Hacker News new | past | comments | ask | show | jobs | submit login
Google Says the FBI Is Secretly Spying on Some of Its Customers (wired.com)
239 points by wyclif on March 5, 2013 | hide | past | favorite | 101 comments



The scary part about surveillance is that we built it, the government didn't.

Instead of the government mandating some Orwellian telescreen that nefariously records everything you write, or a national registry that lists who your friends are, where you went to school, and where you log in from, we built schemes that would record everything anyway for other purposes, like facebook and gmail, and then handed the keys over. Evgeny Morozov pointed this out when he mentioned that the KGB used to torture people for this information. But we've voluntarily built and submitted to it!

I don't dispute the need for surveillance, so what can be done? The best I can think of is a throwback to Bill Gates' emphasis on measurement. Transparency is important precisely because if you can't observe something, you don't have any clue what it is.

I know this sounds too political, but the very systems we're worried about are ones that several people who frequent this place helped build, for different purposes. There's no way to know exactly how something you build will be used, but there is a way to monitor it, and that requires transparency almost by definition.


This is worth watching if you're thinking about these issues:

Blackhat 2010 - Changing Threats to Privacy

Moxie Marlinspike

https://www.youtube.com/watch?v=-JKqJ7gt5yk

It's a very interesting analysis of opt-in surveillance. I think he makes a credible argument that many of these technologies are being at least partially prompted or shaped by state interests.


It is also worth pointing out that there is active harassment of people like Moxie, Jacob Appelbaum, wikileaks founder is in some embassy hiding, Aaron is gone. It goes from interrogations on border crossings, confiscation of electronic devices, drummed up charges (didn't DoJ admit Aaron was hounded down mostly because of his political views?).

There is a price paid. Yes I know, those who live(ed) in totalitarian regimes might laugh -- "what is confiscation of a cell phone compared to the disappearance of my family?" On an absolute scale yes, true, but if you look at it from another way we are already comparing this country to brutal totalitarian regimes, that says something too perhaps.


Yes. Don't forget the TPB/torrent tracker programmer anakata's warrantless international extradition followed by multi-month solitary confinment by his own government which is considered "democratic" and is part of northern Europe, nominally a bastion of human rights... a few years ago, before Sweden's right-wing swing.

I have met some (actually most) of the above mentioned people, so government harassment of these individuals sits very poorly with me.

I write this from China, where I carry no cell phone ... mostly because, quite luckily, I can function in society without one.


Sweden = feminism =/= human rights.


> didn't DoJ admit Aaron was hounded down mostly because of his political views?

No, they admitted that Aaron's manifesto about breaking the law as a moral imperative to support open access to scientific journals was used to support the DoJ's claims that he intended to distribute the millions of scientific journals that he downloaded from JSTOR.

Until the police finally arrested him no one even knew that the network intruder even was Aaron Swartz.


This is interesting, is there any reading you know of where one could learn more about what he speaks about in the beginning - the cypherpunks vs the government. Something of a history?


I really don't know of anything comprehensive. Cypherpunks was actually a mailing list, and I believe you can download full archives of it. One of the big part's he's referring to is Phil Zimmerman creating PGP, and I'd bet you can find some history about its legal troubles. Stories about RSA code on a t-shirt to protest the export bans would be another notable cypherpunk moment that got press. The EFF breaking DES with deepcrack in the 90's was also a cypherpunk project.

There may well be a comprehensive history of the movement out there, but I haven't heard of one. He might know of a good one, he's @moxie


Don't forget the beautiful, shiny tracking devices most of us pay a lot of money to carry around.


Indeed.

One thing to remember is that Joe public mostly cares that their 'privacy' isn't casually browsable by people-at-large and that such information isn't broadcast. (ex. public records vs the furore about releasing gun ownership in some town in NY state)

People know that credit card companies can know their purchasing history. People know that phone companies know who they call and who calls them (how would they bill them, otherwise). People know health providers have their medical data.

They trust that the data will be used 'somewhat judiciously'. Most will not care that bored nurses or interns browse their health records for whatever reason (it could be legitimate for research, etc.) What people care about is that data about them isn't released such that it could damage them (don't let it be known to friends they pay for sex, don't let it be known I don't need the Rx I have, etc). That's what they care about. They also bet that for the most part they are going to be uninteresting to a gov't or private organization who have data about them, so they are willing to forgo strict privacy for the occasional govt'l snoop, or company insider who peruses information then they are bored (hey, guy who works at PacTelesys, can you get me the unlisted number for my ex)? but on the other hand might be an aid to policing tax cheats, felons, etc.


I have no idea of the answer to this question but I'd like to hear from you folks: Given that these lovely shiny devices aren't going away (phew!), is there a technological fix to being tracked?

I mean, signals need to reach the phone so the location of the phone needs to be known. What is out there that could allow us to use this awesome technology without essentially handing our every waking movement to a 3rd party who can be easily forced to hand the data over?


As far as I can see, nothing. You need to authenticate to the cell networks to receive phone calls, and when you do that they get your location. Even if they don't know whose phone it is, it's not very hard to figure out based on where they go.

I simply don't carry a cell phone. I've found it does not impact my life as much as you would expect. I simply make plans ahead of time.


Can we at least build a device that tunnels everything we do on the device to one or more servers under our control in other jurisdictions via SSL so that the only information that can be gathered from a device is GPS location data and nothing else?


Yes, that's already possible as long as you trust the operating system. But it seems like people are really concerned about the GPS location data.


We pay for the on-the-go data and voice connectivity, not for the tracking.


Trust me you are paying for tracking too. You might not want to pay for tracking but you are paying for it.


Right, and taxes are the government robbing my family at gunpoint. I remember now. Reddit is having their orange-and-grey color scheme day today and I thought I was reading HN. Sorry.


> Right, and taxes are the government robbing my family at gunpoint.

To be fair, they will come after you with guns if you stop paying taxes.


Your government might. Mine will be grumpy, but is largely gun free. New Zealand.


No phone tracking technology was donated by William and Melinda Gates Foundation and other charitable funds and trusts, you as a consumer totally did not pay for it.


If you are tracked by a system which sustains itself on the money you pay into that system, you are paying to be tracked.


One solution would be to stop building these systems inside the United States, the same way as you would never think of building a social network in China.


Couldn't the government then obtain the information without any judicial oversight? A foreign country is only safe if the software is 100% secure and the employees can't be bribed with government-level resources.

(Look at what the Chinese government did when they wanted information from the New York Times. No judge approved that disclosure...)


They can, and they do. It's not a violation of the Fourth Amendment if a private company hands over (or sells) data to the government.


The international barrier is a large extra hurdle to cross.


Well is it? Isn't that how NSA for years has bypassed the "spying on US citizens" law and just went spying on everyone else in Europe and the rest of the world. Presumably any other country could in theory spy on US citizens without any legal obstacles in its way. Then any two countries could just exchange black lists of people who are considered suspicious. Or say outsource all this to a large corporation. US govt maybe can't spy but not sure if Verizon or L3 can't.


Depends on who is crossing the barrier. If it's the NSA and other similar foreign agencies, it's fairly easy due to ECHELON.

http://en.wikipedia.org/wiki/ECHELON


If you look at the requests from other governments from other countries, they are in the same order of magnitude, on a per capita basis, except japan, but that's normal since Goog services are not popular in JP. So, 'moving' things elsewhere isn't much of a solution, it would seem.

Also, people do build social networks in China --they have to as most SN from outside China are not predictably available without proxies, etc.


The solution is open source with cryptographic protection. Like Diaspora, but for everything currently done by Gmail and Facebook.


The big issue is usability/convenience. Gmail and Facebook are just so much more comfortable to use than open source alternatives. In my opinion the whole open source movement is way too much focused on features and not on easy functionality. Otherwise PGP emails would have become a universally adopted standard.

Unfortunately my only hope is on services such as Mega and their ambition to venture out in something such as becoming a paid email provider. Maybe they are able to combine privacy and convenience in an appropriate way.


  | In my opinion the whole open source movement is
  | way too much focused on features and not on
  | easy functionality.
Even if there was an open-source version of Gmail, it would still mostly be a centralized solution. Even if there were millions of email providers running this OSS Gmail, the government would just knock on their door, point to (e.g.) the PATRIOT Act, and surveillance would begin. All it would do is remove the idea of "one stop shopping," but the government would still get access. It would just be slightly more work.

  | Otherwise PGP emails would have become
  | a universally adopted standard.
That's a poor example, because security software is the one place where you do want attention to technical detail over user interface. If the UI to PGP was good, but any script kiddie could break the encryption, then what would be the point?


I think it's more like, look at openssl, the crypto Swiss army knife. How is a regular person going to use that?

But if someone did just asymmetrical key encryption with one algorithm and then spent time engineering it so that a normal person could use it without taking Dan Boneh's Coursera class, there might be more people using PGP.


| Even if there were millions of email providers running this OSS Gmail, the government would just knock on their door, point to (e.g.) the PATRIOT Act, and surveillance would begin.

Having some servers abroad would make that much more complicated.


Open source does not do anything about surveillance of specific individuals the government is interested in. If they can't ask Google for your data, they'll come into your house (or datacenter) and read it off your hard drive.


I think part of the point is that if it was in your house it would be more difficult, and require more steps for the government. You've got:

1. Government can just go to one of 3 top email providers (Yahoo / Google / Hotmail) to get access to surveil most people.

2. Government can do surveillance, but must deal with hundreds or thousands of email providers.

3. Government must get a warrant (or at least have someone physically infiltrate your house) to start surveillance on you.

The point here is ramping up the cost / difficulty, so that the government adopts a more conservative approach to using these tools.


1,000 physical searches is not exactly unreasonable for the federal government, given that it's responsible for more than 300 million citizens. The New York Police Department in one year alone served almost 3,000 warrants to actually invade people's homes and search for narcotics. And that was 1997[1].

I would also point out that GMail has more than 400 million users. Investigation of 2,000 of them does not constitute mass surveillance or evidence that it's too easy to get people's data. Is it really outrageous for 0.0006% of the population to be persons of legitimate interest in investigations?

[1]http://www.nytimes.com/1998/05/26/nyregion/raids-and-complai...


There are technical solutions to this [1]. They just run counter to Google's business model. Why do you think they have not rolled out integrated PGP support, even in Labs?

[1] http://en.wikipedia.org/wiki/Deniable_encryption


Order your residential ISP to set up port mirroring, receive all your encrypted email, then go into your house and plant a keystroke logger to get the key. Or just put you in jail until you provide it. Good luck convincing a judge that you download random noise from your IMAP server for fun.

PGP could make it very difficult to surveil the whole population, but that's not what's going on here. There's not really a way to stop a sovereign government from getting data on individuals of interest.


> "but that's not what's going on here."

Not with the NSLs, no. But when you consider the not-so-secret rooms at all the ISPs: that is what's going on there.


How could gmail support PGP? The whole point of PGP is that the infrastructure can't read your mail. Even of Gmail wanted to, they couldn't, except maybe in the android/iphone app. But even then, you would be insane to trust them to do it right, even if they tried.


That is exactly my point.


Your point doesn't really make sense, though. As is often brought up in this discussion: see the example of Hushmail[1]. If you don't provide your own encryption mechanism, you cannot trust it, which is what Evbn is saying, I think. That's why it makes no sense as a Lab offering (and I'm not sure which is the worst option: encrypting the email in a browser via javascript or encrypting it after it's on the mail server and out of your control).

And of course you can use PGP with almost any email system right now. Just download thunderbird and enigmail (or whatever is the good one these days) and use gmail through IMAP.

[1] http://en.wikipedia.org/wiki/Hushmail#Compromises_to_email_p...


Not without a warrant, which is presumably useless against good encryption. Moreover, the dominant view is that a judge can't compel you to disclose the encryption key unless the authorities have already seen what was encrypted.


They can get a warrant to pick your lock and install a keystroke logger, or bust in while you're using your computer, forcibly separate you from it, and download the encryption key from memory.


Right, I'm not arguing that. My point is that it's considerably more difficult for them to go this route; they need to convince a judge to affix his signature (and his credibility) to a warrant by demonstrating the existence of probable cause.


> I don't dispute the need for surveillance

Then _you've_ already conceded the argument.

There is absolutely no need for surveillance.


How else are we supposed to catch politicians making crooked deals to screw over the taxpayer then?


I'll say it: only an idiot makes all his searches when logged in. Google is trying to brainwash and trick people to do everything logged on so they make more money from ads (it's never enough!) but you're making it easier for the FBI, local police and maybe divorce lawyer to get every search you make, every e-mail you sent, every location you were, every site you visited (G analytics, Facebook buttons, G+ buttons, Adsense) every video you watched in an easy to read format.

Google and Facebook aren't on your side, they do this disclosure because such requests threaten their busine$$ model. If they were on your side they wouldn't keep such detailed records.


Only an idiot thinks being logged in has anything to do with whether or not they log your data? ;)


And how much do you trust google/facebook? Because it would be trivial for them to link your logged-out behaviour to your account if they wanted to (via cookies and other means). Using a separate browser might help, buy isn't s guarantee.

I'm not trying to be paranoid here, just pointing out that there is a lot of information which we make available to Google. If they wanted to be evil, it would be.very easy.

I don't think it would tale much more to link this to your credit card either (eg via amazon/PayPal) by which time all your activotes ate there to see.

Again, not being paranoid, just pointing out we live in an info-rich environment. Your only way to avoid it is to go totally over yhe top in avoiding leaving any trace which most of us are not prepared to do.


Why don't we stop working on petitions to the whitehouse to let us have more fun with our cellphones and start putting more effort into holding our politicians accountable for things like:

1) letting massive bank fraud slide at the expense of the taxpayer

2) murdering innocent civilians through massive amounts of drone strikes

3) allowing indefinite detention of American citizens

4) spying on all of us via internet and soon to come drones

5) all of the other countless civil liberty and constitutional violations happening

We're the people who affect the most change in our country right now, but we often focus more on the easy issues that benefit us directly and immediately while glossing over the ones that slowly eat away at the principles our country was founded upon.

edit: wanted to continue this rant a little more... I far more often hear stuff like "OMG, I can't believe Instagram changed their user policy and now they technically have a right to use a photo I uploaded in an ad for their company! This is ludicrous and they should be ashamed!" than I do ones akin to "I can't believe the government murdered an teenage American citizen without trial or due process because they believed he might be connected to terrorism." It's a bit sad, this echo chamber we live in.


Why? Because our moral and political culture, as a society, is in the shitter. It's probably too late.


When was the moral and political culture not in the shitter?

edit:

And when was it not "too late"?


Before the destruction of the Enlightenment by philosophers like Immanuel Kant.


When I read the 'science of man' and/or 'natural rights' accounts of political society and morality, I am struck my how astute Kant's critique was--that what we call conventional morality can't be found in anthropological conjecture.

But outside of the question of morality, his accounts of political society rest heavily on Enlightenment doctrine--it's basically a tale of the passions. That was the Enlightenment, not so much the rehashed civic humanism/republicanism playing itself out on the streets of Paris. And as for his infamous maxim "Argue as much as you like, but obey" and his specific engagement with questions about what the Enlightenment meant, I would say this is pretty much the mainstream of Enlightenment thought. Sure, sovereignty might lay with the nation, but to emphasize the will of the nation, rather than its legitimate representation, is something fairly unique to Rousseau and the hard-core of the Jacobins.

I know there is a body of scholarship that pins the end of the Enlightenment to Kant, but I'm not familiar with it. Could I have the elevator version?

Edit: Perhaps I've overstepped the mark here. I'd be interested in any recommendations that link Enlightenment to a positive discussion of virtue--ie. not a discussion of Enlightenment and 'why virtue is no longer required [compared to the classical republican polities]'.


So, the original question was "Why is society and culture in the shitter," and my answer was "Kant and his philosophical henchmen." I think the Enlightenment was going in the right direction, but there was a lot of not-so-great stuff there, too. So the Enlightenment is kind of secondary to the point I'm trying to make.

Basically, there were two high points in Western society: ancient Greece, and the Renaissance/Enlightenment* era. Right now, we're not on a high point, and the slope is negative. That's because of the philosophers like Kant that came towards the end of the Renaissance/Enlightenment era.

You are actually focusing on the politics of the Enlightenment, but I'm more concerned with how Kant eventually underminded culture by corrupting things on more fundamental levels. Specifically, the metaphysical level (especially the metaphysics of man) and the epistemological level (especially the functioning of man's mind).

I'm an Objectivist (i.e., I agree with Ayn Rand's philosophy). I know this isn't a popular stance, but extremely few people who criticize it (or even who profess it in the popular media) actually know what it entails, and world-changing ideas are usually universally ridiculed at first, so I hope you'll take me seriously, despite the unpopularity of the ideas I agree with.

So the elevator version is: Ayn Rand is a direct and complete rebuttal to Kant (though not written directly in that manner). You'll have to read her extensively to get the actual rebuttal. As far as supporting the claim that Kant ended the best period in Western history, Rand states this kind of thing, but doesn't try to prove it. Later people (specifically, Leonard Peikoff) have taken up that challenge.

Among other things, Rand holds that man can perceive reality and (ultimately) gain knowledge about it, starting via sense perception. Kant held that sense perception itself acts as a filter that makes true knowledge of reality entirely impossible, basically rendering man's mind impotent.

Rand also has a unique theory of concept-formation, which is critical to establishing a solid epistemology.

Finally, Rand's ethical theory is based on the idea that the is-ought gap can actually be bridged; what is good is what is good for a man. This eventually leads to an actual justification for needing to impose individual rights (in the classic, Founding Fathers sense).

Kant was completely against all the above, and actually made the rise of Nazism, Marxism, postmodernism, and modern egalitarianism possible. In fact, I just though of this, but it's probably right to say that modern "humanistic" political thought is basically a reaction to fascism, but (unfortunately) still within the underlying paradigm Kant made possible.

For example, you need to believe that man has no access to true reality, to believe in dialectical materialism. Same thing to believe in the kind of Nazi racism and nationalism that was rooted in the ideas of the "German subconsciousness".

To elaborate on that: For Kant, the "reality" we experience was created by people's minds. So the German reality (or even the "proletarian" reality) is fundamentally different and incompatible with other "realities," and the only "proof" you need to assert that it is superior is bald assertion that it is so. I do think I'm essentializing a bit here; for example, other people after Kant took his more fundamental ideas to their logical conclusions in ways that may actually contradict other things Kant wrote, and other philosophers helped pave the way for Kant himself.

Anyway, this is just my best (condensed) understanding. I hope to whet your appetite, but don't take me as a representative of other people's ideas.

* And the high point of that era was the founding of the United States, which was the first country to be founded on the idea of the individual as sovereign.


As a former Randroid, you have my sympathy and my sincere hope that you too can recover.


What's your specific criticism of Objectivism? I'm genuinely curious.


Just to start with the low-hanging fruit, Rand contradicts herself by not being an anarcho-capitalist: http://www.isil.org/ayn-rand/childs-open-letter.html

Rand might respond by saying anarcho-capitalism doesn't make sense, which it doesn't, but if it's the inevitable consequence of the rest of your philosophy then you must have made mistakes further up as well. As Rand herself said, "check your premises". Specifically, I think the unworkability of anarcho-capitalism scuppers the non-aggression principle entirely.

Rand's (and your) reading of Kant is significantly flawed. From a historical perspective I don't blame Rand for this, as it seems she may have learned this misreading of Kant from her time in Soviet-era Petrograd State University. Admittedly, this is not a criticism of Rand's philosophy but rather her understanding of the history of philosophy, but it speaks to how misaimed your statements are.


Anarcho-capitalism is not the consequence of the rest of Objectivism, so that's the specific flaw in your reasoning. (Sorry to be blunt here, it's just easier.)

The letter you linked to is erroneous because, contra what it says, forming a "competing government" is an initiation of force. It is retaliatary force for the actual government to act to stop a "competing government."

(The next two paragraphs are kind of a tangent, the actual philosophical response to your mistake is after that.)

I don't think this is an interesting issue, though. Rand's philosophy is hierarchical: metaphysics, then epistemology, then morality, then politics. Derivative issues in politics are largely "implementation defined." For example, I don't think you can have a government without any taxes at all in today's world, whereas Rand thought no taxes would be the ideal thing to aim for. That issue doesn't have any bearing on whether Objectivism is correct or not.

As another example, I also don't care about who builds the roads, and stuff like that. If we had non-governmental roads from the start, we'd probably all live in private cities, and the world would be vastly different, but we're stuck with what we have, so who cares?

Let me change direction and go to a likely source of your error. Let me give an example. Honesty is an Objectivist virtue, so some people think you have to be honest all the time. That's not true: There is a certain context in which honesty is applicable. You don't have to be honest to a robber asking where your kids are. Likewise, non-initiation of force only applies under a system of laws and government. It's a political principle. It would not apply to people stranded on a desert island. It does not apply to a state of nature. It doesn't apply to people seeking to initially form a government. It also doesn't apply when the government is bad, past a certain "implementation defined" point (i.e., Objectivism doesn't have a specific principle for where that line is - it's too situational).

So, it's an error of context to say that the non-aggression is some universal moral rule that implies that we all have to have anarcho-capitalism. It's not a moral rule, it's a political rule. It's part of the next level up.

This is true in the same way (more or less) that honesty is not a universal moral rule. Understanding the context for honesty requires understanding the actual more fundamental principle it derives from, which is to always act in a way that serves your own life and happiness. (Which, itself, even has a context that depends on hierarchically previous ideas - Rand was not against suicide in the case of losing a precious loved one, for example, if you can't conceive of living happily without that person.)

> Rand's (and your) reading of Kant is significantly flawed.

I don't claim that I can provide evidence for the things I say about Kant, because that evidence presupposes agreement on fundamentals of Objectivism, and that's not something I can provide evidence for either, other than pointing to reality and suggesting someone undertake a multi-year study of the Objectivist literature. So, the stuff about Kant is just intended as a "sampler," something to get someone thinking and maybe intrigued.

Putting the Kant stuff aside, I'd be genuinely interested to see what your reaction (again) to what I've said.

(Two more tangential paragraphs follow.)

By the way, normal people do not have the epistemological background to _not_ make errors that have to do with disassociating abstractions (concepts, principles) from the concretes they refer to. Ayn Rand calls that "rationalism," and I think that's the category in which your mistake falls. Many normal people (especially those drawn to programming) habitually think this way. That's how I was for most of my life, and the only thing that kept drawing me back to Objectivism was honestly realizing that nothing else made sense, and knowing that there was more background to Objectivism that I still lacked.

Most people who aren't rationalistic people just don't trust abstractions _at all_. For example, pragmatists who say that there are no rules, or people who say that no knowledge is really trustworthy. This is throwing the baby out with the bathwater.


> forming a "competing government" is an initiation of force

How?

> I don't think this is an interesting issue, though. Rand's philosophy is hierarchical: metaphysics, then epistemology, then morality, then politics. Derivative issues in politics are largely "implementation defined." For example, I don't think you can have a government without any taxes at all in today's world, whereas Rand thought no taxes would be the ideal thing to aim for. That issue doesn't have any bearing on whether Objectivism is correct or not.

Surely one derives from the other, and contradictory conclusions at one level should indicate flaws at a higher level. "Check your premises."

> So, it's an error of context to say that the non-aggression is some universal moral rule that implies that we all have to have anarcho-capitalism. It's not a moral rule, it's a political rule. It's part of the next level up.

Then surely this defines Objectivist politics down towards nothing at all, since it can be violated at the point where it's necessary for a government to maintain monopoly over the use of force, and it can be violated before there's a government, and so forth.

If you want to abandon Objectivist politics entirely you may, but the main selling point of Rand is her ability to derive "privately owned roads" from "the validity of the senses" (qua "concepts in a hat": http://mol.redbarn.org/objectivism/ConceptsInAHat/)

> I don't claim that I can provide evidence for the things I say about Kant, because that evidence presupposes agreement on fundamentals of Objectivism, and that's not something I can provide evidence for either, other than pointing to reality and suggesting someone undertake a multi-year study of the Objectivist literature. So, the stuff about Kant is just intended as a "sampler," something to get someone thinking and maybe intrigued.

The stuff about Kant is, to give largely the same handwavy explanation, utterly wrong as well. Rand may have built up Kant as a kind of straw man, but this isn't an honest or realistic reading of Kant. Rand's misreading of Kant is an honest mistake and a historical accident, not a useful introduction to Objectivism.

> normal people do not have the epistemological background to _not_ make errors that have to do with disassociating abstractions (concepts, principles) from the concretes they refer to. Ayn Rand calls that "rationalism," and I think that's the category in which your mistake falls

I think it's Rand who makes this error by making measurement omission so central to her epistemology.

> the only thing that kept drawing me back to Objectivism was honestly realizing that nothing else made sense

It's interesting that you have this psychological need for everything to make sense to you within a comprehensive system. This is the biggest and most problematic appeal of ideologues and systematists in philosophy, whether Rand or Hegel.


The sky is always falling, and we're always digging deeper holes to prevent ourselves from being crushed.


Would you rather reactivate those mothballed B52's and have collateral damage on a wider scale.


Is Google allowed to disclose the number of FISA requests it gets? I was under the impression NSLs were being used much less since the PATRIOT Improvement and Reauthorization Act (2005) weakened them, and were largely replaced by obtaining secret warrants from the FISA court.

FISA is scarier. Under that law, secret surveillance can begin before a warrant is issued, warrants are issued by judges who keep no records of their opinions made in complete secret, and the surveillance can continue even during a challenge over and appeals of that warrant. When the EFF made a FOIA request for information about the FISA court, it got an ominous response: a letter saying there were documents they'd never see, zero court records, and a completely redacted version of an investigation into FISA's constitutionality. By completely redacted, I mean they returned pages where every word on every line was blanked.

The only difference is that a FISA warrant has to be connected to a foreign person or body in some way. That can be as little as "we think by wiretapping this American, we'll learn something about this organization in another country". For those not living in the US, it means Google/Facebook/Microsoft/etc. can be compelled to surveil your communication through their service secretly without an NSL.


If you're a foreign national on foreign soil with data in us data centers held by us companies I don't believe it's common practice for these companies to require a warrant, fisa or otherwise, to share information with national services.

Consider the case of the NSA warrantless wiretaps. The telcos were voluntarily providing bulk access, there was only a legal issue because US citizens on were involved.


Didn't they get around that by deciding that copying the data and storing isn't considered "search", only when a person accesses and looks it when the Constitution starts to get in they of "business".

I would pretty much guess that is the purpose of the data storage center NSA is building in Utah -- to just archive everything sent anywhere.

It would also seem that when a warrant is obtained it is obtained for historical data and there is no window. So if you commit some act that is deemed dangerous enough to issue an warrant to search your history -- theoretically all your history since birth could be searched. Everything you ever did online that was recorded becomes game.


Yes.

http://googlepublicpolicy.blogspot.com/2013/03/transparency-...

> Starting today, we’re now including data about NSLs in our Transparency Report. We’re thankful to U.S. government officials for working with us to provide greater insight into the use of NSLs.


Where does that say anything about FISA warrants?


None of this is a surprise. Google does business in the USA, and is forced to follow US law. Which it does. Despite the USA not being nearly the country that I wish it was on these matters, on the whole the USA is not horrible either.

See http://communications-media.lawyers.com/privacy-law/Your-Ema... for a glance at what is and isn't protected here. See this article for an idea of how tiny the affected numbers are in the USA.

What is far more troubling is that Google also has to follow the law in other countries that it does business in. Many of those countries have different laws and corruption levels than the USA. While Google did choose to stand up to China, they don't in many, many other countries.

In fact I am personally aware of an HN user outside of the USA who was physically tracked down through information coughed up by Google in response to bogus legal requests. (I will not confirm or deny any information about this case beyond what I just said, so don't bother asking.) My non-US social circle isn't that big, so if I'm personally aware of it happening, how many people does it happen to that I don't hear about?

Frankly the non-US situation scares me more than the US one.


Indeed. Also on the "bright side interpretation" is the fact that only about a thousand of these NSLs are issued per year (and given Google's size, that's probably a good guess at the total number of such investigations). A thousand isn't small, but at the same time it's only a tiny fraction of the number of law enforcement investigations. At least this is proof the NSL mechanism isn't being used for blanket surveillance state activity. That's something.


What if the questions being asked are more along the lines of, please give us the full account archive of everyone who's ever emailed an address in a .ir domain? Or, here is a semantic filter that you must apply to all mail that transits your system, hand over everything related to any account sending or receiving mail that it evaluates as a match.

Given the lack of transparency, and the fundamentally undemocratic nature of the National Security Letters infrastructure. It would be a good idea if we had a list of the sorts of things.

Personally, I'm comfortable with a few civil liberties being trampled in pursuit of loose nukes and engineered plagues; but I'm much less sympathetic to a policeman who wants updated intel on what a bunch of hippies are planning to write on their signs at the next Occupy protest.


They appear to have counts for impacted users, which are of the same order. So your worry about unbounded access is unsupported by the data.

I'm not saying this can't be an infringement on fundamental rights, or that it's a good program. I'm saying that, given the data at hand, it does not appear to be the blanket surveillance program that many people (including you, c.f. your first paragraph) think it might be.

That's a good thing, right?


This headline is quite misleading. Nowhere in it does Google actually state what the article claims in any way.

If anything, what makes me happy is that Google can even disclose any of this at all. NSL's are a tool that has little oversight and a bit more awareness may help keep them from being abused.


I'm happy Google has found a way to disclose this, too.

The headline ("Google Says the FBI Is Secretly Spying on Some of Its Customers") seems fair to me.

Google is reporting that it got more than 1 and less than 1,000 "National Security Letters", about more than 999 but less than 2,000 of Google's customers. Because the exact subjects of these letters can't be shared, the FBI's actions are being done "secretly". Because they allow the FBI to receive private information it wouldn't otherwise have without the subjects knowing, this activity fits the colloquial meaning of "spying". All the elements of the headline are supported by the reporting.


What's the difference between "secretly spying" and "secretly investigating"? What's an example of a secret investigation which is not secret spying? Would these NSLs more appropriately be describe as investigation or spying? Why?


Both are accurate enough for a headline. 'Spying' will often win as it's less than half the size (in letters and syllables).

Also, usually when investigation requires crossing usual privacy boundaries, and perhaps compelling third-party disclosures, the subject gets to know, and even challenge the search/seizure. Or at the very least, some other impartial hearing occurs – for example, to get a search warrant. Not so with the 'National Security Letters'. So 'spying' is especially apt, compared to the normalcy and equitable procedures connoted by 'investigating'.

There's a stronger case to be made that 'secretly' is redundant; it's already implied by 'spying'. But an oddity of the the NSL law is that you're not even supposed to reveal you've received one. Only now, many years later, are some fuzzy aggregate totals being revealed for prior years. So the extra heightening emphasis 'secretly spying' makes sense as well. Not only are the subjects unaware there online information is being collected, but the magnitude of the collection activity as a whole has been disguised.


The headline was deliberately selected for drama, and not for the length of the headline. If brevity was the sole criteria then ""Google Says FBI Requests Some Customer Data" is even shorter. Or even "Google: FBI Spies on Its Customers."

Why does the headline use the word "spy" at all? Google did not use the word "spy." They say the NSL is used in "national security investigations." Nor does the word "spy" appear in the body of the Wired article.

Why does the headline use the word "secret"? As you pointed out, "spying" implies "secret". If brevity were the primary concern then it should be omitted.

Hence my conclusion about using the headline as an attention grabber, and not because of its length.

BTW, when I read the headline, I took it to mean that Google found out that the FBI was getting customer information using a means which was secret even from Google. Thus, I believe the headline is also misleading.

While the statements you made about the NSL are true, and I believe NSLs are fundamentally counter to the transparency needed for good oversight, the statement that "when investigation requires crossing usual privacy boundaries, the subject gets to know" is not true. Wiretapping is legal, and the subject does not necessarily get to know or contest the wiretapping. How many times have you or people you know been wiretapped? If you can't be sure of the answer, because not all of that information is public, then wiretapping by the police is "spying" under your definition, is it not?

A difference is that subpoenas and warrants have judicial oversight, while NSLs do not. No, I do not believe that the FISA court or appeal to the FISA court gives sufficient oversight.

Unfortunately, as we recently learned from the Supreme Court, if we don't have proof of being spied upon then we can't say that we're being spied upon.

I'm actually in favor of saying that we are being spied upon. I do so from a moral and ethical view, and not from a legal definition. I think your argument is that this can be called spying because 'this activity fits the colloquial meaning of "spying".' My objection is that other similar activities by the government are not called spying, and neither you nor the Wired article characterized the difference between the "spying" and "secret investigation."


> BTW, when I read the headline, I took it to mean that Google found out that the FBI was getting customer information using a means which was secret even from Google. Thus, I believe the headline is also misleading.

For what it's worth that's the impression I had too (i.e. that this was similar to Google's Aurora announcement of being hacked by Chinese spies)


I suspect this author and editorial organization would, in fact, call all the similar activities by the government 'spying', that you and I would agree should be called 'spying'. So the fact that other people, sometimes, use and understand 'spying' less consistently isn't very relevant for condemning this headline use as 'misleading'.

Wiretapping requires a court order. And it is also 'spying', in the common understanding of the word. ('Spying' does not require illegality. With a court order, wiretapping is legal spying. These NSLs are also currently-understood-to-be-legal spying.)

The headline "Google: FBI Spies on its Customers" would have been defensible, too. It's a short, opinionated summary of the equally-opinionated reporting. Yes, it would prompt readers to wonder exactly which kind of 'spying' is meant, which they could find in the article.

'Requests Some Customer Data' would not be enough: there's no indication of the compulsion and secrecy. 'Secretly Investigates' would not be enough, either, because just researching someone via public sources could be a 'secret investigation'. Only 'spying' adds the necessary connotation of surveillance or privileged-document-collection.

And sure Wired picked the word for drama. We should expect reports to feature the most-dramatic-yet-still-fair headlines that can be backed up by the reporting. This recent expansion of oversight-resistant domestic-spying is in fact a dramatic development. Google finding a way to hint at its magnitude is also a dramatic development.


In looking around, I see that you are correct about the general use of "spy."

I thought that the main meanings were 1) spying taking place in opposition to laws in other jurisdictions but legal in the first (eg, British spies in the Soviet Union), 2) spying taking place against economic opponents, often using illegal methods (corporate espionage), 3) citizens spy against other citizens if they use illegal means, and 4) the government spies against its citizens using illegal means.

Only #2 of these might use non-illegal means. Otherwise, I thought that "spying" required a violation of the law.

For example, the US law describes spying as "Any person subject to this chapter who, in violation of the law of war and with intent or reason to believe that it is to be used to the injury of the United States or to the advantage of a foreign power, collects or attempts to collect information by clandestine means or while acting under false pretenses, for the purpose of conveying such information to an enemy of the United States, or one of the co-belligerents of the enemy..."

But I see plenty of examples where people use "spying" where I would use "surveillance" or other term.

And you know, ... I'm fine with broadening the use of the term 'spying' for these cases. Thanks for the enlightenment!


If we had an estimate of the number of in-links and out-links in the inbox, we would have a more accurate sense of the number of people whose communications were actually swept up under this surveillance. The number might be more accurately portrayed as "greater than 49,950 and less than 100,000 people" assuming the typical mailbox contains traffic from 50 people. Not all would be Google's customers, but it would portray the scope more clearly.


If you read the whole article closely you'll find this:

Google noted that the FBI may “obtain ‘the name, address, length of service, and local and long distance toll billing records’ of a subscriber to a wire or electronic communications service. The FBI can’t use NSLs to obtain anything else from Google, such as Gmail content, search queries, YouTube videos or user IP addresses.”

So inboxes are not being opened up for the FBI as part of these requests.


That applies more to the general search warrants they disclose than NSLs.

"Under the Electronic Communications Privacy Act (ECPA) 18 U.S.C. section 2709, the FBI can seek “the name, address, length of service, and local and long distance toll billing records” of a subscriber to a wire or electronic communications service. The FBI can’t use NSLs to obtain anything else from Google, such as Gmail content, search queries, YouTube videos or user IP addresses."

http://www.google.com/transparencyreport/userdatarequests/fa...


I think the contention is that Google knows they're spying on its users, so it's not secret spying, if spying means observing/seeing. I think 'Google says the FBI spies on some of its customers' is less confusing. Secret spying would imply the gov have a secret undefined backdoor.


It is kept secret from the victims, the most relevant people to the spying.


It's still plain spying. Spies would not be spies if the spied on knew they were spies, except in situations where they discover the spy and want her to lead them to her network of spies. But normally who the spies are is unknown to the entity being spied upon. to put it plainly it's unnecessarily redundant in the title.


Its no secret that the FBI is spying on Google's customers.


There is a much more aggressive response that a service provider can give to a NSL:

http://www.rsync.net/resources/notices/canary.txt

Some background:

http://blog.kozubik.com/john_kozubik/2010/08/the-warrant-can...

We've been updating this since late 2005.


> This headline is quite misleading.

Indeed, the FBI doesn't have customers either.


> what makes me happy is that Google can even disclose any of this at all.

That's one way to look at it. Another way might be, "Influential data company prevented from disclosing what the government is doing on the company's network".


I wanted to edit the headline, but I know how futile that is these days on HN, having done it many times before and having it edited to strictly mirror the original headline of the post.


The only way to prevent abuse is to keep your data unavailable to Google and others.


"Google says some of its customers are the target of authorized FBI investigations, but we've got to sex it up for Threat Level"


I tend to think these National Security Letters violate the 4th Amendment by authorizing warrant-less searches and seizures - but is it really a secret the US government is doing that?

Wireless searches of phone calls, Internet activity (Web, e-mail, etc.), text messaging, and other communication has been public knowledge since Attorney General Alberto Gonzales confirmed the existence of the program, first reported in a December 16, 2005, article in The New York Times. http://en.wikipedia.org/wiki/NSA_warrantless_surveillance_co...

In 2006 EFF filed lawsuit against AT&T after the US government installed monitoring equipment in an AT&T's switch room. http://en.wikipedia.org/wiki/Hepting_v._AT%26T

Warrantless searches and seizures and monitoring? Please that is so...1984. On August 30, 2010, the CCR and ACLU filed a "targeted killing" lawsuit, naming President Barack Obama, CIA Director Leon Panetta, and Secretary of Defense Robert Gates as defendants. They sought an injunction preventing targeted killing of US citizens, and also sought to require the government to disclose the standards under which U.S. citizens may be "targeted for death". Judge John D. Bates dismissed the lawsuit, holding the claims were judicially unreviewable under the political question doctrine inasmuch as he was questioning a decision that the U.S. Constitution committed to the political branches.

Back to the OP the only thing that shocks me is that Google and/or the individual employees, who are being personally slapped with a non-court ordered gag-order, have not sued the US Government. I am sure the EFF or ACLU would join as co-counsel to defer some of the resources, and if Google keeps complying maybe they will sue Google like EFF sued AT&T.


The FBI may be spying on some of Google's users, but the odds that they are spying on Google's customers is pretty slim.


I don't know about you, but the article points out those complying with NSL demands blindly even wrote NSLs for the FBI. That's pretty scary.


Anyone else notice that the United states is more than every other country in data request and 14* in user accounts. The percentage of data produced being almost 100% is just scary beyond belief.


Yeah, and I heard that the government used to get these things called wiretaps to listen in on people's conversations, and THEY DIDN'T EVEN TELL THE PEOPLE THEY WERE LISTENING IN. Imagine that.

Google is doing the right thing by publishing information that allows us to see the scope of the activity by the government. If part of an active investigation, then there's no need for anything further.


So are Google saying that there should be ZERO ability for law enforcement or TLA's to enforce the equivalents of HOW's (home office warrants) on their customers.

If you don't like the heat don't run gmail G+ and get out of the phone biz.


I would be surprised if they were not "secretly spying".


It's headlines like this that make me wonder if my Give-a-fuck isn't just broken.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: