Former CIA and NSA employee source of intelligence leaks

Started by merithyn, June 09, 2013, 08:17:17 PM

Previous topic - Next topic

Iormlund

Quote from: The Minsky Moment on June 10, 2013, 05:00:03 PM
Quote from: Iormlund on June 10, 2013, 03:40:59 PM
GPS location data can definitely be used to establish a link to a specific individual. In fact, for most people a single datapoint will do, since we do tend to spend the night at home.

And yet under Apple's policy, it is considered to be non-personal information, along with your occupation, language, zip code, area code, and unique device identifier.  They can do whatever they want with it - sell it, trade it, whatever.

That's the difference between you and me. You think it's fine for Apple to sell private data and hand it over to the government. I think the government should prevent Apple and from collecting and selling said data.

garbon

"I've never been quite sure what the point of a eunuch is, if truth be told. It seems to me they're only men with the useful bits cut off."
I drank because I wanted to drown my sorrows, but now the damned things have learned to swim.

DGuller

Quote from: Iormlund on June 10, 2013, 05:06:50 PM
Quote from: The Minsky Moment on June 10, 2013, 05:00:03 PM
Quote from: Iormlund on June 10, 2013, 03:40:59 PM
GPS location data can definitely be used to establish a link to a specific individual. In fact, for most people a single datapoint will do, since we do tend to spend the night at home.

And yet under Apple's policy, it is considered to be non-personal information, along with your occupation, language, zip code, area code, and unique device identifier.  They can do whatever they want with it - sell it, trade it, whatever.

That's the difference between you and me. You think it's fine for Apple to sell private data and hand it over to the government. I think the government should prevent Apple and from collecting and selling said data.
:yes: Just because our government fucks up in one area of protecting our privacy shouldn't excuse them really fucking up in other areas of protecting our privacy.

DGuller

Judging from the comments, and the posters taking sides, I have to conclude that Americans have been so successful at exporting democracy abroad that they didn't keep enough of it for internal consumption.

OttoVonBismarck

So I don't really believe in letting people get a pass on violating a security clearance just because it's a noble act of civil disobedience. If Snowden is captured, I'm fine with him suffering the full legal consequences. That being said, I'm also fine if he finds asylum in Iceland (apparently his ultimate goal) and don't really have any problem with what he did.

I basically think that the PRISM program appears to be entirely legal, was allowable under the terms of past legislation and is subject to periodic review by a FISA court. But I also think Snowden's act served a public good. We could argue that people should have read the legislation in question and "perceived" that such a system could be allowed, but to be honest if someone had suggested a PRISM-like system was up and running in 2011 they'd have been called nutty conspiracy theorists. I think even a lot of people that were familiar with the legislation frankly failed to predict how the government would interpret it.

That's where I think the problem lies for me, since FISA is in secret, and the administration programs are in secret, we basically were never able to have a public debate on this. Since this is just an "interpretation" of the law, and not something that I believe the average (or even sophisticated) observer could reliably deduce as a possibility from the text of the statute I do feel America was deprived the opportunity to discuss this. Now, in theory there are times when we need to be deprived of certain knowledge and information. As a check on despotism, we have standing committees in the House and Senate that are briefed on the classified stuff, and we have judicial (but secret) oversight of the programs that need to be so classified.

However, it feels like to me FISA is a rubber stamp court, and I can not even think of a single incident in which a Congressman or Senator on the Intelligence committees ever raised any sort of public outcry over particularly bad actions--so there does not appear to be appropriate legislative oversight of government clandestine acts nor has there ever been. Further, for me personally, I think the bar for keeping generalities secret can only apply when the classified action needs to be kept completely secret because of immediate concerns or because of grave strategic ones.

So, I'm fine with weapons systems being totally secret, both in their broad outlines and their specifics. I'm mostly fine with any type of foreign surveillance being conducted without or knowledge. But for general programs of surveillance in use in the United States, I think we need to have a public discourse. Further, I do not think doing so would damage the effectiveness of the system. For example as a society we generally know that in certain circumstances police can put GPS trackers on your car, or can tap into your phone lines. That doesn't reveal the specifics of any particular investigation, and nor does it remove the ability of law enforcement to use those tools. We should have had a similar discussion about PRISM. We did not need to name names of tech companies, but we could have debated specifically the idea of the persistent electronic monitoring of large tech systems with the ability of NSA analysts to run queries against the communications data.

I tend to think by and large Americans and the legislature would probably have still approved it if it had been debated openly, but since it was done in secret I think Americans will hate this program and never support it.

So basically, I'm fine with PRISM going on but think we should have had a public debate about it. I think the legislative/judicial oversights are weak-to-absent, and I think Snowden did something that was a net good but that doesn't absolve him of the consequences in my mind. My advice to him would be to get to Iceland, sign some book deals, start a foundation and give yourself a salary and be a non-perverted and more respectable version of Julian Assange.

OttoVonBismarck

Where PRISM needs to be significantly improved is in oversight. It's only acceptable legally because it is foreign surveillance of foreign communications that happen to be routed through American systems. But the bar for classifying communication as "foreign" or "domestic" appears to be low, and apparently significant discretion on that matter is given to low level NSA analysts. Further, it appears that the system in place to review and audit the system is essentially nothing. They collect data for whenever they "incidentally" scoop up American communications and it appears it gets piled into a quarterly report. It doesn't appear individual instances of "incidental" data collection are really looked into nor does it appear there is a trustworthy system in place to actually insure that the NSA is only monitoring "incidental" domestic communications.

My understanding is one way that American communications get scooped up, is there is an intelligence practice of going "two steps out" of a subject's circle. So if you know a terrorist is using a gmail account, you look into the communications of all of that terrorist's contacts or people he has emailed with. Then you look into all the people they've emailed with. I think that there needs to be a more regimented system in place. There needs to be a system where you can only open communications of a "primary" when it is known he is a non-American. Once that is known, you can compile a list of all first-level contacts and all second-level contacts, and then you need to categorize them by nationality. Any Americans, if you want to see their communication you either need to go through a warrant process through FISA, or if you can demonstrate some national security exigent circumstances situation you can just open their communication but you have to document your reasons for believing the exigent circumstances. After the fact, a judge has to review your decision, and if he disagrees there were genuine exigent circumstances then all the data collected for that American must be destroyed, and none of it can be used in any criminal prosecution. I think you can develop PRISM to have appropriate safeguards, but right now it is far too broad in scope with oversight two or three steps removed from where it should be. Since the FISA courts appear totally worthless from an oversight perspective I think some sort of independent inspector-general should get to audit all PRISM data collection, with a special focus on any data collected on Americans "incidentally" or any data collected on Americans under a warrant issued by FISA or under some doctrine of "exigent circumstances."

The Minsky Moment

Quote from: Iormlund on June 10, 2013, 05:06:50 PM
That's the difference between you and me. You think it's fine for Apple to sell private data and hand it over to the government. I think the government should prevent Apple and from collecting and selling said data.

I think Apple, Microsoft, or Company X should be free to enter into whateve contractual arrangements that want to make with their customers with regard to data, so long as they aren't fraudulent or coercive.  As a matter of observable fact, many people seem perfectly willing to accede to these arrangements (myself among them), which gives rise to obvious inferences about reasonable expectations of privacy in that data.
The purpose of studying economics is not to acquire a set of ready-made answers to economic questions, but to learn how to avoid being deceived by economists.
--Joan Robinson

DGuller

Quote from: The Minsky Moment on June 10, 2013, 05:24:04 PM
Quote from: Iormlund on June 10, 2013, 05:06:50 PM
That's the difference between you and me. You think it's fine for Apple to sell private data and hand it over to the government. I think the government should prevent Apple and from collecting and selling said data.

I think Apple, Microsoft, or Company X should be free to enter into whateve contractual arrangements that want to make with their customers with regard to data, so long as they aren't fraudulent or coercive.  As a matter of observable fact, many people seem perfectly willing to accede to these arrangements (myself among them), which gives rise to obvious inferences about reasonable expectations of privacy in that data.
IMO, this kind of thinking makes no sense.  Individuals have no negotiating power, and no realistic option to refuse to use all services that can potentially spy on them.  They also have a pretty limited ability to comprehend the 40-page legalistic snowjob that Apple calls EUA.  The main reason for government regulations protecting consumers is the fact that consumers have neither the power nor the expertise to make truly informed decisions in many areas.

Sheilbh

Quote from: The Minsky Moment on June 10, 2013, 05:24:04 PM
I think Apple, Microsoft, or Company X should be free to enter into whateve contractual arrangements that want to make with their customers with regard to data, so long as they aren't fraudulent or coercive.  As a matter of observable fact, many people seem perfectly willing to accede to these arrangements (myself among them), which gives rise to obvious inferences about reasonable expectations of privacy in that data.
Yep.
Let's bomb Russia!

citizen k


garbon

Quote from: DGuller on June 10, 2013, 05:39:49 PM
Quote from: The Minsky Moment on June 10, 2013, 05:24:04 PM
Quote from: Iormlund on June 10, 2013, 05:06:50 PM
That's the difference between you and me. You think it's fine for Apple to sell private data and hand it over to the government. I think the government should prevent Apple and from collecting and selling said data.

I think Apple, Microsoft, or Company X should be free to enter into whateve contractual arrangements that want to make with their customers with regard to data, so long as they aren't fraudulent or coercive.  As a matter of observable fact, many people seem perfectly willing to accede to these arrangements (myself among them), which gives rise to obvious inferences about reasonable expectations of privacy in that data.
IMO, this kind of thinking makes no sense.  Individuals have no negotiating power, and no realistic option to refuse to use all services that can potentially spy on them.  They also have a pretty limited ability to comprehend the 40-page legalistic snowjob that Apple calls EUA.  The main reason for government regulations protecting consumers is the fact that consumers have neither the power nor the expertise to make truly informed decisions in many areas.

:yes:
"I've never been quite sure what the point of a eunuch is, if truth be told. It seems to me they're only men with the useful bits cut off."
I drank because I wanted to drown my sorrows, but now the damned things have learned to swim.

The Minsky Moment

Quote from: DGuller on June 10, 2013, 05:39:49 PM
IMO, this kind of thinking makes no sense.  Individuals have no negotiating power, and no realistic option to refuse to use all services that can potentially spy on them.  They also have a pretty limited ability to comprehend the 40-page legalistic snowjob that Apple calls EUA.  The main reason for government regulations protecting consumers is the fact that consumers have neither the power nor the expertise to make truly informed decisions in many areas.

Privacy policies are good deal shorter than a typically full EULA.  Taking Apple's as an exemplar, it is concise and free of legalisms.  Such policies are written with an attempt to balance likely customer reaction with the value to the company of being able to collect the data, which can be quite substantial.  Geolocation in cell phones has been around for a long time now and I don't think it is exactly unknown to consumers.  If we are going to have the government enact comprehensive protective legislation in every single area where staggering ignorance might compromise an interest, the government is going to be very busy. 
The purpose of studying economics is not to acquire a set of ready-made answers to economic questions, but to learn how to avoid being deceived by economists.
--Joan Robinson

DGuller

Quote from: The Minsky Moment on June 10, 2013, 05:55:59 PM
Quote from: DGuller on June 10, 2013, 05:39:49 PM
IMO, this kind of thinking makes no sense.  Individuals have no negotiating power, and no realistic option to refuse to use all services that can potentially spy on them.  They also have a pretty limited ability to comprehend the 40-page legalistic snowjob that Apple calls EUA.  The main reason for government regulations protecting consumers is the fact that consumers have neither the power nor the expertise to make truly informed decisions in many areas.

Privacy policies are good deal shorter than a typically full EULA.  Taking Apple's as an exemplar, it is concise and free of legalisms.  Such policies are written with an attempt to balance likely customer reaction with the value to the company of being able to collect the data, which can be quite substantial.  Geolocation in cell phones has been around for a long time now and I don't think it is exactly unknown to consumers.  If we are going to have the government enact comprehensive protective legislation in every single area where staggering ignorance might compromise an interest, the government is going to be very busy.
You conveniently ignored the second part about the lack of power.  Technically, I have the option of living in a shack in the middle of the forest, and thus cut myself entirely off the grid.  Realistically, though, I'm going to have to submit myself to the spyware, whether I like it or not, unless the government steps in to protect me from what in practice amounts to coercion.

Iormlund

Quote from: The Minsky Moment on June 10, 2013, 05:24:04 PM
Quote from: Iormlund on June 10, 2013, 05:06:50 PM
That's the difference between you and me. You think it's fine for Apple to sell private data and hand it over to the government. I think the government should prevent Apple and from collecting and selling said data.

I think Apple, Microsoft, or Company X should be free to enter into whateve contractual arrangements that want to make with their customers with regard to data, so long as they aren't fraudulent or coercive.  As a matter of observable fact, many people seem perfectly willing to accede to these arrangements (myself among them), which gives rise to obvious inferences about reasonable expectations of privacy in that data.

I don't have a problem with that. Just don't let them bundle said "services" with the phone/OS. If you want to sign a separate contract that clearly and unambiguously states that they are buying from you the right to collect info on every single thing that you do while you hold their phone (and what that actually means) and then sell the information and pass it on to the several governments and their contractors, I'm fine with it.

The Minsky Moment

Quote from: DGuller on June 10, 2013, 06:00:20 PM
You conveniently ignored the second part about the lack of power.  Technically, I have the option of living in a shack in the middle of the forest, and thus cut myself entirely off the grid.  Realistically, though, I'm going to have to submit myself to the spyware, whether I like it or not, unless the government steps in to protect me from what in practice amounts to coercion.

That's ridiculous.
Collection of phone metadata has been an issue since Al Bell sent the first phone bill.  So yes, if you want to eliminate any risk of any data being collected, you will have to go off grid.  But if you are not a Mafioso or a certified nut job, this should not be a problem or concern.
Meanwhile - don't want your cell phone to track your location?  Turn off the damn phone or use a prepaid. 
There are lots of steps short of going full Kaczynski that one can take to reduce privacy exposure.  One can live quite well without carrying around a switched on, fully apped up smartphone or tablet 24/7.
Assuming one really cares to begin with.
The purpose of studying economics is not to acquire a set of ready-made answers to economic questions, but to learn how to avoid being deceived by economists.
--Joan Robinson