I will be interested to see how NSA apologists like Sen. Diane Feinstein and Rep. Mike Rogers respond to this. It appears to confirm that the safeguards we are supposed to enjoy against invasions of our privacy are limited to the voluntary compliance of NSA workers and contractors. I’ll have more to say about the details later, but I just wanted to open the discussion right away.
About The Author
BooMan
Martin Longman a contributing editor at the Washington Monthly. He is also the founder of Booman Tribune and Progress Pond. He has a degree in philosophy from Western Michigan University.
66 Comments
Recent Posts
- Day 14: Louisiana Senator Approvingly Compares Trump to Stalin
- Day 13: Elon Musk Flexes His Muscles
- Day 12: While Elon Musk Takes Over, We Podcast With Driftglass and Blue Gal
- Day 11: Harm of Fascist Regime’s Foreign Aid Freeze Comes Into View
- Day 10: The Fascist Regime Blames a Plane Crash on Nonwhite People
“Voluntary compliance” is officialese for “noncompliance”.
What are we to make of the apparent inability of the NSA to get rid of the red spell-check underline from its PowerPoint slide?
Internal PowerPoint documents tend to be sloppy in IT shops–private, public, it doesn’t matter. Making schedule and delivering the product are higher concerns. The training course apparently was sourced from design document illustrations instead of actual screen captures in action. And the design document likely was also in PowerPoint and used PowerPoint mockups of the screens.
Also interesting is the editorial redaction of actual sensitive material that the Guardian has but will not publish.
This is sorta OT, but one thing in this whole kerfuffle that shocks me is: how is Booz Hamilton not coming under fire? I mean, if there’s one thing that everyone agrees on, it’s that vetting and hiring Snowden wasn’t a competent move in terms of Booz’s own mission. They seem to have escape any censure for the actions of their heroic/traitorous/psychotic/principled employee. They’re no ACORN.
OT: You’ve had some pretty harsh words for Alan Grayson.
Have you seen this?
http://www.dailykos.com/story/2013/07/31/1227862/-Alan-Grayson-is-THE-MOST-Effective-Legislator-in-C
ongress-Today-the-Empirical-Evidence-Proves-it
Maybe his time off made him a little more serious.
It is true that I might have to start revising my opinion of him. But I notice how quickly he capitulated to the President’s stepping on the joint hearing he and Justin Amash had planned to air the information from the ACLU, Electronic Frontier Foundation, and Glenn Greenwald.
The old, attention-seeking Alan Grayson would have never cancelled that hearing.
Great catch!
It’s the NSA!
They’re supposed to be good with computers!
Assuming the slide is true, it’s telling that they can only store the data for a month before there’s too much. That I am a lot more likely to live with, and in fact would comport with the laws I suggested a week ago to limit how long you can have data like the German agency.
Of course then there is the is the info they decide to put away for ever, and the fact that it’s everything ever.
I thought that was the most interesting of the Guardian series so far, and I continue to be befuddled by the haphazard and often nonfactual roll out of each installment. Not that I expect anything more from its authors.
Yeah, it’s a little bizarre. You’d think that professionals like Rogers and Clapper and Obama wouldn’t just … lie. At least not when they must suspect that documents will prove they’re lying.
But it’s not about them. I mean, sure, ‘this is a discussion I’m eager to have’ is an insultingly blatant lie, but this stuff is bigger than any one oversight regime, or president, or administration. The specific authors of the official-line falsehoods strike me as utterly irrelevant.
I believe you totally misread Bazooka Joe’s comment.
He really, really did. Unless it was meant to be ironic?
At this point, I’m impressed by the Greenwalds and Steggles of the world even being able to spell ‘NSA’ correctly…
What a colossal waste of time.
Unless it was meant to be ironic?
Nah. Way too over the top.
I’m sorry, I didn’t mean to hurt your feelings. That’s funny about spelling ‘NSA’ wrong, though. Because NSA is an acronym! I am still laughing.
I think you’re a little too hard on Greenwald. It must be very difficult for him, knowing that despite all his effort, he’s making no impact on the political world.
Proper oversight, absolutely, but I think it’s important to make a distinction between the technological aspects and the legal aspects here. If we want our government to play a role in online security–and I do, personally–then the technology is, I think, appropriate. Given the speed with which things happen in the internet, you would absolutely need to have these kinds of capabilities in place in order to respond to online threats.
And there are some serious threats out there. Snowden has talked about US cybercrimes against China, for instance, but what about Chinese cybercrimes against the US? It’s safe to assume the Chinese can do anything the NSA can do, and the rulers of China are not known to be the most scrupulous people on the planet, so how is our government to respond?
A little perspective is useful, too. I’m not at all suprised by this revelation, because it’s what I’ve been assuming all along. But I’m still not convinced that this actually constitutes surveillance, because with a very small number of exceptions, no one is actually looking at all this data. There’s just too much of it. If you think the NSA is reading everybody’s email, just do the arithmetic. The estimate I’ve seen is that the NSA has about 40,000 employees, and there are at least 245 million internet users in the US. So if the NSA was actively monitoring internet use in the United States, each employee would be responsible for monitoring 6,125 users.
And of course that’s just the US. There are over half a billion internet users in China, and it’s not as if they’re irrelevant to the NSA’s concerns. So yes, they could read my email (they could come to my house, too), but it would be a complete waste of time.
Besides, a large percentage of the NSA’s employees aren’t going to be using the system, but building and maintaining it. This basically requires a tailor-made interface for every system they want to pull data from, with data mapped down to the field level, so building and maintaining those interfaces is going to be a big part of what they’re doing. They also have to maintain the servers, and then of course their own security is a major concern.
Finally, it’s also useful to compare the NSA to other online giants. However gargantuan their operation may be, it’s not the biggest. It’s tricky to compare, because we don’t know all the details about anybody’s data centers, but for instance you can compare the new 1,000,000 square foot NSA center in Utah to the Google data center in The Dalles, Oregon, which is about 700,000 square feet, and is just one of thirteen Google data centers that we know of. So it’s highly unlikely that NSA has anything like Google’s capacity, and that’s not counting Amazon, Microsoft, Facebook, China, India, etc., etc.
The capability is alarming to see in detail, but nothing I wouldn’t expect. However, the controls are too loose. Contractors should not have access to this stuff, in my opinion, and the reliance on auditing is troubling.
However, the controls are too loose.
That’s the problem in a nutshell for me.
“OMG, the NSA is looking through the internet to try to find terrorists!” is not scandalous. That’s what they’re for.
What I objected to under Bush was warrantless wiretapping – the executive breaking the law to do whatever it wanted, with no oversight or checks from the other branches. Government is always going to have capabilities that, however necessary, can be abused. We deal with this through oversight and checks. It really was a stroke of genius to use the power-seeking tendencies of those in government as a tool to protect individual rights, but setting different power-seeking government actors to watch over each other. That was missing under Bush.
But while returning to the law under Obama is great, it’s obvious that the checks under current law aren’t nearly strong enough.
The way you can access anybody’s stuff just by asserting that you have reason to believe they are overseas reminds me the pornsite trick of asking the user to certify that they are 18 years old. Okay, so now you are responsible for your actions and you can be punished if you get audited. But it isn’t doing much to keep porn away from minors.
In that kind of system, you have to be very aggressive as auditors.
I’d like to see more upfront management, and I’d like to see the system restricted to actual NSA employees who are more directly accountable.
Speaking of Bush, has nobody here noticed that this PowerPoint (which is obviously not by NSA but the sales team of some contractor hawking a project that may not yet exist) comes from 2008????
Sheeple!
The sales pitch became the training slides apparently. That’s how chintzy contractors are.
How can people that lame make a product that actually works? I know, the work is done by techies in a different department who don’t talk to anybody, but still…
If you think the NSA is reading everybody’s email, just do the arithmetic. The estimate I’ve seen is that the NSA has about 40,000 employees, and there are at least 245 million internet users in the US. So if the NSA was actively monitoring internet use in the United States, each employee would be responsible for monitoring 6,125 users.
Do we really know how everything is being stored? What happens 10 years from now, when you decide to run for public office(as an example), and someone elite tries to blackmail you with stuff that happened now?
Did you read the article?
So, to store damaging information on an American, it appears it would have to be stored in a special database like Pinwale. I expect taking that step would increase the likelihood of an audit, but the article doesn’t address the way that is handled.
Let’s say I get a job like Ed Snowden had and I want to find some dirt to use on Rand Paul. I could collect it and save it at Pinwale, but then I’d have to worry about explaining myself. And it got leaked, I’d have a hard time doing that.
I don’t think your scenario is a major concern.
You don’t need to save the incriminating stuff for everyone. Just the 538 members of congress, the various article III judges, and the relevant executive branch people. And for good measures all your likely antagonists. That shouldn’t take more than a few peta bytes to store.
The ability to squander resources is not something that China has at the moment. What you provide is a “worst case assumption” of the kind that has often led the US into deeper trouble.
Let’s talk about the legal issue which you rightly separate. And that goes to the US Constitution at least for American citizens. And the Fourth Amendment is pretty explicit about the requirements for seizing information.
I’m not sure that the Founding Fathers would have been sanguine about the British breaking into their houses and stealing their papers “under suspicion” with the excuse “but we’re not going to read all of them.”
There is still the requirement for probable cause with respect to US citizens.
NSA might not have the current capacity to mirror and archive the entire internet for up to some time limit of “imminent”, but they have budgeted for building that capacity. And NSA doesn’t use the same technology that Google does, so square foot comparisons might be misleading.
Also, the fact that NSA has direct access to Google, Facebook, and so on right now through some sort of splitting and capture technology that shields those companies from knowing what NSA is doing obviates having to capture everything from the major internet sites for now.
But the key issues to my mind are:
4, Budgetary — it is the tendency of bureacrats to build empires. The presence of so much information power in the hands of Gen. Alexander opens the possibility of the sort of blackmail that J. Edgar Hoover used his entire career to build the power and budget of the FBI.
What you put out over the internet is neither a paper, not a personal effect.
Reading messages you sent out is not remotely comparable to entering a home.
Which is likely how courts will rule. But the test of folks who make this argument is to ask for their passwords so that you can see their neither paper nor personal effects. What you get is assertions of privacy. So I would prefer that my messages not be captured and stored without my permission; if you ar cool with all your stuff sitting in an NSA server without probable cause, that should at least have your consent. And the reason that we need to have a thorough airing of this issue is to have an authentic political idea of what privacy constitutes these days in terms of providing the protections that the Founding Fathers sought to provide in the Fourth Amendment.
Essentially IMO they were seeking protection from being penalized in their personal lives for their political opinions so that political arguments could be made on the merits of the argument. And they were insisting on a right to be left alone by their government so long as there wasn’t probable cause to bother them.
Are you serious? Courts would most likely rule that datamining doesn’t violate the 4th Amendment, but you insist that it does anyway?
Let me put it in these terms. When would you feel comfortable for the government to be datamining you as an innocent law-abiding American citizen who might on frequent occasions regularly call-in pick-up orders from a Middle Eastern restaurant whose owner is a refugee from a village with a lot of “known terrorists”, left for the US for just that reason, and regularly calls his family back in the Middle East? Note that until they pull up the data in a search the analyst does not know that your calls are for ordering food (or might think that is code words for something else). But after the first search your content is stored and available for further searches and alerts. Suppose you contribute to Greenpeace. That potentially triggers an alert on the records of yours that are stored. And the analyst then searches on you. and brings in all the content for three hops from you.
Still sanguine about it?
My text of the Fourth Amendment doesn’t contain the word sanguine.
What are we talking about here? The Constitution? Good policy? Morality?
Hell, they can come to my house and ask me about my connections to the possibly terrorist dude at the Middle Eastern restaurant. So what? Whatever else you can say about the surveillance community, they aren’t such morons that they’d think I’m a terrorist because I like kebabs. And if I could help catch some terrorist while enjoying my kebabs, I’d be more than happy to help.
For that matter, what if it was twenty years ago and the feds or whoever were investigating this guy without having this massive internet datamining operation? They might get a warrant, search the restaurant, and find my contact information. Again, maybe they’d even come talk to me. So what? You’re so worked up about three-hopping, but that’s just how police work is done.
Police follow up with neighbors and “known associates” as a matter of course. I’ve never heard anyone complain about that.
But the test of folks who make this argument is to ask for their passwords so that you can see their neither paper nor personal effects.
That’s silly. I’m not going to let you take down my driver’s license number, either, but the police still get to ask to see it.
if you ar cool with all your stuff sitting in an NSA server without probable cause
Please note the conflation of “cool with” and “is constitutional.”
Why can’t people just argue their case anymore? Why does everything have to gussied up with b.s. language about war crimes, legality, or the Constitution? It’s like hanging up a bunch of red, white, and blue crepe paper to dress up a shabby Legion hall.
You give it to most store clerks when you write a check as well–without thinking about it.
Why should you give your drivers license number to the police if you are not being detained for cause?
You give it to most store clerks when you write a check as well–without thinking about it.
Yes, I choose to do that. Yet I still don’t choose to give it to some random guy on the internet.
Why is a request by you, random guy on the internet, for my password supposed to demonstrate anything? There are all sorts of random guys on the internet who aren’t entitled to do things that are legitimate for the government to do.
Why should you give your drivers license number to the police if you are not being detained for cause?
Because they’re allowed to ask for ID. You know this.
“They’re allowed” with no reflection is an interesting formulation. Under what circumstances are they allowed to do that and with what legal and constituitonal legitimacy? Or do they just make up their own rules? Who allowed them? How responsive is that who to you as a citizen?
You see, unlike a lot of more authoritarian regimes, the US does not yet have a national ID card or even state ID cards for everybody. So the presumption that everyone has an ID and that if one doesn’t has problems with it to begin with.
What these state voter ID laws seek to do in disguised fashion is create a national ID system.
What’s the problem with that?
Authorities can relieve you of your ID and in a strict ID system if you are without an ID you are an unperson under the law.
You choose not to give it up to some random person over the internet but you are comfortable with similar information be scooped up by NSA willy-nilly so they will have a very big haystack.
You, like most of us, willingly sacrifice privacy when required to for a transaction or a figure of authority, when the alternatives are to go without or face penalties. That isn’t freedom; that’s being manipulated by people with the power to do it. And yet you use the word “choose” as if you would ever do otherwise than comply. Don’t we all do that? Isn’t that the current state of the American way of life? Compliance?
“They’re allowed” with no reflection is an interesting formulation. Under what circumstances are they allowed to do that and with what legal and constituitonal legitimacy? Or do they just make up their own rules? Who allowed them? How responsive is that who to you as a citizen?
OK, my bad, you don’t know.
The Supreme Court has upheld the authority of the police to ask anyone they want walking down the street to provide identification.
http://en.wikipedia.org/wiki/Hiibel_v._Sixth_Judicial_District_Court_of_Nevada
You see, unlike a lot of more authoritarian regimes, the US does not yet have a national ID card or even state ID cards for everybody. So the presumption that everyone has an ID and that if one doesn’t has problems with it to begin with.
What these state voter ID laws seek to do in disguised fashion is create a national ID system.
What’s the problem with that?
Authorities can relieve you of your ID and in a strict ID system if you are without an ID you are an unperson under the law.
OK, this is irrelevant babbling. You sound like you’re going to start telling me about chemtrails and fluoride. We started talking about my driver’s license, and now you’re talking about driver’s licenses are a totalitarian plot.
You are walking down the street and you never had a drivers license. The police ask you for your ID. What does that do? And then what do they do?
The impetus behind the voter ID movement is anxiety about “illegal aliens”. And documents to prove they have a right to be here. What do lack of documents prove? It all depends on what you look like.
Drivers licenses originally were a state registered privilege extended on the basis of passing a qualifying test and re-passing it every several years.
The anxiety over the wrong people voting has extended the range of required identification to those seeking to vote, in addition to their registration to vote.
If the US ever went to a national ID as result of the political pressures from the right, it would open the opportunity to use denial or confiscation of documents as a means of control.
I’m thinking of this because the Chicago Police Department failed to return my drivers license; I have had to get a duplicate. Had I not been dealing exclusively with public transportation there and had a car there, I might have provided another opportunity for them to cite me with driving without a license or have had a car I couldn’t recover and possibly gotten towed or impounded.
Demanding your ID doesn’t obligate the police to return it to you. Authoritarians can use anything extralegally if they decide to. And you have no legal recourse at all.
BTW, those trails are called contrails and they are the exhaust of jet engines, generally a lot of CO2 and H2O. And flouride is why I have only 4 cavities (filled) after 67 years.
I am just reminding you of how easily we enable power by taking forced terms of service and infringements on our rights in stride without reflection, even as the incursions increase. Until as happened to me, that power gets abused.
This has nothing to do with voter ID. Nor does it have anything to do with immigration papers. Nor does it have anything to do with a requirement to carry ID.
The police can demand that you identify yourself. If you have no ID on you, you have no ID on you, and there’s no punishment for that.
But if you have ID, you cannot refuse to show it to them.
“I am just reminding you of how easily we enable power…”
What you’re “just” doing is changing the subject, because the “give me your password” demand that you thought was such a devastating rebuttal is just silly.
Great, so not only are you willing to trust large international corporations where you won’t trust your own government, now you’re telling me you trust China? Chinese cyber espionage isn’t a worst case assumption, it’s something we know to be happening now. And they have a HUGE capacity, and it would not be in any way a waste of their resources to be using these kinds of capabilities, even if only for defensive purposes, if they’re concerned about our cyber espionage against them.
As for the 4th Amendment, you’re missing a pretty crucial distinction here, which is that nobody is breaking into anybody’s house. The correct analogy would be the British secretly breaking into everybody’s house, making copies of all their papers, and then leaving everything precisely as they found it so that you’d never know they were there. Is that something the founders even contemplated when drafting the Constitution?
Your invocation of the founders is off-base, anyway, as most collective invocations of the founders are, because the founders collectively were unanimous about nothing beyond American independence. Jefferson would have hated all this, of course, but Alexander Hamilton would have been highly interested in the kinds of capabilities that the NSA has, and John Adams most likely would have been receptive to the program too.
For example.
Apparently they did because that prospect influenced the absolute language of the Constitution and the assumption that just as matter of principle, officers of the government who had been searched and seized would not want to see that happen to others.
I don’t trust large international corporations at all with my data despite the fact that I am compelled by license agreements to essentially let them do what they will with it without recourse. That’s another and a bigger issue that goes to the government privilege granted to corporations–another day for that kettle of fish.
I’m aware the Hamilton and John Adams would have loved the NSA.
But I am arguing from the principles of government that were enunciated as the justification for Independence and the Constitution. Just as they were meticulously taught to my generation in the midst of the McCarthy period. If there ever was an American exceptionalism, it was those rare times in US history when the government was raised by the people kicking and screaming closer to those principles.
Damn, shouldn’t have mentioned the Founders. If you didn’t have that to go off on you might have had to think about what China is doing on the internet.
What exactly is China doing on the internet? Knocking on doors to see if any open? Do you know of any US physical infrastructure China has damaged through cyberwarfare?
Get this. Where are most computers, cell phones, and tablets manufactured? Who makes the components? Who writes the device drivers for those components?
What we know is that the US requires hardware and software manufacturers to provide a backdoor for law enforcement. Reckon China does the same for stuff manufactured there?
I’m not sure that what China is doing justifies what the US is doing. That line of argument seems like a red herring to me. How other countries might be compromising privacy is a security issue that is in part made more difficult for US citizens by what the US government requires in compromising cybersecurity.
Bruce Schneier has extensive coverage of these issues.
But China is preoccupied with its own population mostly at the moment. And so apparently is the UK, which just mandated a similar censorship system.
Oh, by the way, one of the enunciated justifications for the Constitution was to provide for the common defense. But you knew that.
I challenge you to demonstrate how bulk collection of metadata instead of more focused information aids in the common defense. Like “national security”, “common defense” is supposed to be a discussion stopper without evidence. Or if there’s evidence, “it’s secret”.
Not the way to run a democratic republic, but a great way to run a tyranny.
I work in computing, and I have seen that security and safety is the last thing anyone wants to worry or even think about. The best success of a secure system is that nothing happens. Not much fun, not “sexy,” to work on something that is invisible in this way.
Where “our” means ” Americans’ “.
When they grossly invade my privacy they’re just doing their job.
Pretty much. I mean, I doubt the supervisor would feel like it was contributing to the cause, but…
What? I’m dangerously leftie, associate with other lefties, know some people with possibly interesting histories (if you believe their stories) and have been know to post blog articles that could be interpreted as both anti-American and anti-Israel if you’re the sort of authoritarian tool that runs this sort of thing. People have been monitored for much less. Which I guess makes you guilty by association and a legitimate target too.
“Our” means any innocent individual anywhere in the world. Constitutionally, according to the Supreme Court, it just means Americans.
“just doing their job” is not that far from “just following orders”, which I guess is what bugged Snowden.
By the way, one of the criteria for identifying a “terrorist: according to the training PowerPoint was “someone who uses encryption”.
Sen. Ron Wyden: Declassified Documents Show How Inaccurate Statements Have Misled Congress
Wyden is a member of the Senate Intelligence Committee.
“Voluntary compliance”. You mean like that which stops IRS workers from doing stuff with your bank account?
Seriously. They’re both government workers and Greewald/Snowden want to paint the government as always bad and never to be trusted. They have produced no evidence – none – of law breaking or ‘non compliance’.
Greenwald keeps dripping out the same content less ‘exclusive!’ ‘explosive revelation!’ Read Bob Cesca.
Yes, debate away on oversight and surveillance limits but recognose the game being played. And it is working, it’s impacting O’s approval numbers.
Why liberals and progressives are playing into Greenwald’s game is beyond me.
See Greenwald’s Latest Article Distorts the Truth Again?
Cesca’s yet to post …
This –> Charles Johnson: ‘This is not “journalism.” It’s deliberately deceptive demagoguery, in the service of absolutist libertarianism.’
Just because Greenwald is a hack doesn’t mean there’s nothing to this issue.
The FISA court structure is too weak. The ’80s ear electronic privacy laws are inadequate. The internal safeguards at the NSA appear to be too weak. Secrecy needs preclude a lot of this debate from reaching the public, which puts the onus on Congress, but the executive can use its secrecy powers to totally hamstring that oversight.
Glenn Greenwald’s habit of inflating everything he writes with bullshit makes it easy to blow the issue off entirely, but there really are concerns here.
Sections of the left are joining with the libertarian right and the tinfoil brigade, that’s what is happening.
All the points you make are valid but the context is ‘America is a Stasi Republic!’ and similar nonsense – which sections of the left are playing right into. They are not doing what O tries to do, regularly, which is calm things down to actually have a rational debate.
The way libs/progs are behaving will not be good for us because it plays straight into ‘gov=evil’. Too few are calling out Greenwald and his tactics IMO.
Don’t get caught up in the noise of a handful of internet weirdos.
What you’re talking about is happening, certainly, but there is also a real, important, reality-based, much larger conversation happening, too.
BooMan is trying to have that conversation, and he’s right to do so.
I say we turn over all surveillance and intelligence to robots. Can’t trust those damn humans to keep a secret. Especially when you have so many hipter doofus libertarians running around.
The NSA speaks.
OK, NSA, fine. You take your responsibilities under the constitution seriously, and you think you’re doing a fine job.
Still, somebody really should be checking your work. Another set of eyes, a disinterested party.
James Fallows has it exactly right.
James Fallows, The Atlantic: Why NSA Surveillance Will Be More Damaging Than You Think
CNN Opionion, Bruce Schneier: NSA secrets kill our trust
Bruce Schneier is a security technologist and author of Liars and Outliers: Enabling the Trust Society Needs to Survive.