From a Foreign Policy article [1]:

"When he ran INSCOM and was horning in on the NSA's turf, Alexander was fond of building charts that showed how a suspected terrorist was connected to a much broader network of people via his communications or the contacts in his phone or email account.

"He had all these diagrams showing how this guy was connected to that guy and to that guy," says a former NSA official who heard Alexander give briefings on the floor of the Information Dominance Center. "Some of my colleagues and I were skeptical. Later, we had a chance to review the information. It turns out that all [that] those guys were connected to were pizza shops."

A retired military officer who worked with Alexander also describes a "massive network chart" that was purportedly about al Qaeda and its connections in Afghanistan. Upon closer examination, the retired officer says, "We found there was no data behind the links. No verifiable sources. We later found out that a quarter of the guys named on the chart had already been killed in Afghanistan."

Those network charts have become more massive now that Alexander is running the NSA."

[1] http://www.foreignpolicy.com/articles/2013/09/08/the_cowboy_...

This whole thing is just totally un-American, at least from first principles. It looks like the "intelligence community" has forgotten those same first principles.

And there we plunge off the cliff into another un-American idea: the government can allow petitions for redress of being put on a "No Fly" or "Search Real Good" list, but it can't act on them: both method of determining reason, and the evidence of reason for being on the list don't hold up to reason. The government might allow petition for redress, but it can't effectively redress that greivance. Completely un-American.

With Internet spying, nothing changes -- we just now know what we sort of assumed. It's really easy to just move on with your day.

The question is, What does it take to make policymakers take action?

    Analysts were warned to follow existing “minimization rules,”
    which prohibit the N.S.A. from sharing with other agencies names
    and other details of Americans whose communications are collected,
    unless they are necessary to understand foreign intelligence
    reports _or there is evidence of a crime_.

*And yeah, I do try to keep in perspective life as an American is pretty good. But "we're not as bad as those guys" or "we're currently using our extraordinary powers pretty responsibly" are dangerous excuses to have when expanding power...

The truth is that it actually seems to just be a clusterfuck of many people interacting, each pursuing their own (usually ambivalent to good) intentions, and that no one really is running the show.

Which in many ways, is more terrifying: if someone is in charge, then all we have to do is change who is in charge to fix the problem; but if the problem is that even with good intentions, there are problems with scale and complexity that mangle them in to monstrosities like this... what can we do about it?

You can always behead a bad king, but what do you do about human nature and the problems of scale?

A return to city-states, for instance, would deal with the problem of global super powers that can spy on huge swathes of the population, because it would require many independent groups who all have their own self-interests to collaborate in a way that lessens their individual power.

To some degree, the kind of spying we see now is only possible because the balance between the federal government and the states swung in favor of the federal government - something the citizens can influence directly (if they opt to do so).

We're not a very rational species yet.

1) Banks: a. don't use any of the banks that are primary dealers b. use cash whenever possible c. save then spend rather than taking out loans d. don't buy shit you don't need e. don't put more than $250K in any one bank

2) Food & groceries: a. buy stuff on sale b. alternate between big stores to promote competition c. shop at less popular stores for lower prices d. don't buy more than you need and throw it away e. save leftovers f. be flexible on brands g. don't buy shit you don't need at all h. if they jack up the price on something, substitute i. watch for quantity vs price tricks j. buy from the value menu k. shop at several stores, buy what is cheap at each

3. Gadgets and gimmicks a. don't buy shit you don't need b. cancel your cable; watch HDTV over the air c. cancel your land line d. use cheap phones instead of smart phones e. use cheap prepaid phones from the dollar store: $15/mo f. don't buy Internet "higher speed" packages g. get on someone's cell family plan h. buy the cheapest plan, not the "best"

4. Big stuff a. don't buy a new car just because rates are low b. or a house c. verify your home tax assessment every time d. protest every assessment that isn't justified e. payoff your loan as soon as possible f. don't keep a (big) loan just to keep the exemption g. buy only what you need h. buy only what you can afford i. use rubbers j. is college still worth it, really? learn a trade

5. Eating out a. it's a treat, not a lifestyle b. order water to drink c. order lunch portions d. order less food: most Americans overeat e. save leftovers f. find cheap restaurants with good food g. split large orders h. tip 20%+ with your savings: you'll feel better

6. Don't recycle: reuse a. first, don't buy shit you don't need b. sell old stuff on eBay or craigslist, even if $5 c. force yourself to sell old stuff = buy less new junk d. donate anything reusable rather than tossing it e. take care of your shit so you don't have to buy more

IMO, we will never "fix" our governments. They are screwed up at the local, state, and federal level, because they are not spending their own money: they are spending ours. The only thing we can do is starve them until they can't afford to do all the crazy shit they are doing today.

But what if it doesn't end that way, and things are much worse 50 years from now?

Think of 9/11 like a severe blow to the head. It just so happens that some of us (Feinstein, Alexander) have taken longer to come out of the security-daze. And they may never. But they will eventually be out of office, let us hope sooner rather than later.

Personally, I don't believe that any policy is irreversible, unchangeable. Life is change. People change.

I believe that is totally possible though. Surveillance used to be limited by manpower, and look how well it worked. Before today, the amount of information the NSA's computers were sifting was only conceivable as the omniscience of God.

If he wanted to.

I live in a country generally assumed to be a dictatorship. One of the Arab spring countries. I have lived through curfews and have seen the outcomes of the sort of surveillance now being revealed in the US. People here talking about curfews aren't realizing what that actually FEELS like. It isn't about having to go inside, and the practicality of that. It's about creating the feeling that everyone, everything is watching. A few points:

1) the purpose of this surveillance from the governments point of view is to control enemies of the state. Not terrorists. People who are coalescing around ideas that would destabilize the status quo. These could be religious ideas. These could be groups like anon who are too good with tech for the governments liking. It makes it very easy to know who these people are. It also makes it very simple to control these people.

Lets say you are a college student and you get in with some people who want to stop farming practices that hurt animals. So you make a plan and go to protest these practices. You get there, and wow, the protest is huge. You never expected this, you were just goofing off. Well now everyone who was there is suspect. Even though you technically had the right to protest, you're now considered a dangerous person.

With this tech in place, the government doesn't have to put you in jail. They can do something more sinister. They can just email you a sexy picture you took with a girlfriend. Or they can email you a note saying that they can prove your dad is cheating on his taxes. Or they can threaten to get your dad fired. All you have to do, the email says, is help them catch your friends in the group. You have to report back every week, or you dad might lose his job. So you do. You turn in your friends and even though they try to keep meetings off grid, you're reporting on them to protect your dad.

2) Let's say number one goes on. The country is a weird place now. Really weird. Pretty soon, a movement springs up like occupy, except its bigger this time. People are really serious, and they are saying they want a government without this power. I guess people are realizing that it is a serious deal. You see on the news that tear gas was fired. Your friend calls you, frantic. They're shooting people. Oh my god. you never signed up for this. You say, fuck it. My dad might lose his job but I won't be responsible for anyone dying. That's going too far. You refuse to report anymore. You just stop going to meetings. You stay at home, and try not to watch the news. Three days later, police come to your door and arrest you. They confiscate your computer and phones, and they beat you up a bit. No one can help you so they all just sit quietly. They know if they say anything they're next. This happened in the country I live in. It is not a joke.

3) Its hard to say how long you were in there. What you saw was horrible. Most of the time, you only heard screams. People begging to be killed. Noises you've never heard before. You, you were lucky. You got kicked every day when they threw your moldy food at you, but no one shocked you. No one used sexual violence on you, at least that you remember. There were some times they gave you pills, and you can't say for sure what happened then. To be honest, sometimes the pills were the best part of your day, because at least then you didn't feel anything. You have scars on you from the way you were treated. You learn in prison that torture is now common. But everyone who uploads videos or pictures of this torture is labeled a leaker. Its considered a threat to national security. Pretty soon, a cut you got on your leg is looking really bad. You think it's infected. There were no doctors in prison, and it was so overcrowded, who knows what got in the cut. You go to the doctor, but he refuses to see you. He knows if he does the government can see the records that he treated you. Even you calling his office prompts a visit from the local police.

You decide to go home and see your parents. Maybe they can help. This leg is getting really bad. You get to their house. They aren't home. You can't reach them no matter how hard you try. A neighbor pulls you aside, and he quickly tells you they were arrested three weeks ago and haven't been seen since. You vaguely remember mentioning to them on the phone you were going to that protest. Even your little brother isn't there.

4) Is this even really happening? You look at the news. Sports scores. Celebrity news. It's like nothing is wrong. What the hell is going on? A stranger smirks at you reading the paper. You lose it. You shout at him "fuck you dude what are you laughing at can't you see I've got a fucking wound on my leg?"

"Sorry," he says. "I just didn't know anyone read the news anymore." There haven't been any real journalists for months. They're all in jail.

Everyone walking around is scared. They can't talk to anyone else because they don't know who is reporting for the government. Hell, at one time YOU were reporting for the government. Maybe they just want their kid to get through school. Maybe they want to keep their job. Maybe they're sick and want to be able to visit the doctor. It's always a simple reason. Good people always do bad things for simple reasons.

You want to protest. You want your family back. You need help for your leg. This is way beyond anything you ever wanted. It started because you just wanted to see fair treatment in farms. Now you're basically considered a terrorist, and everyone around you might be reporting on you. You definitely can't use a phone or email. You can't get a job. You can't even trust people face to face anymore. On every corner, there are people with guns. They are as scared as you are. They just don't want to lose their jobs. They don't want to be labeled as traitors.

This all happened in the country where I live.

You want to know why revolutions happen? Because little by little by little things get worse and worse. But this thing that is happening now is big. This is the key ingredient. This allows them to know everything they need to know to accomplish the above. The fact that they are doing it is proof that they are the sort of people who might use it in the way I described. In the country I live in, they also claimed it was for the safety of the people. Same in Soviet Russia. Same in East Germany. In fact, that is always the excuse that is used to surveil everyone. But it has never ONCE proven to be the reality.

Maybe Obama won't do it. Maybe the next guy won't, or the one after him. Maybe this story isn't about you. Maybe it happens 10 or 20 years from now, when a big war is happening, or after another big attack. Maybe it's about your daughter or your son. We just don't know yet. But what we do know is that right now, in this moment we have a choice. Are we okay with this, or not? Do we want this power to exist, or not?

You know for me, the reason I'm upset is that I grew up in school saying the pledge of allegiance. I was taught that the United States meant "liberty and justice for all." You get older, you learn that in this country we define that phrase based on the constitution. That's what tells us what liberty is and what justice is. Well, the government just violated that ideal. So if they aren't standing for liberty and justice anymore, what are they standing for? Safety?

Ask yourself a question. In the story I told above, does anyone sound safe?

I didn't make anything up. These things happened to people I know. We used to think it couldn't happen in America. But guess what? It's starting to happen.

I actually get really upset when people say "I don't have anything to hide. Let them read everything." People saying that have no idea what they are bringing down on their own heads. They are naive, and we need to listen to people in other countries who are clearly telling us that this is a horrible horrible sign and it is time to stand up and say no.

-http://www.reddit.com/r/changemyview/comments/1fv4r6/i_belie...

If you found this post inspiring, please consider signing up for the mass rally on Washington DC in October to protest these surveillance programs: http://rally.stopwatching.us

TODAY: Uploaded a YouTube video with copyrighted song in the background? Video censored. Sent money to a friend on Paypal? Account limited. K-Mart figures out girl is pregnant before her dad knows, based on her shopping. Exceeded speed limit between toolbooths? Instant fine.

TOMORROW: Left a parking lot without entering restaurant? Instant towing. Exceeded parking meter by 2 minutes? Instant fine. Exceeded speed limit for 10 seconds on the road? Instant fine. Surfing websites correlated to high incidence of child abuse? Children taken away. Need to be arrested? "parallel construction" will resultin "random" traffic stop and arrest. Facebook, Google, all these companies want your data, not just governments. Credit score and insurance premiums calculated based on your fb friends etc.

Truth is, the information is out there, and the cameras are going to be smaller and more prevalent. So now what? We have to focus on making our GOVERNMENTS more transparent. Presumably our privacy will shrink as cameras will be more available.

Terrorism is a problem of technology. And this leads to the "solution" of increased surveillance - which may prove to be worse than the problem.

^ This one is already a reality, there are digital meters in place in many cities that do just this.

https://www.google.com/search?q=parking+meter+automatic+fine

FWIW, that is exactly what the FBI has been doing with the No Fly List. They put known innocents on the list mid-trip so that they can't go home. Then they offer to take them off the list if they will inform on their friends and relatives.

Want to bet that the FBI chose to target these innocent people because of social-graph data exactly like this article talks about?

The ACLU has been fighting and they just released an update on the situation yesterday.

https://www.aclu.org/blog/national-security/no-fly-list-wher...

Yeah, they scan and read everything they physically can. So that's metadata and the data themselves.

They hack into SSL authorities, they try to read SSL traffic as much as possible, they try to get into Tor (and with such a little number of Tor relays, they very well may own it already).

I stopped caring, since I am not even a US citizen and can't change it with my votes anyway. Yeah, if they can get to some data, because the data is in plaintext sitting somewhere, they probably already did.

You can vote with:

a) Your data (usage of the various products and services)

b) Your money (purchase of the various products and services)

All nations spy on other nations to the degree they can afford to do so. The US can afford to do a lot of spying, so it does.

It has nothing to do with people's race, and everything to do with their nationality.

This is, IMO, one of the things that governments are having real problems dealing with.

Note that it does not say "citizen".

"The legal underpinning of the policy change, she said, was a 1979 Supreme Court ruling that Americans could have no expectation of privacy about what numbers they had called. Based on that ruling, the Justice Department and the Pentagon decided that it was permissible to create contact chains using Americans’ “metadata,” which includes the timing, location and other details of calls and e-mails, but not their content. The agency is not required to seek warrants for the analyses from the Foreign Intelligence Surveillance Court."

So, as long as that 1979 Supreme Court ruling is not modified, this collection is legal. I'm a bit surprised it's the NSA and not the FBI, but if you're going to track the intersection of foreigners or U.S. citizens, one agency has to be picked over the other, and they picked the NSA.

I know that we all thought that he would live forever, so news of his parting has been greeted universally with shock and with sorrow in equal measure.

For we who remain, we need to learn afresh how to survive in a world that - without our late companion - is changed beyond recognition; to adapt, and to survive without his comfort and protection.

Survive, of course, we will; and adapt to our loss also. We cannot have any doubt though - we are weaker and more vulnerable as a result of our friend's untimely demise.

You can track down a lot of people by simply lifting some statistically improbable phrases from what they write on comment boards or forums and then searching for those strings on services like Facebook. It's quite easy to find most people based on what they choose to share publicly.

Nowhere in their story do the reporters allege that the NSA has been bulk-downloading private Twitter, Facebook, Google+, etc. information with the cooperation of those companies. (In fact, I would be very surprised if that were the case, as it goes against what my own reporting has established.)

Instead, as the story says in the second paragraph, the NSA is building social graphs based on its "analysis of phone call and e-mail logs." We know they get phone call metadata via Section 215 of the Patriot Act from telcoms like AT&T, VZ, Sprint, etc., which have long been in bed with FedGov. My guess is that the email metadata comes from two sources: AT&T, VZ, Sprint, etc., and bulk fiber taps (remember, "UPSTREAM" from the earlier Snowden slides) aimed at email providers that do not fully support SMTP-TLS.

When I wrote about this in June (http://news.cnet.com/8301-13578_3-57590389-38/), only Google among the top mail providers was fully supporting SMTP-TLS, while Yahoo Mail, Hotmail.com/Outlook.com, AOL, etc. were not. And for SMTP-TLS, it takes two to tango.

A possible third source, also via UPSTREAM, is monitoring HTTPS connections to Facebook itself, which was using 1024-bit RSA keys until recently, as I wrote about here: http://news.cnet.com/8301-13578_3-57591560-38/

Finally, the NSA is supplementing its email-and-phone metadata database with whatever it can vacuum up through public records (the article refers to voter registration rolls, property records, and Facebook profiles) and non-public data held by regulated industries that, unlike large Silicon Valley companies, have little interest in litigating against FedGov on privacy. The article refers to bank codes, insurance information, passenger manifests, billing records, and "location-based services like GPS and TomTom" -- odd wording, that, and a hint that the reporters may not have understood all of their material. Cell phone location metadata from carriers is probably included as well.

In other words, Facebook can be reasonably criticized for moving slowly away from 1024-bit RSA keys and not supporting SMTP-TLS, which have made it easier for not only the NSA but other intelligence agencies to conduct surveillance too. But this story is not about the NSA having direct access to Facebook's servers or getting bulk dumps of direct messages from Twitter, and in fact there's zero evidence that's the case.

Also, we now know that the NSA has been influencing companies' product strategies. For all we know, the NSA co-opted them into using outdated RSA keys and not using SMTP-TLS. It would hardly be surprising.

Which makes me wonder why they aren't.

At the least, I don't see anything illegal about their scraping public facebook info, and they can easily gain access to the private stuff as we've learned.

So why wouldn't they populate their old-school social graphs with new-school social graph information?

The point I was making (perhaps poorly) is that the NSA is surely bulk vacuuming up public Facebook profiles and using its relationship with AT&T/VZ/Sprint/etc. to do fiber taps of poorly encrypted or unencrypted data in transit. But there's no evidence of direct access to Facebook/Twitter/G+ servers or bulk downloads of private data from social networks.

Worth pointing out that Facebook only had opt in https as of 2011 and default https came a long time after that.

There is a lot of talk about data coming out of facebook: is it coming to me? is it coming to him? is it coming to them? They want you to think that the threat is data coming out. You should know that the threat is code going in.

For the last 50 years what has been happening in enterprise computing, is the addition of that layer of analytic on top of the datawarehouse that mostly goes in enterprise computing by the name of "business intelligence". what it means is you’ve been building this vast datawarehouses in your company for decade or 2 now you have only information about your own operations your suppliers your competitors, your customers now you want to make that data start to do tricks. By adding it to all the open source data out there in the world, and using it to tell you the answers to questions you didn’t know you had. That’s business intelligence.

The real threat of facebook is the BI layer on top of facebook warehouse. The facebook datewarehouse contains the behavior not just the thinking but also the behavior or somewhere nearing a billion people. The business intelligence layer on top of it which is just all that code they get to run covered by the terms of service that say "they can run any code they want for improvement of the experience". The business intelligence on top of facebook is where every intelligence service of the world wants to go.

Imagine that you are a tiny little secret police organisation in some not very important country. Let’s put ourselves in their position Let’s call them I don’t know what, you know ... "kirghista".

You are a secret police you are in the "people business" secret policing is "people business". You have classes of people that you want you want agents, you want sources you have adversaries, and you have influencables, that is people you torture who are related to adversaries wives, husbands, fathers, daughter you know those people.

So you are looking for classes of people. You don’t know their names, but you know what they are like you know who is recrutable for you as an agent you know who are likely sources, you can give the social characteristics of your adversaries, and once you know your adversaries, you can find the influencables.

So what you want to do is run code inside facebook. It will help you find the people that you want it will show you the people whose behavior and whose social circles tell you that they are what you want by way of agent, sources what their adversaries are and who you can torture to get to them.

So you don’t want data out of facebook the day you have data out of facebook it is dead. You want to put code into facebook and run it there and get the results you want to cooperate.

http://benjamin.sonntag.fr/Moglen-at-Re-Publica-Freedom-of-t...

(1) Image of Keith Alexander in relative youth (from a .mil personnel file source) @ http://imgur.com/CXU67Fn

(2) AMDOCS is without question a major source of metadata. It amazes me with all the coverage, nobody is digging at this. (New York Times is less likely, since it's hosted at the only place in the world I've ever seen a pro-Israeli march! That was quite a shock, let me tell you!)

If you are talking about the use of phone log data and other meta-data that develop incidental to your use of a communications system that are supposed to be private because they exist for limited purposes, then sure I agree with you.

But let's not pretend that the NSA looking at Facebook is really much worse than anyone else doing it. The reason raison d'etre for these things is to record such information.

Telling people you shouldn't be surprised is telling them it is an expected consequence, not something exceptional that can be prevented. It's telling them that if after actually thinking through the implications of Facebook existence , they shouldn't be surprised. They should have seen it coming.

Conversely, telling people that this is surprising make it seem like the government did something monumentally evil that we did't expect them to be capable of and if we merely make the government not evil, it goes away. It doesn't. Facebook can and still will do those things and sell it to advertisers. The government can and will do it with public profiles.

As a side note, most of the article isn't about "social networks" like Facebook. It's about actual people's networks of social interactions as extracted from phone, email, and other metadata. The fact that the government is doing analysis on a huge scale should both be surprising and deeply distressing.

And by the way, IANAL, but the collecting of data was not technically illegitimate, right?

If one branch of the Federal Government doesn't prosecute members of another branch, we've got no way to say.

http://www.emptywheel.net/2013/09/18/by-secret-law-did-they-...

When NSA whistleblowers have been trying to do outreach to the public for years prior to the Snowden leaks[0], to be upset because some people want to take a pragmatic approach/perspective after witnessing an apathetic public for years at large, is pretty farcical IMO.

At this point, I don't expect anything from congress nor many of my "friends" on social networks. If I want to be secure in my communications with them, I will/have taken the steps to do so through means discussed at length plenty of times on HN. If governments across the world want to go on witch hunts, they'll only get more of what has happened because of them: "If you always do what you've always done, you'll always get what you always got".

The way I see it, the point of no return was long ago…

[0] http://techtv.mit.edu/embeds/21783?html5=true&size=medium&cu...

So you will scold us till we agree with you?

It is not a lie to claim that at least some of these revelations were surprising to a lot of people.

Still want to use Gmail, Hotmail, Yahoo mail, AOL mail etc.?

There have been what... 3, 4 deaths from terrorism this year in the USA? And 6,000+ deaths by way of guns/criminal activity? Doesn't really seem to be worth their trouble to be snooping through who I talk to and who I hang out with.

Also, by your logic, it's not your information anymore - you have given it to Google and Facebook, which makes it their information to give to the government.

I choose not to do so, I don't use facebook or gmail, but if I did I would only expect them to be using and abusing it, not some secret government program.