Aletho News


NSA Defender Explains How Even Though NSA Spies On Americans, It’s OK To Say They Don’t

Orwell Would Be Proud

By Mike Masnick | Techdirt | February 6, 2014

Benjamin Wittes of the Brooking Institution has become the go-to non-government NSA apologist. One of his most recent articles is a true work of rhetorical artistry, in which he tries to explain why saying “the NSA doesn’t spy on Americans” is acceptable shorthand for the fact that the NSA spies on pretty much every American. It’s a master class in political doubletalk. First, it’s the law’s fault. The law, you see, is too complicated for mere mortals not working for the NSA to understand, so that makes it okay to lie:

The law is so dense and so complicated that it cannot be accurately summarized at a level a citizen can reasonably process.

Any effort to summarize the relevant law necessarily ignores themes sufficiently important to its architecture that the reductionism will partake of serious inaccuracy. The person who told my friend that NSA does not spy on Americans was not lying. He or she was highlighting a crucially-important limitation on NSA’s authority vis a vis US persons. The law and the relevant regulations all contain significant territorial restrictions and significant protections for US persons overseas as well—all designed to separate the foreign intelligence mission of NSA from both domestic intelligence and domestic law enforcement. It’s a sincere and pervasive effort. “We don’t spy on Americans” is a common shorthand for a wealth of law and practice that really and meaningfully keeps the agency out of the business of being a covert domestic intelligence agency.

Got that? Because there are some limitations on all the spying they do on Americans, and it’s too complicated to understand those limitations, so it’s okay to lie and say they don’t spy on Americans. Of course, in the very next paragraph, Wittes tries to effectively brush away the massive amount of surveillance done on Americans.

NSA, after all, does spy on individual Americans with an order from the FISC. It does, moreover, capture all domestic telephony metadata. And most importantly, it does routinely capture communications between Americans and the targets of its surveillance and incidentally capture other material its systems scoop up overseas—subject to rules that limit the retention and processing of US person information. In other words, to say that NSA does not spy on Americans emphatically does not mean, as a reasonable student or citizen might expect it to mean, that the agency does not regularly acquire and process the communications of Americans.

Of course, as Jameel Jaffer from the ACLU points out, this is all nonsense because it’s a simple fact that the NSA does do surveillance on Americans, and to claim otherwise is not acceptable shorthand. It’s a lie. And while Wittes then tries to obfuscate things even more by trying and purposely failing to come up with a concise way of summarizing what the NSA does, Jaffer helps out with a few workable suggestions:

This is nonsense. Perhaps Ben’s right that it’s difficult to come up with a single sentence, or even a single paragraph, that clearly and comprehensively describes the nature and extent of the NSA’s surveillance of Americans. (Can you describe any federal agency’s functions in a single, comprehensive paragraph?) But it’s not difficult to come up with a sentence more accurate than “The NSA doesn’t spy on Americans.” Try this one: “The NSA spies on Americans.” Or this one: “The NSA collects a huge amount of information about Americans’ communications and in many contexts it collects the communications themselves.” Or this one: “The NSA is sometimes described as a foreign-intelligence agency but this label should not obscure the fact that a large part of the agency’s energy is dedicated to collecting and analyzing information about Americans.”

Jaffer further points out that Wittes’s suggestion that those who claim the NSA doesn’t spy on Americans are really trying to tell the truth through shorthand, is actually misleading. As Jaffer points out:

Any official who says the NSA isn’t spying on Americans is seeking to mislead.

And anyone defending that statement is trying to support that fundamental attempt to mislead.

February 6, 2014 Posted by | Civil Liberties, Deception, Full Spectrum Dominance | , , , , , | Leave a comment

Legal Analysis Requested By Members Of Parliament Says GCHQ Surveillance Is Illegal Too

By Mike Masnick | Techdirt | January 29, 2014

We’ve seen a few times now how legal analysis suggests that the NSA’s surveillance activities are clearly illegal. However, over in the UK, the government has appeared to be even more protective of the surveillance by GCHQ, and even more insistent that the activities have been legal. While there’s a thriving debate going on in the US, many UK officials seem to have pushed back on even the possibility of a similar debate — and there has been little suggestion of reform. While it’s still unclear how much reform there will be of the NSA, the UK government hasn’t indicated even an openness to the idea.

But now, similar to the recent PCLOB report in the US, a legal analysis of the GCHQ, written at the request of a bunch of Members of Parliament, has argued that much of what GCHQ is doing is illegal under UK law:

In a 32-page opinion, the leading public law barrister Jemima Stratford QC raises a series of concerns about the legality and proportionality of GCHQ’s work, and the lack of safeguards for protecting privacy.

It makes clear the Regulation of Investigatory Powers Act 2000 (Ripa), the British law used to sanction much of GCHQ’s activity, has been left behind by advances in technology. The advice warns:

  • Ripa does not allow mass interception of contents of communications between two people in the UK, even if messages are routed via a transatlantic cable.
  • The interception of bulk metadata – such as phone numbers and email addresses – is a “disproportionate interference” with Article 8 of the ECHR.
  • The current framework for the retention, use and destruction of metadata is inadequate and likely to be unlawful.
  • If the government knows it is transferring data that may be used for drone strikes against non-combatants in countries such as Yemen and Pakistan, that is probably unlawful.
  • The power given to ministers to sanction GCHQ’s interception of messages abroad “is very probably unlawful”.

There’s a lot more in the report, described at that Guardian link above, which is well worth reading. It makes you wonder how much longer the UK government can pretend that everything is perfectly fine with the GCHQ’s activities.

January 29, 2014 Posted by | Civil Liberties, Full Spectrum Dominance | , , , , , , , , | Leave a comment

Obama Plans Cosmetic Surveillance Changes After All, Will Set Up Pretend Fight Over NSLs

By Mike Masnick | Techdirt | January 6, 2014

Leaks coming out of the Obama administration suggest that the President is preparing mostly cosmetic changes to the intelligence community, following the recommendations from the intelligence task force — which were much stronger than many expected. The reports suggest things like putting a public advocate to represent the public’s views in certain cases before the FISC. This has been talked about for a while, and was the main concession plenty of people had been expecting anyway. That’s hardly anything big.

The article talks about two other potential reforms. The first is shifting the holding of phone call metadata from the NSA to the phone companies, allowing the NSA to still search through it after getting a court order. While this may be a marginal improvement, it still has tremendous problems. It will almost certainly come with some sort of data retention law — something that the feds have wanted for ages, and which civil liberties activists have been fighting against for years. Companies shouldn’t be required to hang on to data they don’t need, especially if getting rid of it can better protect their users’ privacy. Furthermore, while not letting the NSA hang onto the data is a good thing, there is a reasonable concern that if the telcos are hanging onto the data themselves, that they, too, might do bad things with it, with little to no oversight.

However, most of the article from the LA Times focuses on National Security Letter (NSL) reform. We’ve written about those for years. NSLs are the way that the FBI can demand information from companies without any judicial review at all and, even more insane, with a complete gag order that prevents the recipient from telling anyone (including, at times, your lawyer). The FBI has an incredibly long history of “serious misuse” of NSLs, and has shown little to no interest in fixing the process. Nearly a year ago, a court actually ruled them unconstitutional, but there’s an ongoing appeals process that will take quite a bit of time.

However, as the article notes, the DOJ/FBI and other surveillance maximalists are all horrified by the idea that Obama might actually require judicial approval of NSLs, for all but “emergency” situations. What this sounds like is that the President may suggest something along those lines, there will be a well coordinated press attack from surveillance hawks freaking out about the danger this puts us all in… and then he’ll back down on that one point. And we’ll be left with… basically nothing, but the President will go around insisting that he reformed the intelligence community, while everything more or less stays the same.

January 7, 2014 Posted by | Civil Liberties, Corruption, Deception, Full Spectrum Dominance, Progressive Hypocrite | , , , , , | Leave a comment

NSA Admits Lots Of People Could Have Done What Snowden Did

By Mike Masnick | Techdirt | December 31, 2013

The NSA keeps changing its story about Snowden. Was he brilliant or a nobody? Did he have access to all these documents or did he have to hack into systems? Did he get the important stuff or not? Each time the story seems to be different. A few months ago, you may recall the NSA insisted that Snowden needed to borrow the identities of others to access the documents he had. They also argued that he must have bypassed or deleted log files. However, in an interview, the NSA’s Director of Technology, Lonny Anderson, admits that basically anyone at the NSA with top secret clearance could all access the same stuff and also claims that all the log files were there:

contrary to much of what’s been reported about Snowden’s work at the NSA, it wasn’t his position as a systems administrator and the broad access to networks and databases that came with it that allowed him to steal so many secrets. Rather, Anderson said, “the lion’s share” of the information Snowden obtained was available to him because of his top-secret security clearance — TS/SCI — which allowed him to access so-called sensitive compartmented information.

That’s an important distinction, because it means any number of the thousands of people at the NSA with the same clearance level could have done what Snowden did — not just the smaller number of systems administrators, who have a kind of “super user” access that isn’t granted to all other employees. That helps explain why Anderson couldn’t tell the White House that there were no more Snowdens. Theoretically, there could have been thousands of them.

Of course, who knows if Anderson is telling the truth. Later in the interview he seems to contradict himself — both claiming that Snowden’s activities on the network were tracked (“He was not a ghost. It’s not like he was so stealthy that we didn’t see his activities”) and that Snowden was able to get away with what he did because he was “anonymous” on the network.

“Where I think we were negligent — if we were negligent — where we were is that we allowed him some form of anonymity as he did that. Someone wasn’t watching all of that. So the lesson learned for us is that you’ve got to remove anonymity from the network.”

I guess it’s possible that the actions were tracked without the identification of who it was. Amusingly, you could argue that the NSA had the metadata on Snowden’s actions, but not the actual details of who he was. Oh, the irony.

The one area where Snowden’s sysadmin role apparently did play a part was in being able to get many of those documents off the network without being noticed. Part of his job was, as revealed earlier, to move documents around within the NSA’s network, but his sysadmin status allowed him to download those documents without any alarm bells going off.

What Snowden could do as a systems administrator, as opposed to an employee without those privileges, was to “exfiltrate,” or remove data from the NSA networks, Anderson said. “That, a normal user would not have been able to do.” He acknowledged that the NSA’s information control regime is not currently designed to alert officials when documents are being removed by a systems administrator. That’s going to change, Anderson said. In the future, individuals will also be locked out of the networks if they remove data without authorization.

At this point, it’s difficult to believe anything that the NSA is saying about Snowden, because so much of it seems to contradict what the NSA itself has said in the past. Perhaps that’s just part of the disinformation campaign. Or, perhaps it’s a sign that the NSA still has no clue what happened.

December 31, 2013 Posted by | Deception | , , , | Leave a comment

Obama’s Response To Too Much Secrecy About Surveillance… Is More Secrecy

By Mike Masnick | Techdirt | November 27, 2013

Anita Kumar, a reporter at McClatchy, has a good article highlighting how, for all the talk by the Obama administration about how it needs to be more open and transparent about what the NSA is doing, in actuality, the administration has built up the walls even higher, increasing the levels of secrecy… including secrecy about how he’s responded to everything:

Obama has been gradually tweaking his vast government surveillance policies. But he is not disclosing those changes to the public. Has he stopped spying on friendly world leaders? He won’t say. Has he stopped eavesdropping on the United Nations, the World Bank and the International Monetary Fund? He won’t say.

Even the report by the group Obama created to review and recommend changes to his surveillance programs has been kept secret.

As is noted in the article, the administration, which likes to pretend it’s the most transparent in history, is actually one of the most secretive. Its attempts at transparency have almost exclusively been focused on where it can get the most political bang, not for what areas people expect the government to be transparent about — such as how it interprets the laws that allow the government to spy on everyone…

What’s incredible is that it appears that no one high up in the administration seems to recognize how this is a strategy that will almost certainly make things worse, not better. It may be how the administration is used to functioning, but it makes it much more difficult to believe anything that is said about a supposed “vigorous public debate” being held on the surveillance activities. It also means that as more leaks come out revealing more questionable practices, the constant backtracking and excuses will just destroy whatever credibility the administration has left on this issue. If, instead, it were to actually be transparent and simply reveal things like how it interprets the law, and allow for a real public discussion on these matters, that would actually result in some frank discussions that the administration seems terrified of actually having.

Extreme secrecy may seem like the easier short-term strategy, but it’s just digging an ever deeper hole that the administration is going to have to try to climb out of in the long-term. Hiding reality from a public that’s going to find out eventually is just making the problem worse.

November 28, 2013 Posted by | Civil Liberties, Deception, Full Spectrum Dominance, Progressive Hypocrite | , , | Leave a comment

Copyright Extension Goes Into Effect In The UK: More Works Stolen From The Public Domain

By Mike Masnick | Techdirt | November 11, 2013

Even as there have been indications around the globe that perhaps we’ve had enough copyright term extension and it’s time to move back in the other direction, over in the UK, they just put in place a big new copyright extension which increases the term from 50 years to 70 years for sound recordings and performers’ rights. We had discussed the EU decision two years ago to seize the public domain by retroactively pulling works out of the public domain, and now it’s officially gone into effect.

While we’ve pointed out for years that when people claim that infringing works are “stolen,” they’re using the wrong word, since nothing is missing, that is not the case here. Here, things are absolutely missing. The entire purpose of copyright law is to provide the incentives to have the work created in the first place. As such, it’s a deal, where the public grants the creators an exclusive right for a number of years, in return for getting the work (in a limited fashion) for a period of time and then having that work become public domain at the end. Retroactive copyright extension is a unilateral change in that deal — directly taking the work away from the public domain without any recompense to the public the work has been stolen from. This makes absolutely no sense. Clearly, since the work was created, the incentive was good enough at the time of creation. Adding on more years that the public doesn’t get it at the end does nothing to incentivize the work that was already created fifty years ago.

There is simply no reason to have done this, and to have taken these works out of the public domain. Scholars have pointed out that there is no legitimate reason to do this, no evidence that it does anything useful at all. Instead, there’s plenty of evidence that the cost to the public is tremendous — somewhere around a billion euros. The cost to culture in general is even worse, because the longer copyright terms are, the more works disappear entirely, and the more it harms the dissemination of knowledge. It’s basically a disaster all the way around — except for some old record labels that still have the copyrights.

November 11, 2013 Posted by | Corruption, Economics, Full Spectrum Dominance, Timeless or most popular | , , , , | Leave a comment

No Surprise: NSA Stores All Metadata It Collects For At Least A Year, Even If It Has Nothing To Do With Anything

By Mike Masnick | Techdirt | September 30, 2013

The latest revelation from the Snowden docs published by The Guardian is that the NSA’s MARINA metadata system for internet data stores the information it gets for up to a year.

“The Marina metadata application tracks a user’s browser experience, gathers contact information/content and develops summaries of target,” the analysts’ guide explains. “This tool offers the ability to export the data in a variety of formats, as well as create various charts to assist in pattern-of-life development.”

The guide goes on to explain Marina’s unique capability: “Of the more distinguishing features, Marina has the ability to look back on the last 365 days’ worth of DNI metadata seen by the Sigint collection system, regardless whether or not it was tasked for collection.” [Emphasis in original.]

Note that this is different than the phone metadata that people have been talking about. This is “internet” metadata — so browser history, contacts, etc. In other words, the kind of stuff that Dianne Feinstein accidentally admitted the US is scooping up by the boatloads by tapping the internet’s backbone with help from US telcos.

The fact that they can look through it even if it hasn’t been “tasked for collection” is pretty big. It again shows how the NSA keeps saying one thing (such as claiming they only keep data on people they’re “targeting”) is simply false. The NSA continues to redefine things. Information isn’t “collected” until it’s searched. And it’s apparently not “stored” until it’s moved into a different database than this one.

How does anyone take these guys seriously?

September 30, 2013 Posted by | Civil Liberties, Deception, Full Spectrum Dominance | , , , , , | Leave a comment

Court Reveals ‘Secret Interpretation’ Of The Patriot Act, Allowing NSA To Collect All Phone Call Data

By Mike Masnick | Techdirt | September 17, 2013

The FISA Court (FISC) today released a heavily redacted version of its July ruling approving the renewal of the bulk metadata collection on all phone calls from US phone providers under Section 215 of the Patriot Act. This is part of the “secret interpretation” as to how the FISC interprets the Patriot Act’s “business records” or “tangible things” section to mean that the government can order a telco to turn over pretty much all records — even as the very author of the law says it was written specifically to not allow this interpretation.

Much of the ruling is pretty much what you’d expect, given the way defenders of this program have been insisting that this is all very legal. It argues that Smith v. Maryland show that there are no privacy protections in data given to your telco. It goes on at length defending the third party doctrine, arguing that because some third party holds your data, you have no expectation of privacy. As many have argued, this is a ridiculous and antiquated view of the third party doctrine, not at all consistent with modern technology, but the FISC repeats it without question. While some have pointed out that even if single points of metadata might not be privacy violating, collecting all of them creates a new problem, the court rejects that entirely.

From there, there’s a big discussion of whether or not “there are reasonable grounds to believe that the tangible things sought are relevant to an authorized investigation.” This is a big part of where the concern lies. How can the government defend the claim that all records are “relevant to an authorized investigation.” Here, the court compares the order to the Stored Communications Act (SCA), which lets the government get access to records as well. And then the word games begin. Basically, it argues that because one law requires “specific and articulable facts” and that the information must be “material,” while the other (the PATRIOT Act) does not, then the government doesn’t need specific and articulable facts. Rather it just needs “a statement of facts showing there are reasonable grounds to believe that the records are relevant to the investigation.”

For non-content records production requests, such as the type sought here, Section 2703(c) provides a variety of mechanisms, including acquisition through a court order under Section 2703(d). Under this section, which is comparable to Section 215, the government must offer to the court “specific and articulable facts showing that there are reasonable grounds to believe that the records or other information sought, are relevant and material to an ongoing criminal investigation.” 2703(d) (emphasis added). Section 215, the comparable provision for foreign intelligence purposes, requires neither “specific and articulable facts” nor does it require that the information be “material.” Rather, it merely requires a statement of facts showing that there are reasonable grounds to believe that the records sought are relevant to the investigation. 50 U.S.C. That these two provisions apply to the production of the same type of records from the same type of providers is an indication that Congress intended this Court to apply a different, and in specific respects lower, standard to the government’s Application under Section 215 than a court reviewing a request under Section 2703(d). Indeed, the Act version of FISA’s business records provision required “specific and articulable facts giving reason to believe that the person to whom the records pertain is a foreign power or an agent of a foreign power.” 50 U.S.C. §1862(b)(2)(B) as it read on October 25, 2001. In enacting Section 215, Congress removed the requirements for “specific and articulable facts” and that the records pertain to “a foreign power or an agent of a foreign power.” Accordingly, now the government need not provide specific and articulable facts, demonstrate any connection to a particular suspect, nor show materiality when requesting business records under Section 215. To find otherwise would be to impose a higher burden — one that Congress knew how to include in Section 215, but chose to dispense with.

Also, it argues that since Section 215 allows recipients of the order to challenge them and no telco ever has that this lends it to believe there are no problems with the law.

Second, Section 2703(d) permits the service provider to file a motion with a court to “quash or modify such order, if the information or records requested are unusually voluminous in nature or compliance with such order otherwise would cause undue burden on such provider.” Congress recognized that, even with the higher statutory standard for a production order under Section 2703(d), some requests authorized by a court would be “voluminous” and provided a means by which the provider could seek relief using a motion. Under Section 215, however, Congress provided a specific and complex statutory scheme for judicial review of an Order from this Court to ensure that providers could challenge both the legality of the required production and the nondisclosure provisions of that Order. 50 U.S.C. §1861(f). This adversarial process includes the selection of a judge from a pool of FISC judges to review the challenge to determine if it is frivolous and to rule on the merits, provides standards that the judge is to apply during such review, and provides for appeal to the Foreign Intelligence Surveillance Court of Review and, ultimately, the U.S. Supreme Court. This procedure, as opposed to the motion process available under Section 2703(d) to challenge a production as unduly voluminous or burdensome, contemplates a substantial and engaging adversarial process to test the legality of this Court’ Orders under Section 215. This enhanced process appears designed to ensure that there are additional safeguards in light of the lower threshold that the government is required to meet for production under Section 215 as opposed to Section 2703(d). To date, no holder of records who has received an Order to produce bulk telephony metadata has challenged the legality of such an Order. Indeed, no recipient of any Section 215 Order has challenged the legality of such an Order, despite the explicit statutory mechanism for doing so.

Basically, the court says “why of course there’s an adversarial process” to protect users’ privacy. It just depends on Verizon or AT&T taking up the fight on behalf of their users, and they haven’t done so, so let’s just assume everyone’s okay with this. That’s kind of crazy when you think about it. Admittedly, the public should be up in arms that Verizon and AT&T appear to have no interest in challenging these broad collections of data, but that hardly makes them constitutional.

From there we move onto the interpretation of how this massive data collection could possibly be seen as “relevant.” First, it notes (as mentioned above) that the government doesn’t need to prove that the data is actually relevant. Just that it has reasonable grounds to believe that they are relevant.

As an initial matter and as a point of clarification, the government’s burden under Section 215 is not to prove that the records sought are, in fact, relevant to an authorized investigation. The explicit terms of the statute require “a statement of facts showing that there are reasonable grounds to believe that the tangible things sought are relevant.

Then it basically says that because the NSA can sniff out terrorists within a giant database, that makes the entire database relevant. Really.

This Court has previously examined the issue of relevance for bulk collections. See; [REDACTED] While those matters involved different collections from the one at issue here, the relevance standard was similar…. (“[R]elevant to an ongoing investigation to protect against international terrorism….”). In both cases, there were facts demonstrating that information concerning known and unknown affiliates of international terrorist organizations was contained within the non-content metadata the government sought to obtain. As this Court noted in 2010, the “finding of relevance most crucially depended on the conclusion that bulk collection is necessary for NSA to employ tools that are likely to generate useful investigative leads to help identify and track terrorist operatives.” [REDACTED] Indeed, in [REDACTED] this Court noted that bulk collections such as these are “necessary to identify the much smaller number of [international terrorist] communications.’ [REDACTED] As a result, it is this showing of necessity that led the Court to find that “the entire mass of collected metadata is relevant to investigating [international terrorist groups] and affiliated persons.” [REDACTED]

It then applies those previous, redacted-named rulings, to this case, repeating the DOJ’s own filing saying “all of the metadata collected is thus relevant, because the success of this investigative tool depends on bulk collections.”

That’s ridiculous and tautological. You could argue that the “success” of a program designed to stop crimes “depends on” putting cameras inside everyone’s home, but that doesn’t make it any less a violation of privacy. It also hardly makes the collection of all such data “relevant.”

The FISC continues to tap dance on the grave of the 4th Amendment:

The government depends on this bulk collection because if production of the information were to wait until the specific identifier connected to an international terrorist group were determined, most of the historical connections (the entire purpose of this authorization) would be lost. The analysis of past connections is only possible “if the Government has collected and archived a broad set of metadata that contains within it the subset of communications that can later be identified as terrorist-related.” Because the subset of terrorist communications is ultimately contained within the whole of the metadata produced, but can only be found after the production is aggregated and then queried using identifiers determined to be associated with identified international terrorist organizations, the whole production is relevant to the ongoing investigation out of necessity.

Once again, that makes no sense. First off, just because you can put together all this aggregate data and use it to find criminals and terrorists doesn’t automatically make it legal. Once again, I’m sure that having cameras in everyone’s homes would allow similar capturing of illegal behavior. But that doesn’t make it legal. Second, the argument that without this metadata collection the information would be “lost” is clearly untrue. As was just revealed a few weeks ago, AT&T has employees embedded with the DEA who are willing, ready and able to do deep dive searches on decades worth of phone records (even beyond AT&T). The data isn’t lost. They’re available via AT&T employees who are working right alongside government employees.

Incredibly, the FISC then claims that the mere claim that terrorists use the phone system is enough to show that all phone records are relevant.

The government must demonstrate “facts showing that there are reasonable grounds to believe that the tangible things sought are relevant to an authorized investigation.” The fact that international terrorist operatives are using telephone communications, and that it is necessary to obtain the bulk collection of a telephone company’s metadata to determine those connections between known and unknown international terrorist operatives as part of authorized investigations, is sufficient to meet the low statutory hurdle set out in Section 215 to obtain a production of records.

Except, almost nothing there makes sense. It’s not true that it is necessary to obtain bulk collection of the metadata to find those connections. And just because terrorists live in houses, we don’t say that it’s okay for law enforcement to search every house. Take this same argument and apply it to anything else and the 4th Amendment goes away entirely.

In short, this shows the serious problems with these efforts being non-adversarial. The FISC more or less buys the government’s argument at every single turn, even though there are multiple arguments for why the government’s position is either not true or, at the very least, misleading.

September 18, 2013 Posted by | Civil Liberties, Deception, Full Spectrum Dominance | , , , , | Leave a comment

Another Reason The NSA Needs To Go: It’s Been Doing What It Explicitly Was Told Not To Do

By Mike Masnick | Techdirt | September 10, 2013

One of the key things that people quickly realized after last week’s revelation about the NSA putting backdoors into encryption, was that this was exactly what the federal government had tried to do with the Clipper Chip back in the 90s, and after a public debate, it was rejected. The battle over the Clipper Chip was one of the key legal/tech battles of the 1990s.

And then the NSA went and did it anyway.

Jack Shafer, over at Reuters, points out that there’s this pattern of the NSA not taking no for an answer, discussing the attempts to stop PGP and also the infamous Total Information Awareness program:

Zimmerman and his allies eventually won the PGP showdown, as did privacy advocates in the mid-1990s, defeating the government’s proposal for the “Clipper chip,” which would allow easy surveillance of telephone and computer systems, and again after 9/11, when Congress cut funding for the Defense Department office in charge of the Total Information Awareness (TIA) program, a massive surveillance database containing oceans of vital information about everybody in the United States.

But the journalistic record proves we can’t trust government’s white flag of surrender. In the case of TIA, the government abandoned the program’s name but preserved the operation, as Shane Harris and others reported seven years ago, giving it new code names and concealing it in places like the NSA. The documents Snowden stole from the NSA show the government capturing and analyzing much of what TIA sought in the first place.

Basically, this suggests that even if the NSA is told to stop doing the various things it’s doing, it’s only a matter of time until they do them anyway. One response to this — which many are taking seriously — is to look into re-architecting the internet to see what can be built, ground-up with security in mind, specifically making sure that the NSA can’t weasel its way in.

But there’s a separate issue as well. How do we stop basic government overreach after it’s been made clear that they don’t have a mandate to do what they’re doing? Yes, government officials and NSA defenders like to pretend that they did have a mandate here, and will point to the FISA Court or other aspects to argue that it’s perfectly fine — but when they’re explicitly doing exactly what they were denied a decade or more ago, those arguments ring hollow. But, if they’re allowed to get away with it, without any response, then they’ll never stop. No matter what they’re told not to do, they’ll just keep doing anyway, because what’s the worst that happens? People complain about it?

So it seems that there needs to be a very different system in place — on that involves real oversight, not the pathetic joke that is the Intelligence Committees of both houses of Congress and the FISA Court. And, frankly, it should be over a new organization. It seems clear at this point that you can’t reform the NSA. It’s rotten to its core. Yes, signals intelligence and other intelligence activities can be important and necessary, but it really seems like we need to breakup the NSA, and restructure the whole thing such that it can be built in a manner where there’s actual oversight, rather than having it do whatever it wants and pretending everything is fine any time anyone accuses them of anything.

September 11, 2013 Posted by | Civil Liberties, Deception, Full Spectrum Dominance | , , , , , | 1 Comment

Feds Threaten To Arrest Lavabit Founder For Shutting Down His Service

By Mike Masnick | Techdirt | August 16, 2013

The saga of Lavabit founder Ladar Levison is getting even more ridiculous, as he explains that the government has threatened him with criminal charges for his decision to shut down the business, rather than agree to some mysterious court order. The feds are apparently arguing that the act of shutting down the business, itself, was a violation of the order:

a source familiar with the matter told NBC News that James Trump, a senior litigation counsel in the U.S. attorney’s office in Alexandria, Va., sent an email to Levison’s lawyer last Thursday – the day Lavabit was shuttered — stating that Levison may have “violated the court order,” a statement that was interpreted as a possible threat to charge Levison with contempt of court.

That same article suggests that the decision to shut down Lavabit was over something much bigger than just looking at one individual’s information — since it appears that Lavabit has cooperated in the past on such cases. Instead, the suggestion now is that the government was seeking a tap on all accounts:

Levison stressed that he has complied with “upwards of two dozen court orders” for information in the past that were targeted at “specific users” and that “I never had a problem with that.” But without disclosing details, he suggested that the order he received more recently was markedly different, requiring him to cooperate in broadly based surveillance that would scoop up information about all the users of his service. He likened the demands to a requirement to install a tap on his telephone.

It sounds like the feds were asking for a full on backdoor on the system, not unlike some previous reports of ISPs who have received surprise visits from the NSA.

August 18, 2013 Posted by | Civil Liberties, Full Spectrum Dominance | , , , , | Leave a comment