"Communications from US phone numbers, the documents suggest, were removed (or “minimized”) from the database – but those of other countries, including the UK, were retained."
I'm interested in knowing the specifics on this. US data goes into a database and is then proactively removed? Minimization procedures [1] allow the nsa to keep US data up to 5 years to determine where it's coming from. It's also kept if "they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity."
So until the documents show otherwise, I assume that most of my text messages from the past 5 years are in an nsa database, and all messages that my friends sent to buy weed are there, perhaps being used to parallel construct criminal cases [2].
And at the very least, all of it would be visible to the systems administrators...
I would assume much longer. I have a recollection [i.e. I cannot build a google query to find a reference right now] of some poor schmuck working with a tribute band who asked him to send a text message of the lyrics to "Machine Gun" (a Jimi Hendrixs song). Something along the lines of 'please send us machine gun'. He promptly replied with the words and a few hours later was on the wrong end of an armed response team storming his house asking where the machine gun was.
At the time the only explanation he could think of was his messages were being intercepted but this was denied and the official explanation was he had supposedly sent the reply text to the wrong person who called the police. His phone logs showed he sent the reply text to the correct number but the police just dismissed this with no explanation.
Now we have a more plausable explanation. This has apparently been going on for a long time.
"Devine, who plays in a Clash tribute band in his spare time, had sent a message containing lyrics from The Clash's Tommy Gun to his lead singer who had forgotten the words to the song.
According to The Sun, the message read:
"How about this for Tommy Gun? OK - SO LET'S AGREE ABOUT THE PRICE AND MAKE IT ONE JET AIRLINER AND TEN PRISONERS"
The arrest has prompted speculation about how the message was intercepted. Police maintain that Devine's message went astray. They say he actually sent it to a woman in Bristol by mistake and it was she who alerted police to the content.
However, The Sun also quotes Chris Dobson, a terrorism expert, as saying that the interception clearly shows that GCHQ is monitoring all vocal and textual mobile phone traffic."
How many similar messages, that at first glance seem suspicious, are ant each day? If GCHQ was trolling for these automatically and forwarding them all to the local police, they would be overwhelmed. It seems much more likely that the reply went to the wrong destination, and a public spirited recipient panicked and notified the police.
I hope people see from this that if the OP or any of his friends decides to enter politics, they are compromised. They have strong reason to believe the NSA has dirt on them, and that if they speak out about the NSA in a way the NSA feels threatened, there is information that could be leaked to discredit them. So, will they risk all the good they might be able to do elsewhere to tackle the NSA? And this is merely the compromising information the OP remembers... and wants to tell HN about, or considers compromising. Once the likes of Fox News twist things up, even the genuinely innocent can be spun as vile and evil.
Sure, buying a bit of weed might not be as devastating as other things, but there its the point, there is the mechanism of control. And none of it involves or requires NSA goons inviting one to a parking lot at 2am for a quiet word.
Your weed-buying friends are quite safe from the full power of the NSA and 'parallel construction' being brought to bear on them and their petty crimes. I can't really understand why anyone would even _think_ that would be the case?
In fact, I just don't understand the problem people have with the 'parallel construction' of evidence. By its very nature, if the original evidence existed, and new alternative sources can be found, these it must be believed that they point to the fact a crime has been committed. In which case it should be prosecuted, and the criminals brought to justice. Or are people suggesting that if the NSA finds evidence of a crime, that crime can no longer be prosecuted even using alternative, non-NSA sourced evidence? That we should just wait until investigators stumble across the crime by accident, and allow many criminals to avoid prosecution?
My feeling is that if a valid and uncontested, un-tainted evidence trail exists, showing that a crime has been committed, then morally there is no problem. We are not talking about the use of torture to obtain the original evidence, for example, rather it is a side effect of the intelligence gathering process. This sort of cross-pollination between intelligence agencies and law enforcement has always been present, and the source of the original 'tip off' was generally inadmissible due to classification or to protect sources.
This is not even a new idea. Law enforcement has to deal with 'tainted' and inadmissible evidence all the time, from protected sources, conversations overheard in bars and so on... Sometimes the evidence has even been allowable at the time it was collected, but circumstances change later. Anyway, in these situations it is standard practice to try and obtain different, non-tainted and admissible evidence pointing to the same outcome.
We now have a new word for this, in 'parallel construction' but the outcome is no different.
The problem I have with parallel construction is that it rewards potentially illegal behavior on the part of law enforcement and prosecuting attorneys in a manner that's difficult to police.
"Parallel construction" doesn't just mean "look for other evidence of the same crime", it involves keeping the existence of the original, inadmissible evidence secret from the defense and the court, then constructing a chain of events that plausibly would have lead to incriminating evidence without knowledge gained from the illegal search.
Among other things, this secrecy deprives the defense a reasonable opportunity to argue the inadmissibility of the new evidence on the grounds of it being the fruit of the original, illegal search.
Note that I say "argue" — there are right ways and wrong ways for law enforcement and prosecutors to "work around" tainted evidence, but if the existence of tainted evidence gathered in secret is routinely hidden from defendants and courts, it becomes very hard to hold anyone accountable for going about things the wrong way.
Probably not. The article says 200 million a day (in 2011), which seems like a huge amount, but the volume of text messages in the US alone was 2.3 trillion in 2011 [1] (I'm using US numbers since I don't know where you're from). If you operate under the assumption that they're only collecting Americans' text messages, that means they would be collecting 3% of text messages if I did my math correctly. I'm assuming the global text messaging numbers are significantly higher.
I love textsecure. My problems is twofold: I don't know in advance who is using it from my contacts, and I know for sure none of my non geek relations is using it, not even for business stuff, which could make sense. And so as much as I like it (thanks!!!) I am not convinced this is the solution. Am I wrong ?
As I understand, you can use Textsecure as your default SMS app which means it will automatically send either a plain or encrypted message to a recipient depending on whether they have the app installed or not.
Of course if you use a non-stock messaging app, like Handcent for instance, you may not want to switch to Textsecure for other features/reasons.
No, you need to initiate a secure session manually, and my experience was that unless you knew the other person was for sure using text secure, this could cause problems, since of you tried to handshake with the other person using a stock app, it could get stuck in the handshake. This was a while ago, so I don't know if the problem still exists.
Text secure is great, though. Really, really great.
Unfortunately, there are no explanations on webpage and I'm not currently into the mood of reading source code to figure things out.
Maybe outgoing (unencrypted) SMS sent through TextSecure app are tagged as "hey, we can upgrade this to secure comms". Then all you have to do is use the app. But I really don't know.
The current SMS-based version of TextSecure uses whitespace tagging for contact discovery.
The next-gen data-based TextSecure protocol (which is currently deployed in CyanogenMod's WhisperPush implementation of TextSecure, but not yet in the Play Store app) uploads a hashed list of the user's contacts to the server for contact discovery.
Thanks, Moxie! Been using it for a while now, and apart from the odd crash on a memory-starved ancient Droid, I'm happy to report that It Just Works :)
Still trying to convince other people to use, without much luck in non-geek circles :(
Whatever you can imagine the most powerful intelligence agency imaginable doing, the NSA is doing. I am literally unable to think of anything that the NSA is _not_ collecting or controlling. Every SMS message sent? Yep. Location data on every cell phone? Yep. Controlling a 100k-computer botnet, including via radio transmitter to contact computers not on the internet? Yep.
I admit I can't keep track of it all; at this point I just assume that anything I can imagine the NSA doing, it's either already been revealed that they're doing it and I just haven't managed to keep track, or they're doing it even though it hasn't been revealed yet.
How about that thing in the Dark Knight Batman film, where he hacks into all the cell phones and then uses reverb / echo analysis to somehow create a 3D volume rendering of the space.
Great, let's start doing something about it instead of complaining. Here's my cynical take on a back of the napkin recipe for political change:
1. Call, write, tweet, and facebook your representatives, both local and federal, and tell them what you think- be sure to inflate your credentials and threaten to give money/votes/accolades to their political enemies. For bonus points, tell their enemies the same thing. For even more bonus points, run as a candidate yourself.
2. Write/speak/act out in the public sphere, make sure to get as much attention as possible and to be moderately vitriolic and abundantly populist in your rhetoric. Use only words, concepts, and rhetoric that a dim 9th grader would understand.
3. Join a physical protest- if there isn't one near you, it's your job to start one. I'd keep it nonviolent if I were you. I know that this isn't the cup of tea for most HN readers, but there's no way around it: physical presence matters, and the numbers of people who have protested surveillance thus far have been extremely paltry. We don't have the luxury of waiting for someone else to do it for us.
4. Convince your less-enlightened friends and relatives to do items 1-5, or at least be terrified of the government.
The best political threat we can create is converting minds. We need more writing and better articles to ground the flags flown on Facebook and Twitter. We need to appeal to people's reason and principles. Otherwise why bother?
If I could write well, I'd start a dialog around the concept that "We shouldn't have needed Snowden". The fact that we don't have transparency into our own government, that it took someone to break the law to give us the transparency we most certainly should have had into the NSA's activities (The national security arguments don't cut it and we need to explain that well), is a clear sign that our democracy is broken, that "government by and for the people" is dying.
Focus on average joes/peasants who have been hurt/otherwise disadvantaged by the surveillance.
If you can't find such an example, you need to take off the kid gloves and explain clearly that endemic surveillance is a cause of AND an effect of totalitarian governments.
Be sure to emphasize the historical incidences (STASI, Hoover, present day China/Russia) in which surveillance has been abused in order to support the narrative that once performed, surveillance will result in abuse.
As far as the day of action itself, I'd shift your focus onto trying to drum up physical presence-- anyone with a campaign can flood the internet, but flooding meatspace is much more difficult and also much more effectual.
EDIT: I thought about my comment for a while then realized it could be re-worded and re-thought out in a very simple way.
Your movement needs agitprop. Find a hornet's nest for the average joe, then hit it. Focusing on Aaron isn't the right way to go about that because most people have never heard of him. I have more feedback; email me if you'd like.
I don't think your take is particularly cynical. You seem to believe we can still stop this stuff. I think a cynic would have promoting encrypted communication as at least one of their bullet points.
I'm convinced that as much as people ever raise a hue and cry, including Congress, and including repealing or amending/trimming existing laws, the President has an ace in the hole to continue doing pretty much everything that is occurring now in the form of EO 12333.
So, I'm not sure where the repetition in this plan succeeds at affecting the executive order.
Your right, action is what is needed. We cannot expect most ordinary citizens to use by default the most secure communications or private setup.
Therefore the law needs to fall in favour of privacy for ordinary communications (SMS, calls, email). Our future politicians, representatives and all citizens are far from likely to be users of the most secure communication methods during their lives and the holding of their information is a complete affront to the democratic process.
Why "at least"? The couldn't before because public would be sensitive. Now with checkpoints everywhere, NSA spying, cavity searches, homeless people beaten down to death by cops getting away with it, DOJ declining to investigate bank scandals, IRS, Benghazi, Fast and Furious, they do not need logos with pink teddy bears and stills of a happy family holding hands with smiling children on the beach. The majority of public IS already got used to this tyranny. Coming forward with less PR is a next, obvious and logical step. After that: huge military boot on your face!
"NROL-39 is represented by the octopus, a versatile, adaptable, and highly intelligent creature. Emblematically, enemies of the United States can be reached no matter where they choose to hide. 'Nothing is beyond our reach' defines this mission and the value it brings to our nation and the warfighters it supports, who serve valiantly all over the globe, protecting our nation".
This is very clearly collection of the contents of messages, and not simply metadata. The fact that US messages may later be "minimized" from the database is vaguely helpful, but not much of a reassurance. That data should never be collected in the first place, and bulk collection of international data is also an unnecessary practice.
If this helps motivate you, we need all the help we can get with https://thedaywefightback.org. If you're a designer, developer (including frontend, backend, devops, mobile app), get in touch by emailing contact@thedaywefightback.org and we'll write back and let you know when we need your skillset the most.
I'm picturing where they summarize or rpg raze the content of a message and then label this rephrasing as "metadata" so as to deny they don't have the actual content.
As if they were to compress the content then claim they do the the original content because it has been compressed.
> "The note warns analysts they must be careful to make sure they use the form’s toggle before searching, as otherwise the database will return the content of the UK messages – which would, without a warrant, cause the analyst to “unlawfully be seeing the content of the SMS”."
I still don't understand something. If they are intercepting text messages globally, how do they do that if two people are texting each other in within the borders of their own country using their national carrier? Their texts never leave the country. Has the NSA somehow compromised or coerced various carriers around the world to provide them with this data?
NSA and GHCQ apparently routinely backdoor international carriers. I vaguely remember something about a Belgian carrier stumbling upon the backdoor and struggling to remove it for months.
You're kidding, right? Whatsapp especially is known for having a ton of security issues over the past year or two, and Snapchat is no better. The snaps still go through their servers, which means the NSA can still intercept them, and Snapchat has even admitted they keep the "unnopened" ones, and they even give them to authorities (decrypted).
Since the NSA taps the backbone, they have protocol analyzers that reverse engineer wire traffic to put it into semistructured form for processing with MapReduce.
Nothing escaped them since the collection and the data deconstruction is separate.
you probably weren't serious, but in the case anyone else is unsure about this: whatsapp is and always has been broken from a security standpoint and there is no need for the/a NSA to penetrate anything in their case. i wonder how you could've missed out on what happened to snapchat lately though, two links as some sort of a short introduction:
However the fact that WhatsApp and Snapchat's popularity tells me that people are not really educated about their true privacy and how completely broken it is.
That was the first thing I picked out too. From wikipedia (I know..):
> Meta ... is a prefix used in English ... to indicate a concept which is an abstraction from another concept, used to complete or add to the latter.
How is the entire message content abstract to the entire message content? It seems like they've just added the prefix to get around some legal obligation. What the fuck.
It's a bit more nuanced than that. What they seem to be doing is looking at the contents for automated text messages such as missed call alerts or texts sent with international roaming, and using that to generate metadata such as call data or geo-location data, called 'content-derived metadata'. So it's generating new metadata records by analysing the content.
Technology can help to a certain extent, but only if open source and handled client side. No amount of encryption on Apple's (or any company's) end will matter, because users can no longer trust them.
I'd assume that if government investigators got his text messages, they had a warrant. If they didn't, the messages wouldn't be admissible evidence in court. And if the messages were presented in court, they're now a matter of public record.
The A Rod investigation is being done by private entities. Most of their "evidence"
either comes from an individual or was bought. In the end he's taking MLB to Federal court in a civil action. It has nothing up do with the government.
Who is making these piss poor presentations? They're hideous and terrible. I could look past the gross invasion of privacy if they would at least spend 10 minutes building some decent designs. Get it together, NSA!
I'm interested in knowing the specifics on this. US data goes into a database and is then proactively removed? Minimization procedures [1] allow the nsa to keep US data up to 5 years to determine where it's coming from. It's also kept if "they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity."
So until the documents show otherwise, I assume that most of my text messages from the past 5 years are in an nsa database, and all messages that my friends sent to buy weed are there, perhaps being used to parallel construct criminal cases [2].
And at the very least, all of it would be visible to the systems administrators...
[1] http://www.theguardian.com/world/2013/jun/20/fisa-court-nsa-...
[2] https://www.eff.org/deeplinks/2013/08/dea-and-nsa-team-intel...