I'm not sure the cases are directly analogous, but there is a least a vague irony that various high officials in the security / surveillance agencies of our nation have had their private online accounts hacked (through social engineering), even as they insist that their agencies need easier legal access to the private data of US citizens.
… is when it discovers that it, too, is being surveilled.
After nearly 50 years of (perhaps naively, perhaps with an understanding that it would be naive to be) relying on assurances from the Prime Minister's office that Members of Parliament would not be monitored by internal security (GCHQ) — first with phone taps, later with other electronic surveillance — it's now been admitted that …
… well, no, they are subject to being treated as any other British citizen. Which is not, it seems, reassuring to them.
'No 10 welcomed the court ruling and denied that the Wilson doctrine had misled MPs by giving the impression that their phone and email exchanges were protected from the British security services when in reality they were not. It insisted that the intelligence services understood they could only use their powers to tap phones in a proportionate way, and there were safeguards in place.'
Ah, "proportionate" phone taps. With "safeguards." Can't imagine why that has some MPs' feathers ruffled.
Will this actually cause Parliament to try and rope in the surveillance apparat in the UK? Or simply to try and create a legislated escape clause for themselves? I know which way I'd bet.
The core principle here is that collection of data about people needs controls over it: who can do it, under what circumstances, for what reasons, who can then access the data, and how long the data is kept. That all makes sense to me.
"Thanks, Obama! [And Bush!]" A European Union court has decided that loosey-goosey NSA mass surveillance programs of data within the US, with the cooperation (or coercion) of large tech companies, means personal data of EU citizens on US servers is not adequately safeguarded — which means, under EU law, it cannot be stored there.
That's a huge problem potentially for major US firms like Amazon and Facebook and the like who have used the US/EU "safe harbor" agreement to store personal data wherever they want. But it's also a problem for companies like my former employer who relied upon safe harbor provisions to store company HR data centrally. Will they now (or soon) need to break out EU employee data into a separate instance, controlled under separate rules?
Actions have consequences. By demonstrating that data is not protected from mass scrutiny in the US, the US has demonstrated that countries that care about privacy should not have their data handled by US companies. And this goes beyond just where the data resides. The US government has argued, for example, that Microsoft should be compelled to turn over data that is residing on servers in Ireland because it is a US company. If they succeed in that argument, I can see the EU saying that private individual data cannot be turned over to US companies at all. Which won't do any of us any good.
If the Internet gets broken into separate fiefdoms, it would be ironic if it weren't because of rapacious Big Business but because of overreaching Big Governments.
I've traveled internationally enough that I should probably considered what I would do in these circumstances.
On the one hand, I'm pretty much a "I've got nothing to hide" guy. No, really, while there is probably stuff on my phone I'd just as soon not broadcast publicly (on general principle), there's nothing illegal there that I'm aware of.
On the other hand, that's a mook's excuse. The principle is freedom from unreasonable search and seizure. And it seems the current case law means they cannot compel passwords from people or search electronic gear without probable cause.
Depending on the circumstances, I might be willing to press that issue. Which might, in turn, be very naive of me, but I think it's an important constitutional matter to defend. If there is probable cause to get a warrant, fine. If it's just a matter of "We'd like to poke around your phone and the attached accounts to see what you've been up to" then … no, that's not fine.
While the FBI and their national security brethren insist that they need back doors built into all encryption systems to allow law enforcement to monitor any communications they want (because certainly nobody else would ever be able to exploit such back doors, right?), they've also figured out they can get around the problem by backtracking and infecting with spyware the computers of people whose communications they want to monitor.
And here's word that there are plans to coerce technology companies into abetting this. Downloading a security patch or update to your PC? Perfect opportunity to slip a little bit of monitoring malware, courtesy of cooperative tech companies.
Never mind that this means a lot of people might not now download security patches and the like. Never mind that will in turn perpetuate vulnerabilities to virus and identity theft and all that other good stuff. This is national security at stake!
(You would think the FBI would learn from the example of the CIA, who has tainted vaccination efforts in places like Pakistan and Afghanistan by inserting agents onto medical teams performing such projects, with the result that the doctors are now shunned, or shot at.)
This is why we can't have nice things (4,327 in a Series).
Is anyone surprised that the Chinese want as much back-door access to systems and data and cryptographic systems as, say, the NSA and US intelligence agencies do?
And aside from "Well, we're the good guys and they're the bad guys," how can you argue with that? Especially given the size of China's economy for those Internet businesses?
Dear national intelligence agency chiefs: you aren't helping your cause with statements like this.
'CIA Director John Brennan suggested that negative public opinion and "misunderstanding" about the US intelligence community is in part "because of people who are trying to undermine" the mission of the NSA, CIA, FBI and other agencies. These people "may be fueled by our adversaries," he said.'
Yes, the old "criticize us and you're just doing the work (either intentionally or as a dupe) of Sinister Enemies" approach. I thought that went out with the McCarthy Era, but some people have short memories, I guess.
If it is difficult to have calm, adult discussions and decision-making about electronic surveillance (domestic and foreign), it is not mostly because of ISIL-leaning fellow-travelers or folk in the employ of narco-terrorists. It is largely because, post-9/11 (14 years ago today, fergoshsakes), intelligence "homeland security" agencies took all the power they had been clamoring for over the previous decade, went beyond the wide-ranging scope handed them by Congress and the President, lied to the public and to courts about what they were doing, did everything they could to keep it all a deep, dark, ever-expanding secret — and then got outed by folk like Wikileaks and Edward Snowden.
And now they wonder why they aren't trusted.
They aren't trusted because they have both hidden the truth and lied — and done so not to keep the Bad Guys from knowing what they could do (hint: the Bad Guys, the ones organized enough to actually be a threat, already assume such capabilities), but to keep the US citizenry from knowing how their own privacy was being compromised. They have never demonstrated any significant accomplishments from such programs, even as they sucked up billions of dollars and petabytes of data. And they have waved off or denounced the potential dangers of such programs through statements like Director Brennan's.
They say "trust us," when we know historically the dangers of wide-ranging spy powers. And they say "trust us" while giving us no reason to do so, and every reason to think they will not tell us the truth if they find it inconvenient to do so.
'"I have something on my mind that affects all the work we do as an intelligence community," [FBI Director James] Comey said in his opening remarks. "I think that citizens should be skeptical of government power. But I fear it's bled over to cynicism. It is something that is getting in the way of reasoned discussion, and I'm very concerned about how to change that trend of cynicism." He sees that cynicism directed toward everyone from law enforcement officers on the beat to the intelligence community at large.
In particular, Comey said, he feels that his push for some way to gain backdoor access to encryption was "met with venom and deep cynicism." "How do we get to a healthier place in talking about authority?" he asked.'
By demonstrating that authority — especially authority in a democracy — can be trusted, can act with maximum and not minimum transparency, and that the obvious risks to things like "secret" backdoors to encryption systems outweigh the non-documented advantages.
Don't get me wrong: I understand the need to know about potential actions by acknowledged threats, foreign and domestic, to the nation, and about being able to ferret out as-yet-unrecognized threats as well. Abolishing the NSA, or the CIA, or the FBI, is not the answer.
But neither is letting them do whatever they desire in gathering data about everyone on the globe. Even if every single person on that stage is acting today out of the purest and finest of intentions, we know — from the history of other nations, and the history of our own — how unfettered intelligence gathering can be abused by abusive people, can leak to the wrong places, can be used for purposes very different than what are being proposed when the data is first gathered. Those are the givens of any discussion about cyber-spying programs, and until those are addressed in an open and transparent fashion, we won't be able to approach that "healthier place."
Apparently it's not enough, under the EU's "Right to Be Forgotten" directive that Google has to remove/block search links to information about an individual that is deemed no longer "accurate" or "relevant" (an overturned conviction meaning that Fred Smith can ask to have "Fred Smith ate live kittens" stories rendered invisible) — now a UK has ruled that Google has to also remove/block search links to material that talks about such redactions by the person's name ("Fred Smith successfully appealed to have Google remove links referring to his eating live kittens in 2001"). Though, graciously, it has granted that the stories themselves may be of "relevant" interest; they just are not to be found by searching for the name ("Fred Smith").
This kind of search censorship and further micromanagement to censor the censorship will not end well, one way or another.
Jeb! Bush thinks the NSA needs more power to spy on the average American, because _he_ hasn't found any evidence of civil liberty violations, so clearly we should extend powers until we do.
But, more importantly, without giving the NSA more power and eliminating public access to strong cryptography, "It makes it harder for the American government to do its job while protecting civil liberties to make sure evildoers aren't in our midst."
Dear, Jeb!, I hate to tell you, but evildoers are always in our midst. Sometimes they look like evil Muslim assassins or greasy Italian gangsters. Sometimes they look like business suited white guys. Sometimes they even look like whatever it is that NSA agents look like.
Assuming all of those people are "evildoers," and all of we people are good and kind and beneficent seems … shortsighted. Assuming that if we just make police and security forces more and more powerful then they will be able get rid of all "evildoers in our midst" is naive to the point of being disingenuous.
When it's presented as a rule to tell people they can't do stuff, but, when pressed in court, the Justice Dept. says it's merely a guideline so the court shouldn't make any rulings about it.
' The Justice Department lawyers asked U.S. District Judge Yvonne Gonzalez Rogers in Oakland to throw out the APA challenge, saying the rules set forth in the DAG letter about what companies can disclose aren’t actually rules. They’re guidelines, said DOJ attorney Steven Bressler. He used an example of a portrait covered by a curtain and said that the DAG letter, far from being rules for Twitter, was merely a description of how the government had drawn the ''curtain back in part'' on otherwise classified information to let companies describe national security-related requests. But, he claimed, the DAG letter didn’t necessarily reflect the full amount of information that the law allowed to be revealed.
Gonzalez Rogers took issue with Bressler’s characterization, saying the DAG letter to tech companies established not mere guidelines, but a "protocol" defining ''specifically what they could do and how they could do it," indicating that to her, they sound quite a lot like rules. Bressler then said the DAG letter set forth a ''safe harbor,'' but that compliance with that letter wasn’t necessarily the only way one could comply with the law. ''Isn’t that exactly what it’s been used for now?" Gonzalez Rogers asked. Twitter sought to disclose information, ''and the response was—you cannot. See the DAG letter,'' Gonzalez Rogers said.'
Not Kafkaesque at all, nosirree.
When Is a Justice Department Rule Not a Rule? Report From Twitter’s Transparency Fight
When is a government rule not a rule? Making that question difficult, when it should be simple, seems to be the government’s leading strategy in a hearing this week in Twitter Inc.’s lawsuit challenging the government’s squelching of its transparency report. Twitter wants to provide a closer look at how often federal agents are demanding private user data for surveillance, and part of its suit fights back against the government’s rules on what it…
A federal appellate court has ruled that the NSA's interpretation of the PATRIOT Act §215 is incorrect, and it can't vacuum up the metadatda for every phone call in the US willy-nilly.
Now, I have little doubt that if the NSA goes back to Congress and asks them, when PATRIOT is up for renewal next month, to clarify that this is in their mandate, Congress will eventually roll over for them. But let's at least have that public discussion.
The modern presumption that, where individual citizens are sovereign, the workings of government, including its paperwork, are to be transparently available to everyone is just that — quite modern. And it's still not settled, as records debates over the last half-century (the latest being Hilary Clinton's State emails) demonstrates.
When Do Official Documents Belong to the Public?
Hillary Clinton is hardly the first government officer to try to keep her correspondence private. The fight over her emails echoes battles that stretch back to the inception of government archives.
Law enforcement has always had a love-hate relationship with security and encryption. It's encouraged folk to protect themselves against cyber-threats because of the risks they pose to safety, the economy, intellectual property, and privacy … but they get really hinkey when those measures keep them away from your data.
Proposing a back door to technology that only federal law enforcement can use is a laughable proposition. Knowing the back door is there means that everyone else, from commercial hackers to government-sponsored ones, will be trying to break it. And, inevitably, they will.
Since Rep. Carter (the congresscritter who is in charge of the subcommittee who funds cybersecurity efforts) avows he doesn't "know about this stuff," let me give a simple metaphor. If the FBI said, "You should keep your house securely locked, but we want to have a master key that lets us in if we need to, but don't worry, not only do we promise we'll only ever use it if it's legal and necessary, but we'll hide that key really well somewhere on your property where nobody but us will ever find it and use it to get into your house, we promise" … what would be your reaction to such a proposal?
Reading through the story, it seems like someone in some FAA office has an overly-expansive view of what constitutes "commercial" use of drone videos. Not that these regs have actually been tested in court, even assuming they apply here.
At the risk of embarrassing +Kay Hill, I thought her freshman essay (by way of website) on knowledge, freedom, and tyranny, by way of Little Brother and 1984, was pretty darned cool.
As a member of the Senate Intelligence Committee, Udall (D-CO) has been one of the loudest advocates for years on releasing information about intelligence agency abuses, both in this context and regarding surveillance activities, lambasting both the Bush and Obama administrations for their actions. He continued that today, discussing how the Senate report released yesterday is supported by an internal CIA review (still classified), and providing additional details.
Unfortunately, Udall won't be around next session to continue this good work, even in the minority. He was defeated for reelection by (sigh) Cory Gardner, who suggested during the election that discussion of releasing the Senate report was just an attempt to "politicize" it.
Microsoft has it completely right here. If the US feels it can extend its legal jurisdiction over stuff in foreign countries, it better expect to have foreign countries extend their legal jurisdiction over stuff int he United States. Or, of course, admit to a double standard and expect the world to go along with it.
None of those seem like particularly viable or pleasant scenarios.