighter jet's paint job does $20M cover?
I'd say it's possible that the government is unconstitutionally intruding on our privacy but also doing it in a bumbling way (which also has its downsides).