This guy is amazing. The thing I love about him is he truly embodies the bravery that goes along with the idea that it's better to live in a free society with a modest threat of terror attacks than to live in an oppressive society where we are supposedly kept "safe" from the terrorists hiding behind every corner.
It takes courage to make such an assertion. The NSA spying route is fundamentally based on cowardice.
What would you say to others who are in a position to leak classified information that could improve public understanding of the intelligence apparatus of the USA and its effect on civil liberties?
That's the stuff History is made. I'm not American, don't think that it even matters at this point, but I'm printing a picture of the guy to stick it where everybody can see what a great thing a decent human being can be.
> What evidence do you have that refutes the assertion that
the NSA is unable to listen to the content of telephone
calls without an explicit and defined court order from
FISC?
I'd disagree that he ignored it. A later question covers the same (or very similar) ground.
""" Q. Can analysts listen to content of domestic calls without a warrant?
A. NSA likes to use "domestic" as a weasel word here for a number of reasons. The reality is that due to the FISA Amendments Act and its section 702 authorities, Americans’ communications are collected and viewed on a daily basis on the certification of an analyst rather than a warrant. They excuse this as "incidental" collection, but at the end of the day, someone at NSA still has the content of your communications. Even in the event of "warranted" intercept, it's important to understand the intelligence community doesn't always deal with what you would consider a "real" warrant like a Police department would have to, the "warrant" is more of a templated form they fill out and send to a reliable judge with a rubber stamp. """
What I took from this is that the process is so 'optimised' that even a court order doesn't mean what most people would think it does (i.e proper oversight and consideration).
"Bathtub falls and police officers kill more Americans than terrorism, yet we've been asked to sacrifice our most sacred rights for fear of falling victim to it."
Variants of that argument (usually related to smoking, alcohol, and backyard pools) have not persuaded anyone in debates over the Second Amendment. They seem unlikely to persuade anyone in debates over the Fourth.
It's a different situation. American's really like the idea of having the power to protect themselves. That's why when you throw the statistic that you will most likely never need the gun they don't care. This is because despite the odds being so low they are afraid of being that 1 or 2%.
However, American's really don't like the idea of an overly powerful government watching over your shoulder. The idea that the government is supposedly using gathering this information and that it doesn't even have a legitimate use case is unappealing to most.
I think you interpreted the parent as saying people should be persuaded to support gun control; I think the parent was saying people should be persuaded to oppose gun control. I base this on the "(usually related to smoking, alcohol, and backyard pools)" - the implicit argument being "each of these things kill more people than firearms, why is it the firearms you want to regulate?"
Many parents would rather that their children not visit the home of a friend that had guns in it. Would as many parents be apprehensive about sending their children to a home with a pool? I suspect not.
There may be legitimate reasons that they are treated differently in a way that does not immediately make sense when you examine the risks they pose, but I don't think that choice or lack of it is that reason. I think that you are looking for something more subtle.
Speaking as a parent who has left his children to be babysat at houses with both guns and pools, the pools are a far bigger concern. When both are treated as the dangers they can be, neither is a threat. It's much easier to forget about a pool than a gun, though, and a gun is much less likely to be accessible to a child than a pool. Kids who can't swim can fall into a pool and drown before you realize that anything's wrong, and playing around pools is normal kid behavior, while playing with Actual Real Firearms is not.
I wouldn't leave my kids at any place that I felt was going to be a tangible danger to them - be that a house with a pool and a back door that doesn't have a child lock or pool gate, or a house of an irresponsible gun owner, or a house with exposed electrical wiring, or anything else that I feel poses a material threat to my child's life.
> Americans really don't like the idea of an overly powerful government watching over your shoulder
Most Americans haven't thought about it hard enough to make a meaningful personal decision and have allowed themselves to adopt the first external opinion they were offered, so it's about 50-50 pro-con on the question.
What you're doing, is giving yourself permission to not engage other people about the issue. "Oh, I don't need to talk to grandma, I'm sure she's already on my side."
Yeah, that's incredibly cool. Make a meaningful statement whilst throwing their own rhetoric back at them. The more I hear/read from this guy, the more I like him!
Actual outcomes need to be weighed against counterfactuals, and I think the claim that the alternative would have been worse in Cheney's case - while I dispute it - is better than in the other.
I understand you were not being definitive and I doubt very much that people would disagree that Cheney is a better person than that rapist given the same ability to effect the world.
Having said that Cheney had a lot of power and a lot of impact. In relative terms the alternative to Cheney in power does not need to be much better to result in an absolute impact greater than the 4 lives affected by that rapist.
My statement was meant to point out that the absolute rather than the relative "evilness" of him is a viable reason for some to hate him.
If you were a Chinese spy, why would you play the game of releasing the information to the public at all? You'd just go straight to the Chinese and disappear into their protection. There's nothing to be gained by an elaborate charade as a whistleblower.
A damning allegation with global economic consequences is easily dismissed as propaganda if it comes from the Chinese government. Not so if it comes from a whistleblower.
The point is that it's a ridiculous nonsense statement. It can be applied to anyone about anything. I have no problem with someone believing he's a spy based on evidence or even intuition. I do have a problem with a tautology being used as evidence, or to sway opinion.
If the person is trying to deceive you they will attempt to deceive you. Well, duh.
Just for people like you: No. I have had no contact with the Chinese government. Just like with the Guardian and the Washington Post, I only work with journalists.
The things you can learn if you click the link, huh?
You don't have to be in direct contact with the Chinese government to provide them information. It is probably the case that spies do not have direct contact with the government they are spying for. He namedropped the Guardian/WashPo. Sure, I can believe that journalists from these papers aint' Chinese spies, but how about the Chinese papers that he talked. Oh, he conveniently did not mention them.
We learned that (taking him at his word), he hasn't personally handed classified information over to the Chinese government, but he has handed it over to an unknown number of journalists.
Who have the journalists passed it along to, voluntarily or through coercion? We have no idea. Once it's out of his hands, Snowden himself can't know for sure.
And? There's a huge gulf between "maybe China will find out if he leaks stuff to the public" (duh) and "maybe he's a Chinese spy." (huh?)
Are we supposed to believe that Chinese intelligence has been wringing its hands for the past decade, just wishing a US whistleblower would reveal a bunch of stuff to the media so they can figure out what's going on? They do have real spies, you know.
I didn't say he's a Chinese spy. Neither did the person asking the question ("The US Government alleged that you gave sensitive information to the Chinese.")
I'm saying, he very possibly gave sensitive information to the Chinese government, perhaps inadvertently or through indiscretion. You don't have to be a Chinese spy to do that (he was actually the one who presented the false equivalence).
That is not the reason why the "Chinese spy" thing has popped up. Of course the Chinese government is getting classified information from this: They can read newspapers at the very least.
The issue here is an attempt to paint him as influenced or controlled by the Chinese in his decision to take documents, which would instantly make him reviled by a lot of people who will hail him as a hero as long as believe he did it of his own accord.
Mr Snowden, as a deputy at the Bundestag (German Parliament) who is responsible for the supervision of the intelligence apparatus, I am eager to know if you have any knowledge about information which was given to the German Government or the Bundesnachrichtendienst by the NSA within the PRISM programme. If so, do you know how much and what kind of information was given to them and if the BND knew that it was gathered by PRISM?
Best regards, Hans-Christian Ströbele
Nice spotting! Glad to see my district MP taking an active interest. Here is a direct link to the comment for people who want to upvote it(apparently no registration necessary)
What matters is that the message suggests that a German MP 'responsible for the supervision of the intelligence apparatus' is not certain whether German intelligence has access to PRISM and other related programs' data.
"So far are things going the way you thought they would regarding a public debate?"
"Initially I was very encouraged. Unfortunately, the mainstream media now seems far more interested in what I said when I was 17 or what my girlfriend looks like rather than, say, the largest program of suspicionless surveillance in human history."
That, and government propaganda. Look at CNN's lede:
"Washington (CNN) -- The man who admitted leaking classified documents about U.S. surveillance programs purportedly went online live on Monday to declare the truth would come out even if he is jailed or killed, and said President Barack Obama did not fulfill his promises and expanded several 'abusive' national security initiatives."
This is textbook propaganda. The news media like CNN may partially be about entertainment, but it is also about propagating the government position, specifically the intelligence agencies positions.
To start with, take a look at that first clause: "The man who admitted leaking classified documents..." The framing of this is right off the bat aggressive, casting him in the light of a criminal. Were CNN to want to cast him in a positive light they could have chosen to write it something like this: "The man who exposed widespread secret surveillance of American's electronic communications..." Instead CNN chose to emphasize the criminal aspect, rather than the civil liberties/anti-democratic aspect.
Next: "... purportedly went online..." The use of the word "purportedly" here is interesting. Why is that questioned? To associate doubt with him. It's subtle, but nevertheless there it is.
Next: "declare the truth would come out even if he is jailed or killed". Out of all the questions which were answered CNN focused on this one because it most easily supports the "egotistical" narrative they are attempting to paint him with. Implication: "He is setting himself up as some kind of martyr! How arrogant!"
Next: "Obama did not fulfill his promises and expanded several 'abusive' national security initiatives." This one is, to me, the most blatant. The scare quotes around "abusive" are of course the most obvious. But look how the frame it: "national security initiatives". Not "domestic spying programs", or "electronic surveillance mechanisms", or something else. After all, no one who calls themselves reasonable can be opposed to national security!
It's subtle, and of course debatable. But it's certainly present. CNN has their own slant, and it is obviously pro-NSA.
Also note that nowhere to they actually link to the Q&A page.
Let's rewrite it, communicate the same information, but make it skeptical towards the NSA:
"Edward Snowden, the former NSA contractor who exposed widespread secret surveillance of American's electronic communications and online activities, did an online question-and-answer session today, making himself available to provide follow-up answers to questions raised by concerned citizens over the reach and power of the notoriously secretive intelligence agency."
Also, the "..'abusive'.." quotes serve to show a disdain for Snowden's position; "Snowden claims this was 'abusive' - and we know him to be a criminal traitor, if you think the acts of the NSA were abusive, then you clearly are a traitor sympathizer.
I recall the reports of CIA handlers years ago in CNN, clearly they are still there... (I am looking for a link, but so far came up blank)
The former National Security Agency contractor who revealed the U.S. government's top-secret monitoring of Americans' phone and Internet data fought back against his critics on Monday, saying the government's "litany of lies" about the programs compelled him to act.
This: this is why I pay $20/month for NYT, even though I think that a random sampling of articles from Google News (representative publications from around the world) provides more signal to noise.
"The framing of this is right off the bat aggressive, casting him in the light of a criminal." Ignoring any moral aspects, isn't he technically a criminal? This certainly seems more neutral than your suggestion. Calling him a traitor would be out of line, but I do believe it was against the law to do what he did.
It IS only 'purportedly' him; why do you expect CNN to report what it cannot confirm?
The quotes around 'abusive' are suggestive, but it is also how you indicate that the word came from someone other than the author of the article. If you expect neutrality, expect the writer to segregate their words from their subject's.
Your summary is far more emotionally charged and subjective.
He didn't say he wasn't a criminal. He said that out of two pieces of information:
* He violated the law (negative)
* He exposed secret domestic surveillance by the government (positive)
They chose to highlight the negative, rather than the positive.
Purportedly went online on Monday? No. That wasn't the right word to use there.
Of course the abusive quotes can be interpreted that way, but there are other words that could be put in quotes because they too came from other sources. They chose to put 'abusive' in quotes but not 'national security initiatives', for example.
His summary is not emotionally charged at all - he shows how the same information can be worded in ways that highlight the positive or negative aspects. And it is clear what CNN did, to an extreme.
Which summary you find more emotionally charged probably depends on your existing opinion, and how often you consume mainstream news. To me CNN's wording (and, for that matter, all TV news reports) feels like a stream of verbal knives, each word chosen to induce anxiety and put the viewer/reader on edge. Regardless of their veracity, "aggressive" is an apt description of their tone, and it's not limited to just this story.
> * "aggressive" is an apt description of their tone, and it's not limited to just this story.*
Of course it is. CNN competes with 250+ other channels to grab your attention, draw you deeper in, and serve you commercial breaks.
You could claim it's a carefully orchestrated propaganda machine designed to scare people into ceding their rights to the government (of course, such arguments might also designed to scare you). Or you could claim that they need to do this to excite their broad audience and thereby preserve their jobs and paychecks.
You could say the media dug up pictures of his girlfriend in provocative outfits to discredit him among conservative Americans. Or you could acknowledge that they didn't have to do much digging at all, that sex sells, and that the public love personality news (see all the Hollywood "news" shows).
There's a conspiracy lurking around every corner, if you go looking for it.
To me, "purportedly" is the glaring weaselword and is intended to cast aspersions or otherwise impugn the whole 'construct' of Mr. Snowden as illegitimate.
It would be nice if they were at least intellectually honest about it by calling a spade a spade, even if that spade is themselves.
"The following articles presents discussion of the man behind the leaks. We are providing this information to satiate the curiosity of our readers. However, despite the fact that we are providing these stories, we strongly encourage readers to view these articles for what they are, rubbernecking. We strongly urge readers to keep their judgement confined to the facts we know about the NSA's warrantless wiretapping program and to exercise control so that their opinion of Snowden does not prevent them from forming an objective opinion on government spying programs. etc. etc. etc."
He will be online today from 11am EST/4pm BST today. An
important caveat: the live chat is subject to Snowden's
security concerns and also his access to a secure
internet connection. It is possible that he will appear
and disappear intermittently, so if it takes him a while
to get through the questions, please be patient.
Hah, nice. Reading that just made me smile. Loads of people are going to be patiently watching out for the lag, for the possible periodic disconnects/reconnects, and they will be vaguely internalizing why Snowden has to do this. And this is pretty mainstream news at this point, people are going to be on edge listening for his words. I like the cyberpunk feel of these happenings. We live in interesting times.
Here is an interesting remark by Edward Snowden during the interview:
Journalists should ask a specific question: since these programs began operation shortly after September 11th, how many terrorist attacks were prevented SOLELY by information derived from this suspicionless surveillance that could not be gained via any other source? Then ask how many individual communications were ingested to acheive that, and ask yourself if it was worth it. Bathtub falls and police officers kill more Americans than terrorism, yet we've been asked to sacrifice our most sacred rights for fear of falling victim to it
I think the best part about this is he is not completely willing to say that the U.S. should or should not be doing what it is doing per se, just that it should not be doing it without the consent of the governed. He wants us to ask where the line should be drawn as a people, and his basic concern is that we are not being informed, not that the wiretapping is happening. This shows a profound respect for democracy and the country, since he seems to have faith that if all the facts are laid bare our country will do the right thing.
I wish that were true, but in the context of everything he says it doesn't seem true.
This part especially his belief that privacy is a universal right:
More fundamentally, the "US Persons" protection in general is a distraction from the power and danger of this system. Suspicionless surveillance does not become okay simply because it's only victimizing 95% of the world instead of 100%. Our founders did not write that "We hold these Truths to be self-evident, that all US Persons are created equal."
"As a thought experiment, imagine that Osama bin Laden was still alive and that he used the Tor network to do a Reddit AMA once a month. How long do you imagine it would take for the US to find and neutralize him? I posted this question on Twitter and, while responses varied, ex-NSA Global Network Exploitation Analyst Charlie Miller guessed one to two months. I would be very surprised if it took more than three."
I think it's intended more technically than what the other posters are inferring. I.e. the gov't doesn't care if he's dead, disabled, or otherwise unable to continue. Any and all of the above are intended by neutralize, and I think it's being used precisely rather than euphemistically.
The key point in the answers thus far is that when he refers to "direct access" he means to some database that has all the stuff in it, and not (e.g.) via a direct conduit to Google or whoever's database.
So what I think is going on is that the NSA archives packets it can see in transit, but doesn't necessarily know who all the endpoints are. (It probably has a VERY good idea most of the time.) When someone becomes of particular interest they can execute a warrant on Google et al and get more detailed information on a specific target which lets them make better use of data they've already got.
The key thing they're doing is, fundamentally, logging packets that they can see going past any number of bottlenecks in the internet, which should have been perfectly obvious that they would try to do from day one. This alone is enormously powerful and all the extra info from service providers is probably only icing on the cake. If you can be identified from some cleartext comms somewhere then all you other dealings have been archived, and can be correlated, and then decrypted and traced back to you posthoc.
This is my belief as well. A few years ago I worked for a company that sold packet capture appliances to unnamed government agencies. The higher end appliances were capable of 10Gb/s packet to disk streaming. I helped write a search interface for the resulting data capable of the type of filtering and data reconstruction described. If organizations directly, indirectly, knowingly or unknowingly allowed the NSA to tap Internet links, they could theoretically provide full data access, while at the same time publicly deny direct server or backdoor access.
When I left they hadn't worked it out, only plaintext artifacts could be extracted. There was discussion of server plugins to intercept and store SSL keys and later use those to decrypt data, but this would require endpoint access and complex interaction back to the appliance. However, in the case of email, although you might utilize encrypted protocols to send/receive, a direct or indirect recipient might not, so at some point the message may cross the wire in plaintext.
For a government agency like the NSA, that's easily accomplished by a man-in-the-middle attack. They can almost certainly convince multiple US-based certificate authorities to give them a certificate that will be included in the default set of trusted certificates by all mainstream browsers. They would only have problems with the very small number of people who are both paranoid and tech-savvy enough to change the certificates that there browser trusts.
Chrome, at least, has certificate pinning for Google properties (and perhaps some other big sites?), which prevent the use of a different but otherwise valid certificate from a trusted CA.
This is the impression that I took away from his remarks, too. However, this prompts a question: is it feasible to capture everything, store those data, and filter after the fact? How much traffic are we discussing, how much storage over what period, etc.? The costs to capture and store everything for any significant length of time seem astronomical; am I wrong? And if it's not everything, how useful is it?
They could filter for communication related packets based on port numbers: email, chat, voip, etc. The resulting data feed would be more manageable to capture and store long term.
It's also possible, although I don't know how likely, that there are employees of Google, Facebook, etc.. who are secretly working for the NSA to gather specific information that they would otherwise miss.
Seem like more like a platform for self aggrandizing quips than anything substantial. I guess it isn't surprising that Snowden and the Guardian are remaining vague, but we are pretty much no closer to the truth than day one.
I agree, he said a whole lot of beautiful nothing. He didn't really add any new information to the discussion.
The question I most wanted to see asked was a request to expand on the notion that he had the ability to wiretap anyone up to the president. When this came up he simply went on a philosophical rant about the nature of bureaucratic creep and how our constitutional rights should extend past our borders.
The first part of Snowden's response to that question:
>Yes, I stand by it. US Persons do enjoy limited policy protections (and again, it's important to understand that policy protection is no protection - policy is a one-way ratchet that only loosens) and one very weak technical protection - a near-the-front-end filter at our ingestion points. The filter is constantly out of date, is set at what is euphemistically referred to as the "widest allowable aperture," and can be stripped out at any time.
So, he stands by what he said and expanded on the scope of his capabilities by addressing the claims that there are "systems" in place to prevent someone (such as himself) from grabbing domestic data. He details that there are "policy" protections --that he asserts are effectively no protection at all-- and "one very weak technical protection" that acts as a filter of some sort on incoming data. He goes on to describe the filter as "constantly out of date" and specifically configured to be as ineffective at its stated purpose as possible by letting us know that the configuration is "euphemistically referred to as the 'widest allowable aperture.'"
Really, I'm just retyping what Snowden has already said. It looks to me like he most certainly did expand on his claim.
Ok, I will be happy to break down that particular question if you want. His initial quote was as follows, emphasis added by me:
>"I, sitting at my desk, certainly had the authorities to wiretap anyone, from you, or your accountant, to a federal judge, to even the President if I had a personal email."
He doesn't say he has the capability, he says he has the authority. That is an important distinction.
>"Yes, I stand by it."
He doesn't waiver in his initial statement.
>"US Persons do enjoy limited policy protections"
While it might not be clear in the initial interview, I think most people would assume that this type of power isn't given to everyone so some type of policy protection was obvious. Snowden doesn't add anything new here because he doesn't give any details and his statement just raises more questions. The question that relates directly to his first statement is whether he really did have the authority to wiretap the president like he initially claimed? But I would also like to here more explanation of these policies. Was this an honor system? Was there any oversight? Did these things require a warrant or any approval?
>"(and again, it's important to understand that policy protection is no protection - policy is a one-way ratchet that only loosens)"
Part of the philosophical musings that I mentioned in my initial post.
>"and one very weak technical protection - a near-the-front-end filter at our ingestion points. The filter is constantly out of date, is set at what is euphemistically referred to as the "widest allowable aperture," and can be stripped out at any time."
This is another vague and almost worthless statement. At this point and with this level of detail, we can only speculate on these "technical protections". It would seem to imply that there is a technical filter in place that prevents information about US citizens from ever entering the system. But the way Snowden dismisses it as soon as he brings it up makes it seem like it is useless. Some followups would have been helpful here. What does he mean that the filter is constantly out of date? What does "widest allowable aperture" mean? Who has the authority to "strip it out at any time"?
I don't think he provided anything new here outside of simply confirming that there were policy and technical limitations in place, something that would likely be assumed by most people.
> This is another vague and almost worthless statement. At this point and with this level of detail, we can only speculate on these "technical protections". It would seem to imply that there is a technical filter in place that prevents information about US citizens from ever entering the system. But the way Snowden dismisses it as soon as he brings it up makes it seem like it is useless. Some followups would have been helpful here. What does he mean that the filter is constantly out of date? What does "widest allowable aperture" mean? Who has the authority to "strip it out at any time"?
Snowden definitely needs to expand more on these things and talk about the technical aspects more specifically. It seems that Greenwald (who admitted he is very nontechnical) is guiding Snowden into dumbing down his technical descriptions (for whatever reason, maybe its to avoid declassifying stuff that would actually impact national security) and that is doing him a disservice.
Snowden seems to be exaggerating in the sense that he, a knowledgeable IT contractor employed to overlook the NSA infrastructure would be able to get the data he needs, bypassing the policy protections. I don't think he means that any "associate" level NSA agent without technical knowledge of the infrastructure can easily get any data he wants, even with the policy protections. This is just my interpretation, based on how I've seen other technical people exaggerate.
Well, by all accounts, he's going to let the documents do the "adding new information" for him. That's smart. He's not asking us to take his word that these are happening, and he's not hanging the believability of these charges on his honor, which is already being smeared across the media far and wide.
He's answering questions as to why, not what, which is great, since it gives people a more balanced view of who the man is behind these things, and serves as a counterbalance to the "omg high school dropout with a stripper girlfriend" smear stories that have been plastered all over the news lately.
From my reading I understand that the comment on being able to wiretap absolutely anyone was on the basis that he was a sysadmin. He had write access to databases of people who's communications were to be intercepted in full and could add arbitrary phones or emails to them.
Binney on the existence of this list: "what they do is take their target list, which is somewhere on the order of 500,000 to a million people. They look through these phone numbers and they target those and that’s what they record." [1]
This appears to be separate from the Main Core list of 8 million Americans "which contains personal and financial data of millions of U.S. citizens believed to be threats to national security." [3]
Another Binney interview: "he [Snowden] had access to go in and put anything... If he knew their phone numbers or attributes, he could insert them into the target list which would be distributed worldwide." [2]
I don't think anyone reading your comment is sure of what you mean by vague and substantial. He has explicitly addressed every one of his harshest criticisms thus far in much clearer language than most of us are used to seeing in the media.
He answered harsh criticisms about his personality and motives, but added very little regarding NSA spying. It is all well and good that he is willing to die for America, thinks the media has focused on the wrong elements of the story and made fun of Cheney. But in regards to the subject of NSA spying, he spoke in vague terms that didn't add to the public's awareness. And that is pretty much all I care about hearing from him, not media criticism, his suggestions for Obama or how he thinks he exposed the largest suspicionless surveillance program ever.
I disagree, some key points were clarified. To wit -
1. Encryption works, but "endpoint security" is easily defeated.
2. "US Persons do enjoy ... one very weak technical protection - a near-the-front-end filter at our ingestion points. The filter is constantly out of date, is set at what is euphemistically referred to as the "widest allowable aperture," and can be stripped out at any time."
An "ingest point" appears to be the term for a preprocessor that parses raw data before sticking a normalized copy in a database. I believe this is talked about more in Boundless Informant papers.
3. American data is regularly collected "incidentally", and when between an American and a foreigner. "Americans' communications are collected and viewed on a daily basis on the certification of an analyst rather than a warrant."
4. Intelligence agencies (including GCHQ) have raw access to query NSA databases, and GHCQ is cited to have 5% of queries audited.
I made an effort earlier to try to write up a fully cited description of what we know about NSA activities. If you would find that useful, you can find it at https://news.ycombinator.com/item?id=5892755
Despite already blowing the whistle and turning unconstitutional domestic surveillance into a public discussion for the first time in, well, ever, to truly be useful to society he must accept your amorphous terms of disclosure for information that is likely forthcoming anyway.
My demands are quite morphous. As a person who is only of public interest due to leaking information about the NSA, I would perfer he clarify what exactly the NSA does. Good intentions about "public discussion" don't help if the public discussion he provoked is uninformed.
But do we really need more info? What will taht accomplish?
As far as I am concerned, this is the 100% solid concrete evidence that Eschelon exists - where for the last 30 years it was a "conspiracy theory" -- yet here it is, verified, in your face and glaring.
Now, what is the next step? What needs to happen is ACTION taken.
There is only one peaceful tool the citizenry has against the government at this point: civil disobedience via a tax holiday.
Nothing will happen unless people do the only thing they can do: refuse to provide funding to the government.
If the government can't even go after the criminal banks -- its laughable to think that anything is going to happen to the intelligence agencies: especially when the government is staffed by both THE BANKS and THE INTELLIGENCE AGENCIES!
Are you ignoring all the "meta-evidence": The smear campaign from people as crazy as Cheney? All the MSM focus to discredit? The actual lying under oath from Clapper against EXACTLY what was revealed by actual NSA documents?
Given that the source is "ONE" person is irrelevant.
Looking at your comment history, I find your judgment to be suspect.
Smear campaigns exist for a lot of people, in a variety of fields, for a variety of reasons. Individuals running for government office seem to always have smear campaigns run against them. I don't really read much into that, I'm curious why that is "strong meta evidence" to you.
As many people focus to lend credence to his story as try to discredit him. Again, run-of-the-mill behavior for something like this. As you can see on sites like this, he has a lot of support.
Someone lied under oath about things that are at best tangential to this story, if they relate at all.
We don't have any real, actual evidence at all, other than the artifacts generated by one guy.
He is the CURRENT HEAD of National Intelligence, directing a PUBLISHED budget of ~$50 BILLION dollars.
The things he lied about are the CORE of this story, not "tangential" -- He specifically stated that the NSA collects "nothing" on US citizens, NOTHING.
Given this statement by you, it is clear you're completely deluded.
> On August 5, 2010, Clapper was confirmed by the Senate in a unanimous vote.[5] Lawmakers approved his nomination after the Senate Intelligence Committee backed him with a 15-0 vote. During his testimony for the position, Director Clapper pledged to advance the DNI's authorities, exert tighter control over programming and budgeting, and provide oversight over the CIA's use of predator drones in Pakistan.
So why is your beef with the NSA/The intelligence gathering effort?
Amongst other things, I took the fact that the NSA can't break encryption from the Q&A - that they'll usually attack the endpoints rather than trying to brute-force it (or use secret NSA math orders of magnitude better than us peasants have). To me that's pretty significant.
> Amongst other things, I took the fact that the NSA can't break encryption from the Q&A - that they'll usually attack the endpoints rather than trying to brute-force it
That doesn't imply that they can't break encryption, it just means that usually they have faster/easier options.
True, but it does essentially mean that what the public considers to be "strong" crypto is not secretly broken by the NSA in such a way that they can decrypt communications in realtime or en masse.
> True, but it does essentially mean that what the public considers to be "strong" crypto is not secretly broken by the NSA in such a way that they can decrypt communications in realtime or en masse.
Or, at least, that they are monitoring enough data that if they had to decrypt all of it in realtime, it would overtax their computing resources, so that they minimize the burden by going after the cleartext at the source when they have the capacity to get at it that way.
I think every time he opens his mouth some shadowy characters in some windowless bunker stateside are ordering another round of illegally imported Cuban cigars and a particularly peaty single malt Scotch.
Given the creativity of conspiracy theories, I'm a little surprised nobody's yet suggested he's actually part of a US false flag operation.
The creativity bit was about the conspiracy theories of others, not things that he's said.
I do think that things he's said and things he's done actually undermine his stated cause. He started out by portraying himself as a conscience-driven individual who wants to expose what he believes are gross violations of civil liberties without becoming a focal point of the story.
He's now made himself the center of the story, has expanded his motivation to moral outrage at all forms of spying, etc. Add to this the various inaccuracies, melodramatic over-statements, tangents into matters entirely unrelated to civil liberties, and really, just the act of flight to begin with.
It seems to me that much of the time he does or says something he's moving perception away from somewhere on the the 'mildly ambivalent moral actor' end of the spectrum where he started and towards 'clueless opportunist'.
That's a terrible thing because, and I agree with you, a number of the things he says are not just extremely plausible but important matters of civic discourse.
I think he's doing a ridiculously good job for an individual taking on the largest military intelligence organization in the world without lawyers or paid political consultants.
I'm not sure how you would expect him to conduct this disclosure without the "act of flight" or "becoming a focal point of the story".
I suppose I'd expect him to conduct himself like, well, just about every other whistleblower before him. Just yesterday three high level NSA whistleblowers gave a joint interview to USA Today. All three still in the US and none in prison. One of them, William Binney, while being generally supportive of Snowden went as far as to call some of his actions traitorous.
When your natural support constituency starts saying things like that you have a serious (and, inexplicably, self-created) image problem. I believe this is an actual thing rather than, you know, you and me just shooting the shit on a nerd message board.
No doubt, but that's also why the concern that he may be turning himself from 'effective' to 'ineffectual' is so much greater.
I guess the simplest way I can put it is - I wish he'd stop taking his cues from journalists, however high-minded and well-intentioned and start working with a local lawyer specializing in human rights and civil liberties issues, yesterday.
I suppose that with the wikileaks precedent, he would assume they would have thrown him in solitary confinement, with no access to the press, which would defeat the purpose of his leaking the info.
Not to be a conspiracy-theory hipster, but I suggested this before we even knew who he was. I thought the timing was suspicious, how it completely erased the discussion of the completely-confirmed Verizon phone records business, and replaced with a whole load of doubt and speculation. The shittiness of the Powerpoints (supposedly for training but containing all the detail of "Illegal Surveillance for The Layman") and the choice of newspapers (Guardian and Washington Post? The hell? Someone trying to make the Post look good?) didn't encourage. Then this guy turns up with EFF and Tor stickers plastered all over his laptop, claiming he doesn't want to be the center of attention while making himself the center of attention, and the internet collectively creams their jeans.
Personally I think he's too over the top - a perfect caricature. I have met people who work the security services, and they are not the kind of people who put stickers on their laptops, EFF or otherwise. I additionally posit that if you worked for the NSA and really wanted to disclose secrets, and had the kind of access he is supposed to have had, you could have leaked much more specific, damaging things than this. His reluctance to reveal more detailed information about the NSA, even without proof, is fairly damning.
If I were him, and the cat were properly out of the bag now and there were talks of extra-judicial killings, and I was talking a big talk about dying for my country, I wouldn't be running my mouth about democracy. I'd be running my mouth about the damn NSA.
"More detail on how direct NSA's accesses are is coming, but in general, the reality is this: if an NSA, FBI, CIA, DIA, etc analyst has access to query raw SIGINT databases, they can enter and get results for anything they want. Phone number, email, user id, cell phone handset id (IMEI), and so on - it's all the same. The restrictions against this are policy based, not technically based, and can change at any time. Additionally, audits are cursory, incomplete, and easily fooled by fake justifications. For at least GCHQ, the number of audited queries is only 5% of those performed."
No, he did answer the question, with the biggest walk-back in the history of whistle-blowing. He defined it as "direct access" to internal databases of shit the NSA has already collected. Absolutely not the same as what Snowden was selling the newspaper reporters a week ago, which was "direct access" to Google servers.
Also, by the way, 5% auditing is an very high rate. With a 5% audit rate, you'll catch evil-doers in no time at all.
Yes, and the guardian actually published a (tiny) retraction to this effect. So tiny I can't find it, but yes the central, core, money-shot claim is actually patently not true.
But the picture I'm getting is that they 'collect' everything (via fibre intercepts etc), because they've interpreted the rules as being "collect everything but then ask permission to look at it"
"Collect everything; analyze later" is not a feasible strategy. Nobody has that kind of storage, and even if they did, nobody has the CPUs to ingest the stream. I think it goes without saying that you need a Google-scale computer to ingest Google-scale network traffic, and that's just one of the companies in question, on top of all the public transit bandwidth. Nobody has presented any evidence that the NSA has computing facilities on that scale. The only one we know of is not yet built, and way too small.
I think it is completely feasible that the NSA would or does collect all or a great deal of voice traffic, because that's a tiny piece of network traffic these days.
I've always assumed the US gov't does have this computing power and that's why we spend so much on national defense. Besides, when you employ more mathematicians than anyone else, I'm sure you can come up with some smart ways to store big data. Also, I think it would be fairly cheap to just write everything out to tapes or disk and dump them in a closet, even if you don't have the money to load them all in a database (so that you can put them online when technology improves or you have more budget/time). Further, I haven't seen where Snowden clearly retracted his 'direct access' assertion. You might keep some identifiers in a database and the whole dataset on a user can be ingested on demand from Google or whichever company (even if that means sending an automated request to Google which automatically responds by dumping data to FTP).
Did Snowden say "direct access" in his interview or elsewhere? I thought that was an extrapolation of journalists writing about his story afterward (who also got details like the salary slightly wrong), taken from the wording on the slides, and reinforced in people's minds by the denials from Google et al which talked of backdoors etc? I don't think he made any claims about direct access, only that he could access all account details including emails etc if he had 'the proper authorities' as he puts it (which is pretty consistent with the slides and with the Google claims).
I don't remember him using that particular phrase at all at least in his initial video - I remember him talking about the ease with which they could access data using a 'selector' like an email address, not making claims about specific connections to servers or anything similar. He's not responsible for what journalists say, and we can't expect them to clearly restate it all the time, but what we do know about the extent of surveillance is disturbing. It's still unclear exactly what is recorded, when and how and I'm sure we'd all love to know more, but in the meantime it's not very useful to try to discredit his claims based on the interpretations of others.
My beef with the phrase though is that Greenwald keeps repeating it and sticks by the story that the NSA slides said it so it must mean something, without bothering to ask his supposedly very knowledgable source to expand further on the topic.
To walk a story back is journalism industry jargon for slowly dropping claims made in your initial story, until there's nothing of substance remaining.
Going from "NSA has direct access to servers of major internet companies" to "Some NSA analysts' database accesses inadequately audited, according to random sysadmin" is a textbook walk-back. Of course you will never see the latter headline on Greenwald's blog.
I don't think Snowden would have any idea whether the audits were effective or not. An analyst in the position of auditing is likely segregated from the employees whose searches are audited.
I think it is entirely plausible that a sysadmin would know exactly what logs the auditors inspect and that he would know the things like how often the logs were deleted as well as exactly what information is (and is not) captured in the logs. He may even have had access to the same tools the auditors used so that he could run them himself and see what they flagged and didn't flag.
It is my experience that systems auditors rely heavily on sysadmins to do their jobs. At a minimum the auditors are "just" another set of users and the sysadmins' responsibilities include supporting the auditors even more closely than they support regular users of classified systems. Frequently the auditors themselves do not have systems-level knowledge of the computers they are auditing.
Security on every classified system that I've seen was generally limited to a series of a checklists that some talented specialists once put down in a manual and are left to low-skilled employees to check off each day/week/month - if it isn't specifically on the checklist they have little to no knowledge of it. That includes glaring procedural holes. Essentially security is all CYA, so that everybody involved can say they followed the rules and not lose their job if something goes wrong.
That statement was in regards to their widespread international network intrusions into potentially critical networks, not authorised access to American companies.
He didn't answer the question that the person asking probably wanted an answer to, which was about direct access in regard to Prism. But that's the fault of the person asking not being precise...
You have to remember there are tons of programs going on. To the people who have been paying attention to the Prism "direct access" debate, it's probably pretty clear what the person asking the question was getting at. But it makes total sense that someone as familiar with the programs as a whole would answer about "direct access" in general.
What are the contents of the raw SIGINT databases with respect to telephone audio? Is that audio dragnet? Can an analyst, from a technical perspective, initiate monitoring of a person unilaterally?
The impression I get is that they collect everything they can. If they want to actually _look_ at what they've collected, they are supposed to ask secret permission from a secret court that gives a secret answer. Of course, we trust that they _always_ ask this secret court.
"Anthony De Rosa
17 June 2013 2:18pm
1) Define in as much detail as you can what "direct access" means.
2) Can analysts listen to content of domestic calls without a warrant?"
Answer (Snowden)
"1) More detail on how direct NSA's accesses are is coming, but in general, the reality is this: if an NSA, FBI, CIA, DIA, etc analyst has access to query raw SIGINT databases, they can enter and get results for anything they want. Phone number, email, user id, cell phone handset id (IMEI), and so on - it's all the same. The restrictions against this are policy based, not technically based, and can change at any time. Additionally, audits are cursory, incomplete, and easily fooled by fake justifications. For at least GCHQ, the number of audited queries is only 5% of those performed."
I understand "direct access" to be the conflation of 2 different things: the first is the FISA-stamped requests to private companies for their records, and the second is the intercepts of data transmitted over the internet or phone networks by being listening in on the wires/radio-waves themselves (raw SIGINT). This seems overly schematic, however, and I would welcome corrections.
I loved this line. A lot of people don't seem to understand that our constitution explicitly denotes between rights provided to citizens and rights provided to "persons." Most of the constitution and the bill of rights is worded to apply to persons, not necessarily US citizens.
We hold these truths to be self-evident, that all men are created equal, that they
are endowed by their Creator with certain unalienable Rights, that among these are
Life, Liberty and the pursuit of Happiness.
EDIT: I quote it because it too makes a universal claim
Obama, The NSA and the usual internet suspects: Google, Yahoo, Facebook are getting their asses kicked. This man is the Thomas Paine of our day: "Give me liberty or give me death."
The theatrics around this entire story make me question his true intentions. His answers today are anything but straightforward, and the majority of them don't actually deal with information he leaked, but rather his opinions on surveillance, politics, and thinly veiled threats to the government. If his intentions are truly to change the state of NSA's surveillance, then given his position, he should be publicizing raw information (such as PowerPoints, documents, and actual events).
What does leaking details slowly have to do with delusions of grandeur or arrogance? It seems like he is not operating as you would operate, so you are slinging unrelated insults.
I think that a slow controlled leak that keeps the story in the media is more likely to cause positive change, as I expect he does. Does this make me arrogant as well?
"Being called a traitor by Dick Cheney is the highest honor you can give an American, and the more panicked talk we hear from people like him, Feinstein, and King, the better off we all are. If they had taught a class on how to be the kind of citizen Dick Cheney worries about, I would have finished high school"
I find that a very perplexing notion (I'm not American)
How bad would things have to get before it wasn't worth dying for?
Do you find it scary that the citizens of any country your country is at war with think the same way?
Personally, I have no interest in dying for any country. If my country were doing something that required me dying, then I'm leaving for a country that doesn't require my death.
The point is that America's founding ideals are very much worth dying for. "How bad it gets" is totally irrelevant in this context, since the "it" refers to specific conditions, whereas the ideal remains separate, over and above them.
The thing to understand is that "country" in this context, means the embodiment of an ideal, and not just a particular piece of territory, or a group of people inhabiting it.
If you don't feel that there are any ideals worth dying for, then all of this will be much harder to understand.
> Why die for them when I can just go somewhere else that already has them?
Because this totally ignores the reality that this other place didn't appear out of thin air. It has people there that care about these ideals, and most likely some that would be willing to die for them.
In some respect, not attempting to change your country to be what you consider a better place and just migrating to a different location is leeching off the world, and those that work hard to make it what they consider a better place. We all do it to a lesser or greater degree, but to just throw your hands up and give up on your current circumstances entirely in favor of a move is beneficial to no one but yourself and those you disagree with.
This is as true for neighborhoods as it is for countries.
"Because this totally ignores the reality that this other place didn't appear out of thin air. It has people there that care about these ideals, and most likely some that would be willing to die for them. In some respect, not attempting to change your country to be what you consider a better place and just migrating to a different location is leeching off the world, and those that work hard to make it what they consider a better place."
> Because this totally ignores the reality that this other place didn't appear out of thin air. It has people there that care about these ideals, and most likely some that would be willing to die for them......In some respect, not attempting to change your country to be what you consider a better place and just migrating to a different location is leeching off the world, and those that work hard to make it what they consider a better place...... This is as true for neighborhoods as it is for countries.
I agree that we need to work hard to make a place (country/neighborhood/whatever) better. I personally protest, picket, vote, write to and call my representative, etc. etc.
If it gets to the point I need to die to make something better, it's not worth it.
"If it gets to the point I need to die to make something better, it's not worth it."
You know what? That's fine. In reality, most people feel the exact same way. But here's the other reality: without people who felt otherwise, there wouldn't be better places for you to go in the first place.
So when you encounter the kinds of people who realize that someone needs to make the ultimate sacrifice, and look to themselves, instead of looking around for others, the least you can do is to treat them with gratitude and respect instead of disparaging the very ideals that prompted the extrordinary sacrifice from which you (and millions of others) so clearly benefit.
"It's amazing more American's don't realize they are the fundamentalists they are told to be afraid of."
Sorry, but no. Fundamentalism is the belief that only the literal interpretation of a religious text is the correct and acceptable one, that only ordained religious authorities are capable of understanding these texts (others must simply obey), and that those who don't share this view are enemies who must be subjugated or killed.
This position is diametrically opposed to the notion of inalienable rights to life, liberty and the pursuit happiness in legal equality with one's fellow citizens - regardless of their religious beliefs. Indeed, there has been no greater check on fundamentalism that the legal, cultural, and intellectual tradition that America's founding ideals encapsulate.
1. The religious text is the constitution itself, the ordained religious authorities are "Real Americans" (whatever that means). Lots of people throw out accusations of unconstitutional acts without any basis but their interpretation of the text - that's fundamentalism.
2. Case in point: the constitution made no distinction of US citizens being created equal. All persons are created equal.
3. If there is no greater check on fundamentalism than the constitution, why is the US home to the largest population of Christan fundamentalists?
> Why die for them when I can just go somewhere else that already has them?
Go where? You can't magically arrive somewhere and become a citizen of that place under their protection and rules of law. Also, what if the place that you go to has fewer liberties than the US?
I can't tell if you're being purposefully difficult or are unable to grasp the concept of dying to protect freedoms.
People have different opinions, formed through each individual's upbringing and environment. I, for instance, cannot and will not place one person above another based on where they're from. So, your ideal isn't my ideal. I will also not die for some else's ideal, especially if that ideal is portrayed as applying to one country and not another[1]. That position got stronger when my son was born. I would die for him. And I will move to another country to protect him, if that's required, in a heartbeat and without a second thought. We're all citizens of a tiny little backwater rock in a huge universe. It would be awesome if we could treat ourselves as equal citizens of the world.
Nationalism is like, so five minutes ago. Patriotism has a place in international sporting events only.
[1] Ref. the way the US treats foreigners and other (even allied) countries.
I'm in the same position. I have children, and can't imagine putting my life on the line for an ideal, because I don't believe it's my life to give.
My point was more towards the fact that my ability to make a choice on location to live to match my ideals is directly related to others who make those places a reality, and I'm acutely aware of that. I recognize other that work hard and may make the ultimate sacrifice to make the world a better place so I don't have to. That's the least I can do.
> You can't magically arrive somewhere and become a citizen of that place under their protection and rules of law.
Correct. So I have to work hard, and spend years on paperwork to be legally allowed to immigrate into some other country. I was born in country A, which I love. I moved to country B because I wanted to, and have spent 5 years on paperwork becoming a legal resident, and in about 2 more years I will be a citizen of country B and retain A. Also, because of my father's citizenship, I am now a citizen of country C, which happens to be an EU Member country, so I can live and work anywhere there too. At this point in my life, I think I'll eventually float back to country A, because I love it there.
I'm confident that if I worked hard, I could become a citizen of any country in the world I would want to live in (my personal list)
>What if the place that you go to has fewer liberties than the US?
The lesson of suicide terrorists seems to be that dying certainly doesn't win a fight, but it provokes behavioural changes in your foe. Changes lead to mistakes.
In that sense, dying works - if the target is so fragile it will self-destruct. The USA in total isn't fragile - but the aspects of the USA people loved (liberty, freedom from unfair search & seizure, freedom from torture, large but power-limited government) seems to have been very fragile.
you win a war by imposing your will onto your foe and make. him give up. needed bodies of peasants before, then you nuked them. turned out to be too much, back to peasants.
or why do you think has the army (as in infantry) lowered their IQ standards (measuring IQ was developed for the prussian army)? why are poor people massively overrepresented in the armed forces? rich people join too, sure, they call it air force and officer corps. peasants for the meat grinder, best keep them far from home lest they turn on their masters.
Poor people are overrepresented because lots of people see joining the army as a last resort. The armed forces also offer things like money towards university (in the US at least).
and look how well of tunisia is off now. or what jan palach achieved. or thich qang duc. well, you might make it onto the cover of a ratm album or into a world press foto award series, sure.
Actually that would be a good question to ask him.
Him intimately knowing about how NSA does stuff, what would be his suggestion of ensuring anonymity. What steps should one take, what tools should one use, etc. His answers on this would be very telling. Someone please ask him that!
My question: How secure is I2P and why did you choose Tor over it?
If not Tor or I2P, what steps would you have taken?
What other measures can you publicly reveal you are using/have used in the process of securing yourself?
How do you recommend those technologically able protect themselves, along with the general public?
Because if it was found out that it wasn't, the Guardian would be finished. Faking this would be a scandal on a level with journalists "phone tapping". Literally, the news paper would be shut down. Not by some judge or government evil, it would become a laughing stock and its readers would abandon it.
"If yes the the former, why can't The Guardian do an all-out dump instead of piecemealing it?"
You publish a small amount. Let the accused say what they want to say. As they have done, they seek to minimize everything and covering their backs. Then you hit them with more, hopefully the next set of information will contradict what they have already said. Potentially they get caught lying "directly" in public.
So, simply: (Leak 1)I saw you at the pub. You deny it. (Leak 2)I offer the evidence of a witness. You claim the witness is wrong. (Leak 3)I produce CCTV footage. I prove my case (assuming in this example we accept the CCTV as "fact"), and you lied twice instead of telling the truth at the first opportunity. You are then well and truly fecked.
Because the point whether or not you believe they care about the content, or are cynical and assume it is just about their traffic, is to get maximum mileage out of it. And the way to do that is to drag it out.
If they dumped everything at once, a lot of it would get drowned out by a small number of the most interesting revelations.
They are doing us a huge favor by dripping the content. This forces other media outlets to continue the coverage of the (relatively un-sexy) topic.
We were complaining for ages that nobody covers and addresses privacy related issues. Thanks to Greenwald's and Sowden's media strategy it finally becomes frontpage news. Plus, with a little bit of luck we see the US government getting a few more times caught lying to the public in very clear terms.
In my opinion this is going to be a case study on how to masterfully orchestrate a press campaign. Just look at this week, Sunday: Release of the G20 spying story, Monday: Live Q&A, Tuesday: Most likely discussion of something he revealed in the Q&A, etc. Wouldn't be surprised if they had scheduled out a few weeks ahead. I'm sure there is at least a prime-time TV interview with Snowden still to come.
I think it might also be a case study in journalistic ethics classes in the future about how much a news organization should "push" a story or topic. The Guardian clearly has a point of view they want to push on this story (which isn't inherently bad) and I think some will argue that this distorts or distracts from the underlying story.
You can dump everything and then spend the next 6 months going through it with a fine-toothed comb and writing articles daily. Is the public really better served by waiting months to hear everything?
Yes, it gives Greenwald and Snowden the ability to exercise at least a little control of the story at the expense of Washington. So far I'm unimpressed by how revelations have played out under scrutiny but I hope they have something that allows them to just wait for the US government to back itself into a corner before they release hopefully more detailed and informative documents and primary sources.
Maybe they have one really big scoop that must be released at the right time and the rest of their hand is just bad PRISM powerpoints and warrants. Yay speculation
Other journalists would try to beat The Guardian to the scoop, with the same result. Everyone would be talking about it for two weeks, then we'd forget.
By controlling the flow, they can make sure that each important revelation is allowed some time in the spotlight. The issues gets a lot more attention that way.
You people are un-fucking-believable. You are literally lauding -- no, contorting yourselves to defend -- the hoarding of information you consider vital to the public good, and the slow, drawn out manipulation of the public's attention for private gain. This is, at a high level, directly analogous to whatever evil you think the NSA is committing.
And the dumbest of all ironies, which I'm sure is lost on all of you, is that you are employing utilitarian ethics to defend it. That is exactly how a spy program is considered ethical.
God. The humanities really are dead if this kind of clueless doublethinking represents the future thought leadership of our world.
No, I think the unbelievable people are supporting the gradual release as they feel it maximises the impact of the revelations, for the public good. What with news cycles and short attention spans and everything.
You seem to disagree, but don't make any convincing arguments that dumping all the information immediately is better for the public good. Probably because it's a very hard task.
I'm not saying whether it should or shouldn't be released. IMO there is no "there" to this story anyway, as will be revealed when/if these mysterious documents arrive. My critique is of the naked speculation run rampant on HN, and the post hoc rationalizations for believing wholeheartedly claims which are, at best, dubious and in any case unsubstantiated.
The story doesn't even pass the simplest of tests for self-consistency. An NSA contractor claims that the government is listening to all digital communications, but is somehow able to transfer classified files, taken from the NSA, to a journalist in the UK. If we believe the first part, how could the second part happen? If the agency had such a capability, I would assume that a call between low-level NSA employees and journalists (foreign ones especially) would trigger all sorts of alarms.
I disagree, there have been significant leaks - confirmation of the NSA collecting every phone record in the US on a daily basis, confirmation that the DNI lies to his oversight committee, confirmation that the NSA has collected almost 3 billion records on the US in march 2013, allegations that the NSA is attempting to collect all internet traffic, both outside and inside its borders, in the broadest possible sweeps. If it was such a non-story, I don't think Obama would have done a press conference about it, would he? That's a lot of 'there' for a non-story if you ask me, and sounds like the NSA has significantly expanded its mandate without proper authorisation or oversight.
An NSA contractor claims that the government is listening to all digital communications, but is somehow able to transfer classified files, taken from the NSA, to a journalist in the UK. If we believe the first part, how could the second part happen?
Just because lots of data is collected, that doesn't mean they can find what they want from it, except in retrospect, so I'm not sure where the contradiction lies there for you - I think his communications with Greenwald were encrypted (according to the film-maker he contacted first) after first contact.
Also, I don't remember him saying specifically that they are listening to all digital communications, just that they can if they want to listen in to any communications, did he allege that somewhere?
Huh? He didn't assert that the NSA has omniscience and the ability to instantly target, decrypt and analyze every piece of digital communication in the world. What he's talking about is the broad collection and storage of this data that can then be retroactively mined, possibly decrypted (for cases where encryption is even used) and analyzed when the sender and/or recipient becomes "interesting" to them.
Do you think he used his work phone to call Glenn Greenwald's personal phone or something? I think it can be rationally assumed that he used the best anonymizing techniques and encryption he's aware of to transmit the information.
Why do you care unless he's making statements which depend on his authoritative experience, as Snowden is doing?
The real question is why Snowden needs a secure internet connection, seeing as how everyone knows (1) who he is (2) where he is and (3) it's a public Q&A so the idea is for everyone to hear what he says.
Were he really concerned about tampering, the more important issue would be distributing an authenticated public key to prove his responses weren't being quickly edited in flight. Which popping on and offline...doesn't really assure anyone about.
I don't know, maybe because an anonymous user is casting dispersions on the authenticity of someone who has very much put themselves forward as a real identity?
So because we "know" Snowden leaked the documents we should automatically "know" that he's the one responding? There's no web of trust or verification that we know of; we're taking the Guardian at its word. How do we know its not just some intern who has a list of answers given to probable questions?
Wow, that's not at all what I said. I like how you're deliberately taking things out of context.
We, the public, have no way of knowing if indeed its Snowden answering. It could be any number of persons, we just know that The Guardian says it's Snowden (probably). I'm all for calling the USG out on this matter, but I'd like if we could get some public verification of who is answering.
Many papers publish reports on things where the sources are not even named; indeed, the protection of anonymous sources is one of the tenets of journalism.
Requiring not only a named source, but a way of verifying that statements / correspondence were provably from that source, seems an impossibly high standard to meet (eg., he could sign each comment with a PGP key. But then, "How do we know it's his PGP key?". Etcetera etcetera, ad infinitum)
> Many papers publish reports on things where the sources are not even named; indeed, the protection of anonymous sources is one of the tenets of journalism.
Except this isn't the WSJ reporting on a new iPhone "rumor", this is a very public release of important information. He's already outed himself, so this isn't about protection of anonymity.
It really isn't hard for the Guardian and Snowden to setup a CoT including PGP. They can verify it using a key pair they have ultimate trust in and then include that verification in their posts. It isn't asking a whole lot for them to say why or how they have trust in the responses they're getting. I trust the Guardian, what I don't trust is whether or not we're actually getting answers from Snowden that aren't being manipulated en route or otherwise not "live" and intact.
Something more than "oh, yeah, that's him". I'm well aware its hard to be 100% certain, but surely they can offer something beyond "because we said it is".
I mean, pretty much every photo and video I've seen of the guy comes from the guardian - they could easily just be of a Guardian intern. So a photo of him holding a sign is out. A GPG key which is reputedly his is of extremely questionable provenance so a signature from that would be meaningless. He could leak some new top secret data to establish that he has access to it - but we know guardian journalists have had access to such data already and surely they have some stuff on file for future reports.
And this has to do with this comment thread how? When President Obama makes a statement, we know he's the one making it. It's publicly televised, he's the one saying it and we have very little reason to doubt that he is indeed saying the thing. This thread makes no claims about whether the things the person is saying are true, it's about whether we can verify who is making the claims.
But, by all means, continue to ignore what I'm talking about and interject your own sputum.
I don't understand why people here are getting all hung up over the words "direct access" when it comes to Google and Facebook. At the end of the day, if they have access to email and phone records, especially SMS, then they essentially have direct access to any one of these services via the password reset feature, even if you have two factor authentication turned on.
"NSA employees must declare their foreign travel 30 days in advance and are monitored."
So how was he allowed on the plane? Surely part of the passport/no-fly-list check would have caught that. Or did he drive to Mexico and fly from there?
It's an employer policy, and it has nothing to do with the passport or no-fly-list. In normal circumstances, flying without declaring his travel would put his clearance in jeopardy and he'd have federal marshals waiting for him upon his return. Similarly, he'd have security officers checking up on him at home if he failed to show up at work on time (and failed to answer the check up call).
If he failed to show up for work, officers would be sent out of concern for his wellbeing.
The whole point of banning him from leaving the country is to try to prevent him "defecting". Waiting for him to come back is pointless. He's already not allowed "to defect" - so not allowing him to leave the country is stupid if no one is going to enforce it.
Finally, when your employer is the NSA, I figure they'd have different/special rules. Do any non-governmental jobs forbid flying due to "policy"?
> If he failed to show up for work, officers would be sent out of concern for his wellbeing.
Right, but it's dishonest to pretend that's the only motivation.
> The whole point of banning him from leaving the country is to try to prevent him "defecting". Waiting for him to come back is pointless. He's already not allowed "to defect" - so not allowing him to leave the country is stupid if no one is going to enforce it.
Preventing defection takes a lot of different tacks (social pressure, education, threat of prosecution, etc.).
There can be corporate policies that forbid two or more key employees from flying on the same plane for fear of losing irreplaceable knowledge & skills if it crashes.
Snowden says that NSA employees (and presumably, NSA subcontractors) are expected to file notices of intent to travel 30 days prior to departure, and notes that they will be tracked while they're away. He also says he took a huge risk by traveling without notice. It sounds like he discovered a (soon to be closed) loophole in that people subject to this rule aren't placed on a no-fly list by default.
I wonder if one official response will be to change that rule, so that the 30 days advance notice becomes "hand your passprot to your employer, and don't expect to get it back without making a request at least 30 days in advance."
I would think the impetus is on not clearing "bad apples" in the first place and getting physical security improved (he walked off with a USB pen drive). After all, you can still trivially leak from inside the US - also, it's not like you can keep NSA employees from ever taking trips abroad, and if you have measure in place that can find people who are about to leak stuff when they put in their 30 days foreign holiday request, the much simpler solution is to just run that measure all the time.
people subject to this rule aren't placed on a no-fly list by default
My understanding is that it's nearly impossible to get a name removed from a no-fly list. It seems like a very imprecise tool for this sort of problem.
That's true of the list in its current form because the security agencies have (or had) zero interest in making it otherwise and because they're largely insulated from public pressure.
However, having realized that this inflexibility means it can't be used to effectively govern the travel of people with security clearances, there's a very good chance that the system that was perviously impervious to change will suddenly become very flexible - at least so far as development benefits the security agencies.
Because he is not an NSA employee. I don't think he ever was. In fact I'm confident he never was. A govie contractor is not even in the same hemisphere as a government employee.
His answer to the question "What direct access means":
1) More detail on how direct NSA's accesses are is coming, but in general, the reality is this: if an NSA, FBI, CIA, DIA, etc analyst has access to query raw SIGINT databases, they can enter and get results for anything they want. Phone number, email, user id, cell phone handset id (IMEI), and so on - it's all the same. The restrictions against this are policy based, not technically based, and can change at any time. Additionally, audits are cursory, incomplete, and easily fooled by fake justifications. For at least GCHQ, the number of audited queries is only 5% of those performed.
For me, this was a really unsatisfying answer. Maybe the question should have been more specific, but I took it to relate to the PRISM programme and the specific technology that provided direct access to data at the companies involved. His reply seemed to focus on the policies (or lack thereof), with an example relating to call logs (which I already assumed would be provided by some (S)FTP feed from the carriers and bulk loaded into a database anyway).
Maybe he doesn't know how every server is configured. Why would he be expected to?
If one data feed uses a fiber tap and another uses a daily sftp transfer, does it really matter if some/most/all of Americans' communications is ending up in a database to be queried by analysts today and god-knows-who 30 years from now?
Doubtful, but certainly a curious thought. I'm skeptical that actively censoring the media via "hacking" (because DDoS is classified as hacking to them) will bode well for their situation. Still, they could blame it on citizen traffic.
While some say "government intelligence" is a contradiction in terms, I presume the intelligence agencies we've got are savvy enough to know about the Streisand Effect.
When asked for a flat-out answer whether he gave classified information to the Chinese government:
"No. I have had no contact with the Chinese government. Just like with the Guardian and the Washington Post, I only work with journalists."
Perhaps he should rephrase that as "no direct contact." Apparently, by handing over classified information to journalists, he believes he's absolved of any responsibility where it eventually winds up, whether on the desk of Chinese officials, or in the morning paper.
Using the word "direct" again like that would probably not have the effect of improving the general quality of discussion. It would be a pretty "troll" move at this point.
> It would be a pretty "troll" move at this point. Maybe he should have said, "Not wittingly."
He wittingly gave Greenwald classified documents to make public, so "not wittingly" is not true. Via Greenwald, he gave classified information to the Chinese government (and everybody else).
I'm just saying, he should be transparent and honest about the implications of his actions. When he hands classified information over to journalists, he loses all control of that information. It could be made public, it could be handed over to government officials, it's impossible to say.
He says he's sitting on a lot more information that he plans to release, and everybody here seems very comfortable with that idea. We're being extremely trusting to hand this man the sole authority to decide what information is leaked to journalists and what remains classified.
At the least, we should get the sense that he's being fully transparent and intellectually honest about his actions and their ramifications.
I imagine the types of question he'll get asked are fairly predictable. Potentially he could have done extensive mock-interviews already and somebody will just post his answers online in response to any matching questions. That way he could avoid being traced.
I have a question that no one i think has asked. Do you think Facebook's "search" capability was born out of their work with the government? When it first came out everyone was talking about how this could be used to violate privacy.
I'd like to know if geolocation data is collected as part of the "meta data" in any of these sigint databases. Rep. Jason Chaffetz asked at the FBI hearing about the implications in light of US v. Jones.
The Guardian approach to this thing is infuriating. There's little useful information from it. eg this question and answer
Question: Is encrypting my email any good at defeating the NSA survelielance? Id my data protected by standard encryption? Answer: Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.
Pfft. What size RSA keys are unbroken (2 048, 4 096, 8 192)? Is there a backdoor in the ECC NIST P256 (or similar) curve? How many TOR exit nodes does the US government manage and how good are they at in/out correlation?
He may view that as beyond the scope of what he's comfortable releasing, if he knows it. Remember, he's not supposed to be bashing the NSA and releasing all secrets, but specifically blowing the top off what he believes is an illegal program. Releasing unrelated secrets from the NSA would probably have a negative effect on that.
"2) How many sets of the documents you disclosed did you make, and how many different people have them? If anything happens to you, do they still exist?"
Answer - 2) "All I can say right now is the US Government is not going to be able to cover this up by jailing or murdering me. Truth is coming, and it cannot be stopped."
That last sentence must have Obama quaking. I wonder just how much more can/will come? And if/when it does - I wonder just how bad it will be?
I just hope that documents are leaked in response to any outright lies by the executive branch, congress or the NSA. It's clear that they have lied and continue to lie, but we don't know what is and is not a lie. Having a bunch of documents lined up to call anyone out for lying to the American people is a powerful incentive for those in charge to be honest and candid.
Reminds me of War Games... "The only winning move is not to play"
It takes courage to make such an assertion. The NSA spying route is fundamentally based on cowardice.