I can't speak for the US but this man has shifted so much of the political debate in my country and I think also in the EU in general. If you talked about the massive surveillance from governments people tossed you aside as a paranoid lunatic. After Snowden no one could ignore you anymore and privacy is an aspect in any public debate.
That's great to hear. Unfortunately, his actions haven't really done anything in the US. I wish I could say otherwise, but I haven't seen a single thing change. Privacy still isn't an issue that's on most people's radar. The government still does what it did before and likely a lot more. I have a ton of respect for Snowden, but he severely overestimated how much Americans care about privacy, spying, surveillance, or anything like that they mostly can't even understand.
>That's great to hear. Unfortunately, his actions haven't really done anything in the US.
At the very least it produced some dissonance between democratic establishment and their support base. Bill and Hilary continue to tour the country and I attended their road show in Seattle. Crowed cheered at every statement until they got to, and I quote, “Snowden is a traitor”, which produced very confused and subdued cheer. It was very fun to watch.
Yup. Even the dark fiber back haul networks used by data centers that were once thought to be private are now being encrypted (Google, Microsoft, etc have mentioned this).
This is exactly what PRISM was, not taking data from servers, but tapping into the data networks between them and siphoning off whatever the NSA wanted. And it just so happens that to mirror a fiber optic line you use a crystal prism.
> Unfortunately, his actions haven't really done anything in the US.
It actually changed a lot how some companies handle government requests for data. Apple for example, completely switched their strategy because they wanted to be seen as protective of customer data. They realized that data requests would eventually leak so they avoid storing identifiable data on the servers. They saw privacy as a competitive advantage.
I'd disagree that nothing has changed. Consciousness of the fact that mass surveillance is happening is much more widespread, and gets brought up in passing from time to time. People have changed their behaviour somewhat - eg many now try to use encrypted communications quite consciously and even Signal has become quite popular for example. It's influence thinking over e.g. use of facial recognition cameras in public places which is unpopular.
And whilst what eg GCHQ actually do hasn't really changed much as far as I can tell, it's been brought onto an "open" legal footing which is progress. The next step will be for the legal safeguards which are currently rather toothless to evolve to have real teeth. I think that will happen eventually but it'll be a slow journey to get there.
Much much more websites are HTTPS now. LetsEncrypt was set up, and browsers are better at HTTPS. That benefits people in the UK. "Encrypt everything" was a result of knowing the NSA were hooving everything up.
The key difference is that you can decide not to buy corporate products you do not want, but have to comply with the laws. I am a lot less concerned about stupid things done by a majority for convenience (and I can choose whether to do participate or not) than about the law that forces the same stupidity down my throat. My 2c.
There are cases in which there is no choice but to use specific corporate products, or in which choices are made without an individual's consent or involvement.
Karen Sandler, co-host (with former FSF directory Bradley Kuhn) of the "Free as in Freedom" podcast has an implanted, closed-source proprietary medical device. She can literally chose between non-free software (which includes surveillance), or death.
Emergency medical services, government contracts, third-party contracts by various firms and organisations, third-party use of Gmail either directly or as a hosted email service (see Benjamin Mako Hill's "Google has most of my email because it has all of yours": https://mako.cc/copyrighteous/google-has-most-of-my-email-be...), and the issues of spillover externalities (Amazon Ring doorbell surveillance, third-party tracking of mobile phone SIMs, MACs, and Bluetooth signatures, facial surveillance) mean that, no, actually, you cannot decide not to participate in corporate surveillance.
And, as a final point, both government and corporate surveillance and oppression very often speak to the same underlying dynamic: that of power to defend both itself and its wealth and/or golden geese. Examples are numerous, though the Johnson County War would be a good case history: https://en.wikipedia.org/wiki/Johnson_County_War
Let's please put this canard in its well-deserved grave and bury it.
Each year you can do less and less to limit your exposure. That argument will not old up over time. When IOT and 5G puts more devices online all of these things can be used for surveillance. This argument is not fair or realistic when looking forward a year or two.
This is essentially true of government surveillance as well. Not really a surprise, since most modern state surveillance issues are essentially about ways in which private and public/state power cooperate.
The overarching point is that it's naive to consider issues of privacy particularly distinct in the public or private sphere. Neither market nor political power are trivial to escape (and they have other things in common). Individual opt-outs will only get you so far from either a Google scale or state scale operation.
I've already given a literal life-or-death example above, which didn't involve guns.
Strategems in which individuals are denied the very fundamentals of life, food, shelter, work, engagement in civic, social, commercial, or cultural practices, access to courts, institutions, and the like, without overt threats of violence, are far more effective than guns.
to fight and conquer in all your battles is not supreme excellence; supreme excellence consists in breaking the enemy's resistance without fighting
Your life or death scenario is an edge case with its own special complexities which should not be lumped in with discussions of the vastly voluntary choices we can make. Healthcare is heavily regulated as we all know. This raises the barrier to entry to new competitors, and leads to a less dynamic market where the status quo can last a long long time. So you end up with only 1 or a very small number of medical devices (with the associated software) for a given situation.
I would expect that the greater debate on privacy will, over time, hopefully lead to some changes in how we are able to control the data generated by our bodies. Until that happens, I’m going to take the thing that saves my wife’s life with the potential for some shadiness or simple distaste at what may happen to her data, or, I might look at it as her voluntary consent which was fully given with her and my knowledge well ahead of time — helps to save others lives, and some loss of control of that data is actually quite noble.
As you might guess, I started at the abstract, but ended up at the concrete, and my wife really does have such a device, similar to your example. And I also work in big data analytics industry, and get involved in these sorts of discussions pretty often.
Okay, let's try a concrete example: Gmail. Let us agree that the point of Gmail is to read people's email so it can send targeted adds. That automating the process (since human employees don't directly read that email) makes the thing more efficient, and thus worse, as well as easier to misuse.
Let us agree that I can indeed avoid having a Gmail account. Can I realistically avoid sending email to a Gmail user?
There are just too many users. Maybe I can avoid sending mail to <anything>@gmail.com (though not responding to one will invariably be perceived as incredibly rude), but I cannot avoid having Gmail users send email to me. I cannot realistically notice ahead of time that email@example.com is actually using a Gmail server under the hood, and not send the email. I cannot prevent Gmail users from talking about me.
I can reduce my exposure, but there are limits to what I can reasonably do. Your usage of Gmail is hurting my privacy. Okay, not yours, but definitely half of my friend's. I can't realistically ask them to either stop using Gmail, or stop interacting with me, now can I?
Let us agree that individual choices and individual actions don't work.
That automating the process (since human employees don't directly read that email) makes the thing more efficient, and thus worse, as well as easier to misuse.
While I agree with your larger point, I don't agree with this subjective value judgement and am not sure why it's necessary to lump it in with the rest of your (valid) points. Why do I want to see ads for things I'm not interested in? How is that in any way "better?"
What I definitely don't want is unauthorized humans reading my email. (Even so, I have to assume that is exactly what will happen whenever I type or dictate anything into a computer. I've operated on that basis since before GMail, Google, or even the civilian Internet existed.)
I live in the EU, and as such am pretty much nameless for any Google employee. It's not like they would disrupt my personal life. Automated reading however, scales. The damage to any individual is lowered, but it is also multiplied by the number of users. Reliably so.
And now they have a mighty powerful pattern matching machine, they can easily ask more than where I could possibly spend money. They could ask for my political affiliations, or my sexual orientation, my social network (who knows, I may be related to the second or third degree to some nefarious terrorist?).
That last one is very worrying. Especially since recently, my country (France) is being eerily harsh with political opponents. I've just read a story about a journalist (whose income happens to come from YouTube & donations), who is being judged for… gang theft (the pun also works in French), risking up to 75.000€ in fines and 5 years of imprisonment, just because he covered the unhooking of a 8€ portrait of our current president in a Town Office (which usually have president's portraits, but this is not mandatory). Unhooking, they reportedly did not even take the portrait.
So yeah, I'm more and more worried about giving our governments the means to apply their increasing insanity. Sure, having an individual reading my private email is unacceptable, but that risk is getting smaller and smaller, in comparison, to the mass surveillance that automation enables.
Your life or death scenario is an edge case with its own special complexities which should not be lumped in with discussions of the vastly voluntary choices we can make.
Karen's and my 2019 FOSDEM keynote (and accompanying podcasts) discuss her struggles with the medical device industry and how those struggles relate to the larger set of choices related to technology that we make. This isn't an issue that lends itself well to short-form discussion. The issues are quite complex:
I've already given a literal life-or-death example above, which didn't involve guns.
But it was far too specific (and frankly too obscure) to serve as a general basis for argument. Pacemakers used to run on plutonium. Should that influence the larger debate over nuclear power versus fossil fuels?
If someone has to use a pacemaker or insulin pump that runs proprietary software, that's unfortunate as far as it goes, but the patient himself/herself is fundamentally fortunate to have that option. It would perhaps be better to focus on developing open-source alternatives than to rail against a particular manufacturer's policy... except the (captive) regulators will have something to say about that, won't they? Specifically, what they will have to say about the idea of an open-source pacemaker is "No."
What you are complaining about in this specific instance isn't corporate policy, but government policy. I'm actually very sympathetic to your argument, personally. I've made the point many times that any sufficiently-dominant corporation is indistinguishable from a government. But you need to be careful to identify the party who is actually forcing or denying choice.
> Specifically, what they will have to say about the idea of an open-source pacemaker is "No."
Not specific enough. What they would most likely object to is code you can modify. Code you can inspect on the other hand is a whole 'nother business. And one could easily guarante their pacemaker runs the code the manufacturer says it runs, by having reproducible builds, signing the source & binary, and have the device itself communicate (at least) a version number.
Being able to modify the source would be potentially even better, but if we could at least inspect it, then we would know of bugs & vulnerabilities (some of which have affected Karen Sandler in the past), and the manufacturer would have no choice but be shamed and correct the error.
So the argument is not invalid, but you take issue with it because you can imagine someone in a worse situation somewhere in the world? I fail to see the point of your comment, this is not a UN hearing regarding some oppressive regime.
If you require home internet access to do your 30k salary job, you move into an apartment, and they tell you you have one option for internet access, you have literally been restricted to a single corporate product and subject to surveillance.
The problem is that you can't always opt out of someone else's decisions.
Example: Doorbell Cams taking video of you walking by, uploading it to a corporate database, identifying you using photo recognition algorithms and your location using the home's address, and using that information to sell you things.
Fair. But even this (at least in the US) is the flip side of the laws that in public areas I can take any photos that I want. And I generally like this setup -- I can snap pictures of friends and kids without worrying about proving my right to take those photos).
This should not be taken for granted -- in the UK I was twice (very politely) asked to leave because I was taking a picture and apparently a gov't building was in the background (and you need a permission to photograph those!!) and the second time because a school volleyball competition was played in the background. This is stupid because if I did it with a phone instead of a DSLR no one would notice.
Maybe some limits on commercial photography in public spaces makes sense, but I would not go as far as putting strong limits on it altogether. My 2c.
Photography in public places is a separate issue from long term stocking by companies. One can enable the other, but this does not mean they are equivalent. It's a very American fallacy to overextrapolate an individual right into a justification for commercial totalitarianism. But if an individual person were to suddenly start following you around and photographing you every few minutes, you would rightfully complain to the police. That this is being done at scale and for a profit motive should make it more worrying, not normalize it.
I don't think that limiting the photography or the means of the data collection is the solution. The law is going to have to apply post-mining.
In my opinion, we need to start treating data about users as intellectual property. Generally speaking, you don't have to worry about intellectual property when you're doing something personal. I can say "Just do it" all I want. In the same vein, I can make casual observations about random people on the street without having to worry about violating their privacy (that guy has cool shoes!). But if I start to use "just do it" in my business marketing materials, I'll be in trouble. Similarly, if I start keeping a database of somebody's shoes every time I see them so I can try to sell them something, that should be illegal.
Think of everything you would have to do to avoid being surveilled today. Heck, think about everything you would have had to do even 40-50 years ago. I think the issue is not wether or not you can avoid being surveilled. I think that debate is largely settled. So the next logical question is, what are the rules governing access to that data? At what point do you need consent and from whom do you need consent? I think the fear, sadly, is that even if we come up with rules there is the challenge of how to apply them retroactively or in a backwards-compatible way. It's quite possible that we now we significant portions of the economy relying on companies having unfettered access to their data. I see parallels between this and the shift to renewable energy. Revenue from oil companies is tightly woven into the fabric of the US economy in many ways.
All of our legal precedent about privacy, law enforcement surveillance, commercial data gathering, etc, really dates to the 1800's and early 1900's when things were fundamentally different. There is a qualitative difference when information can be automatically processed in aggregate.
I don't really care about individual corporate -- or LE -- surveillance actors if the data is partitioned over many and requires real subpoena power or active, limited sharing. If there's thousands of cameras owned by homes and businesses in my town, and everyone uses the pictures on their own for their own purposes, and law enforcement occasionally asks for and/or subpoenas the data when it'd be particularly useful and there's at least some suspicion-- that's great.
On the other hand, when we automatically read license plates and form a big database about where everyone goes every day, that's not so great. When individuals are all subject to mass-scale surveillance that we use with data processing and machine learning to manipulate those people-- that's not so great either.
The threat isn't corporations. The threat is when the government goes rogue as governments tend to do unpredictably from time to time. The threat materialises in the government using private corporation data to target arbitrary minorities (although usually the educated, wealthy, foreign and free-spirited).
People seem to think that because it "could never happen here" they can just ignore the possibility. Then it turns out that that sometimes it can.
Privacy isn't just about the world as it stands today. Privacy is an acknowledgement that the present and the future are linked and that the future may be profoundly different from today. People aggressively selling you things is more harassment.
In a thread about surveillance, why are you drawing a dichotomy between different surveillers and basically giving one a pass? They're both prongs of the same threat! On the collection side, every bit vacuumed up commercially is available for use by the government. And on the use side, there is little difference between a government proper and corporations that have achieved enough power to exert de facto governmental control - especially when colluding through a common third party.
Corporate surveillance is only a problem because it will sooner or later feed in to government surveillance. If I could wave a wand and stop that happening I'd be fine with corporate surveillance; I'm annoyed but not threatened by the idea that someone will study my every movement trying to sell me things I want. I'm threatened if the extremely arbitrary government decides that I'm an undesirable for some reason.
> corporations that have achieved enough power to exert de facto governmental control
Might be a failure of the imagination, but I really can't see myself ever getting involuntarily dragged out of my apartment by McDonalds employees. The worst I've ever seen a corporation do is set the police on someone. As long as the government is functioning sensibly a rogue corp can only do so much.
Surveillance by corporations is also used for:
- creating, maintaining and exploiting information asymmetry
- manipulating markets, fostering rent-seeking
- finding new ways of externalizing costs that escape easy detection
- polluting honest policy debate
- manipulating the democratic decision-making process
- avoiding responsibility for malfeasance
- etc, etc, etc, etc, etc and yet more etc
On the large scale, I do not want these entities to have access to weapons-grade behavioural models. On the small scale, I do not want them to have compromising information about individual behaviour. They will use whatever leverage they gain to enrich themselves far beyond their utility.
I honestly don't have a problem being persuaded into wanting something and being 'tricked' is either fraud or the wrong word. I don't agree that advertising is somehow a mind control technique. It is very effective, but being persuaded to do and not do things is part of how I want to operate. If someone makes a case that something is a good idea I'll go with it.
It seems to me that if an advertiser can convince me to spend money then I wish they'd done it sooner. I can easily imagine having bought my first smartphone after seeing an ad. It wouldn't be a trick.
Corporations are worth keeping an eye on, but governments are more unreliable, less governable and generally have larger professional military. And if a corporation acts it is usually in concert with a government.
> Corporations are worth keeping an eye on, but governments are more unreliable, less governable and generally have larger professional military. And if a corporation acts it is usually in concert with a government.
Simply asserting that you're somehow impervious to corporate power is not an argument. Individuals only have the absolute power to not transact in an ideal market where there is vibrant competition for your business, and our real market is far from ideal.
1. Persistent psychological manipulation (advertising), including political manipulation, based on knowing your weaknesses better than you know yourself.
2. Punitive insurance rates based on unreasonable inferences, especially for mandatory insurances. Like say doubling your auto insurance rate for buying more than a few beers per week. Or your health insurance going up due to buying power tools.
4. Prevented from or price-gouged when using vital services. For example - the unbanked (ChexSystems), recent Internet censorship (Visa/MC), Internet service ("six strikes").
The issue isn't the straw man of being "dragged out of your apartment by McDonalds employees", but rather being prohibited from buying food due to being uniformly banned from McDonalds, Burger King, and Walmart - say you've previously shoplifted but have served your sentence, are simply wrongly accused, or perhaps just didn't respect a sign saying to take off your sunglasses.
I know you're likely to respond to these by defining them away as not being problems in your paradigm, but paradigms are only as good as their constructive results. Our current politicatastrophe is basically due to people clinging to their chosen paradigm way past its utility. FWIW our modern society is indistinguishable from a "Libertarian Paradise" where USG is a private corporation that owns everything and who've you've contracted with to be here. An axiomatic approach of morality-by-construction doesn't work - the only way is to judge qualitative situation.
> Punitive insurance rates based on unreasonable inferences, especially for mandatory insurances. Like say doubling your auto insurance rate for buying more than a few beers per week. Or your health insurance going up from buying a power tools.
Is it just supposed to be self-evident that those inferences are unreasonable?
I've always thought that this was an interesting argument. If there is some form of correlation with beer consumption and and car accidents, wouldn't it make sense to adjust your estimated risk based on that information?
I do find it self-evident that that would be a bad thing, but I also have a hard time putting my finger on why.
The problem is that "correlation" seems objective and mechanical, but the model itself carries the bias by choosing which overly simplistic factors are relevant.
Directing focus at "people who drink a lot of beer" means considering people who who drink a lot of beer at home as guilty by association, ultimately due to the subjective priorities of whomever pushed for that model.
Obviously in the expected value sense, charging on correlations is lucrative for the company (as is any justification for raising prices on a set of customers if your competitors do it too). But in the exact same way as saying certain zip codes are more likely to default on a loan, which we rightfully reject.
Your model sucks if you are arbitrarily choosing factors. You choose the factors with the most significant correlations, because those correlations are least likely to be "overly simplistic".
Why would we reject that zip codes are more likely to default on a loan? Seems like information I would like to be aware of if I was a home lender.
I certainly look at crime rates of a community before I live there. While a bad crime rate certainly doesn't make potential neighbors "guilty by association", it certainly increases the likelihood that one of my neighbors might be actually guilty.
> If there is some form of correlation with beer consumption and and car accidents, wouldn't it make sense to adjust your estimated risk based on that information?
Nope. Because it's flawed reasoning. If many people who get into accidents were driving drunk and everyone who drives drunk buys beer it might seem logical to increase rates for everyone who buys beer, but people who drive drunk are only a small percentage of the people who are beer buyers. That kind of reasoning seems more likely to be a weak justification to raise rates for a large number of people than a reasonable response to a trend.
This is assuming that auto insurance isn't a competiitve industry. If a company attempts to raise rates because of a trend that doesn't actually exist, they will inevitably not be competitive with companies that recognize that the trend doesn't exist, and thus it won't change prices for the consumer.
If the insurance companies could arbitrarily raise rates due to a trend that doesn't exist, than they would have already done so. These companies know their margin and they don't bid above that if they want to be competitive.
> If a company attempts to raise rates because of a trend that doesn't actually exist, they will inevitably not be competitive with companies that recognize that the trend doesn't exist,
that assumes that all companies involved aren't doing the same thing. Corporations figured out a long time ago that when one of their competitors does something that makes them more money at the expense of their customers they could start doing the same thing to their own customers and profits increase for everyone without risking prices being driven down by a truly competitive market. The insurance industry in particular is has a long history of shady practices from good old fashioned collusion and price fixing to new techniques like data mining to charge customers different rates depending on where they live, what jobs they have, or how often they're willing to change insurance companies.
Buying beer is legal. Driving while sober is legal. Assuming you have no record of driving drunk, any such alleged correlation should not be used to inflate insurance rates, unless you're also willing to say that other correlations of increased risk are also fair game, even if they're based on race or sexual orientation or income or education level or politics or any other characteristic that can be measured and grouped into risk categories.
One of the tendencies of the neo-puritanism that has become prominent in the last decade is a real willingness to abandon any boundaries that have kept corporations from using certain kinds of information against individuals -- boundaries that were in large part legislated during the civil rights era.
It's not illegal to be a male, and my insurance premium still raises because of it.
It's the job of the insurance company to accurately assess risk and charge me that plus their margin. If the companies can more accurately assess risk, than that makes insurance a less volatile and therefore cheaper market.
Insurance companies don't have access to the actual root causes of accidents. They have no measure of my driving skill or risk tolerance or attention span. They just estimate based on some really primitive data they have about me. What's the harm in including more data?
It's ironic to see a comment like this in a thread on Snowden. It's remarkable how quick we are to forget about things such as PRISM . PRISM is a government-corporate surveillance coop. Players include Apple, Google, Microsoft, and many others. Capabilities described in slides never intended for public access indicate unilateral access by the NSA to "extensive, in-depth surveillance on live communications and stored information" with examples including email, video and voice chat, videos, photos, voice-over-IP chats (such as Skype), file transfers, and social networking details.
Especially in modern society government and corporate interests are increasingly interweaving. And I'm no more comforted by governments having access to dystopic levels of personal information than I am by corporations having that access. It just so happens that, in practice, there's no difference anyhow.
PRISM was an internal NSA web-form for sending what was considered (by some, but not tested in courts) to be legal data access requests to US cloud app providers.
It was a f---ing web-form for sending targeted, narrowly-scoped, legal notices. Nothing more, nothing less. It was not some magical all-seeing Eye of Sauron that gave the NSA a backdoor into every word you ever said online, your blood type, and the number of nose hairs that you plucked this morning.
The really illegal backdoor, unscoped intercepts, including the cable taps, were done without the consent of most (all?) of the companies in question, and were not done through PRISM, but rather through physical access to, say, cross-datacenter cables, straight up hacking, and similar means.
To start with "IS, not WAS". PRISM hasn't gone anywhere and the most reasonable path here is to expect it's only substantially grown - as it already was doing at the time of its initial reveal. This  is a snippet of the PRISM collection overview. Data is sent straight from the partners to a DITU - data intercept technology unit which then processes the data in various ways before being sent on for further processing to appropriate nodes and ultimately becoming searchable through PRISM.
An example of a DITU is here . Microsoft provides unencrypted access to the NSA to user emails. One slightly tricky thing here was Microsoft deciding to roll out a new 'alias' feature enabling users to send emails under an alias. The DITU for outlook there ensured that NSA tracking would remain consistent regardless of the identity chosen by the user. Finally this  is a snip of the slide revealing the scope of data available from various partners. 
And yes, there is supposed to be a formal request where an analyst requests our secret court system approve a search before they carry it out. That process is unsurprisingly a rubber stamp - the court approves 99.97% of all requests. But more importantly this is something with no meaningful oversight. As Snowden emphasized, "in general, the reality is this: if an NSA, FBI, CIA, DIA, etc. analyst has access to query raw SIGINT [signals intelligence] databases, they can enter and get results for anything they want."
So, yes it would be much closer to calling PRISM the all-seeing-eye than it would be to a system for sending out warrants. These systems are the reason that the Utah data center was built with storage estimated on the order of exabytes. One exabyte being a million terabytes.
None of the facts you have cited contradict anything I said.
The data that is sent into the PRISM system is data that is sent by cloud providers, in response to a targeted warrant. The data is not collected whole-sale - it is targeted to a particular individual. That's the whole bloody point of warrants.
Once it's been sent by the cloud providers to the NSA, it ends up in a searchable database. I don't understand what is remotely controversial about that. The source of the data was not whole-sale collection - it was targeted warrants. That it becomes searchable afterwards is not relevant to anything. There is nothing illegal about police retaining data, and maybe even putting it in a searchable database, as long as that data was legally obtained - at least, in the United States.
> And yes, there is supposed to be a formal request where an analyst requests our secret court system approve a search before they carry it out. That process is unsurprisingly a rubber stamp - the court approves 99.97% of all requests. But more importantly this is something with no meaningful oversight.
I'm not sure you understand what the purpose of search warrants is.
Search warrants are overwhelmingly rubber-stamped by courts, regardless of whether it's a secret FISA court, or a local judge who works two days a week in Small Town, AK. The point of having to get a search warrant is not to obstruct the work of police. The courts don't interpret that to be their job.
The point of having to get a search warrant is to prevent fishing expeditions, and to make sure that police are conducting a narrow, targeted search. Most judges will rubber-stamp a search warrant for Bob Joe, based on incredibly flimsy testimony. Most judges will tell a police department to go pound sand if they wanted a search warrant for an entire town.
As long as those FISA courts were dealing with search warrants of the first kind (And all evidence points to this), rubber-stamping them would not have been any different from how regular courts rubber-stamp targeted search warrants.
> "in general, the reality is this: if an NSA, FBI, CIA, DIA, etc. analyst has access to query raw SIGINT [signals intelligence] databases, they can enter and get results for anything they want."
You are conflating two separate parts of PRISM, in a misleading manner.
The first part is how it requests data from cloud providers. It does so by targeted warrant. This is incredibly similar to how regular police operate. They get a targeted warrant, a judge rubber-stamps it, and they serve it. It is incredibly likely that this is not illegal.
The second part is that after it has retrieved the data, that data goes in a database, where every Tom, Dick, and Harry that works for a TLA can search for it (And go on fishing expeditions, in the already-retrieved set of data). This is also not illegal. If you think it is, please point me to legislature, or court precedent that implies that information obtained by the police in a warrant cannot be put into a searchable database.
You are conflating the two, by making it sound like every Tom, Dick, and Harry that works for a TLA can go on an untargeted, whole-sale, unwarranted fishing expedition on Hotmail.com. The simple fact is, they can't. Not via PRISM, at least. This is why the NSA was conducting criminal tapping of cross-datacenter links - because PRISM only let them serve targeted warrants, and they wanted raw, whole-sale, untargeted, backdoor access to your data. That, for some reason, most of the firms implicated in the leaked NSA files were not granting them, hmm...
Since most of your post here is just repeating yourself, I'll avoid doing the same and again implore you to read the useful thing sources I've provided to support most of every statement I've made. You seem have grossly misinformed yourself on this topic and I would strongly suggest reading about it, ideally from The Guardian or the raw data itself. Suffice to say PRISM is not a fancy way of saying "sending a warrant to Google." This  is an article (ironically from the Washington Post) that provides a broad introduction to the program and it's scope, scale, and operation.
The two big differences between private and government surveillance is 1) law 2) quantity. Look at China how the private sector freely hands data over. But ask yourself, is it that hard for your government to obtain that data? Are they trying to access it? The answers are probably no and yes.
If you don't feel comfortable with the government having that data, I wouldn't suggest giving it to private corporations. Even if they are standing up to gov, it means things can change. I think Snowden uses the phrase "turn key tyranny".
Not true. Choice is only as good as your options and also depends on the choices of other people around you. My phone records people standing next to me. They might not have chosen to install the apps on my phone, but they’re subject to the surveillance of my device for example.
My thinking before Snowden was the sheer resources it would take to actually record, catalog and index all that information, let alone into something useful. I thought some people were just a bit too paranoid. Then I learned they did have/spend/use the resources needed for this. It just feels crazy, but true.
Since then, combined with the ability to use AI patterns against video streams and even deep fake capability. My trust in most things is pretty much broken at this point.
"Data privacy campaign groups and Labour have expressed alarm after it emerged Downing Street has ordered departments to centralise the collection and analysis of user information from the government’s main public information website ahead of Brexit."
I actually think it is specifically targeting petitions.gov.uk, under the guise of the 'wider gov.uk' scope.
It's the only part of that site I can see BJ actually giving enough of a shit about to go out of his way and double down on at this point. The rest of the gov.uk stuff is already very well managed and instrumented (and a great public service).
Snowden was a lowly SharePoint administrator. Nobody has ever denied that. Snowden himself said that he got that job to have easy access to the documents. He never touched the actual systems described in the documents.
I was a system administrator with similar responsibilities for several years, and it was quite clear who the system architects were and who the maintainers were. It's a minor point, but speaks to Mr. Snowden's reportedly inflated self-importance.
It's up to all of us to take this report, and news reports and autobiographies, as seriously as you think they deserve. This provides background information not commonly known and is a valuable counter balance to Mr. Snowden's account. How seriously should we take an autobiography written by the person who perpetrated such (in)famous actions?
There is "selective reporting" on all sides, it's up to us to take it all in and form our own opinions. For example: read the report, note Mr. Snowden's length of service at each job, his age and experience, and consider how likely it was that he was a "senior advisor" or a more junior system administrator.
I understand this may be a lost cause, but I'm simply advocating for balance on this issue.
Amazon page blurb aside, I don't understand why this question comes up so often.
Even during the initial revelations, people who wanted to downplay the topic regularly pointed out that Snowden was "just a system administrator, not an intelligence agent" and attempted to debate whether he worked directly for the government or only for a contractor. It baffled me, because that doesn't even seem relevant to his claims.
The "government employee" issue would only matter if the authenticity of the leaks was disputed; the various PRISM and XKEYSCORE slideshows were never even challenged, so who cares? And "only a system administrator" sounds backwards to anyone who actually knows what sysadmins do. Dismissing him as a maintainer instead of an architect is a weird sideshow, since his role was mostly important as an answer to the question "how did he get undetected access to so many different files?"
It's a tactic to undermine an opponent. They want to classify him as a minor part of the machine, hoping to discredit his revelations in the process ("why would you listen to anyone with that little of experience and importance"). It's a reverse appeal to authority.
It coming up again of again when Snowden is discussed is part of either controlled or natural occurring propaganda, a talking point of the regime. The one bringing it into this thread is a new throwaway account, go figure. One way or another, directly or indirectly, you are seeing the "controlling public discussions" part of what intelligence agencies do in action here :)
That's an excellent point. Using the "only a sys admin" example was pretty weak. I just chose it quickly as one example of his trustworthiness level from the report. A better example would be that Mr. Snowden claims he began collecting files after James Clapper's testimony, but in fact he began 8 months earlier (third point in the Executive Summary, page iii).
My main takeaway form the report is that Mr. Snowden was misleading/dishonest about elements of his past and motivations. Read the report for other examples of his misrepresentations, mainly that he never reported his suspected abuse of government programs via established internal process and he took and shared material on much more than the programs he was concerned about.
The discussion of the programs themselves is certainly much bigger. I view these programs as the nuclear weapons of our age. It was inevitable that they would be created (with similar capabilities in the hands of other governments and corporations), and there is always the risk of misuse. While the US Government is not the ideal owner of these tools, I generally trust the USG more than other countries and corporations.
The problem with intelligence agencies is that you rarely hear of their successes, and almost always hear of their failures.
> A better example would be that Mr. Snowden claims he began collecting files after James Clapper's testimony, but in fact he began 8 months earlier (third point in the Executive Summary, page iii).
His claim was that testimony was the "breaking point" on the decision to leak, not download files, and soon after he agreed to publicly be named the source.
>mainly that he never reported his suspected abuse of government programs via established internal process and he took and shared material on much more than the programs he was concerned about.
It's his word vs theirs on whether he raised the issue before deciding to leak. And he knew there was a ton of unrelated data in what he leaked, that was why he privately gave it to reporters and didn't publicly post it.
As far as I know, none of the documents leaked by Mr Snowden have been found untrustworthy or fabricated. Digging in his past for inconsistencies and speculating about his motivation seem little more then a weak attempt at character assassination. What exactly are your goals in this discussion?
You have, at this point in time, only three comments on HN, all related to Snowden, and are obviously using a throwaway account. You are also advocating heavily that the report, prepared by intelligence agencies in the US government, should be given credence, while you have developed none yourself. Really hard not to imagine you as a disinformation account created by a three letter organization.
I've been reading Hacker News for several months and this is the first time I felt motivated to comment. I'm using a burner account because I knew this was a unpopular side to support and didn't want to start an account (that I would rarely use, I'm pretty quiet) off on that. I didn't expect to be trusted on my non-existing record on HN, but wanted to present a side of the story not often told. I am not a "disinformation account". I have always valued discussion from all sides, especially opposing sides, and wanted to offer this resource.
Hm... while I think that the report is generally correct, it also comtains a clear bias in some sections. It was written by people on the inside, after all. Also, some of the character background was sourced from journalistic articles. I would have hoped that such a report had better sources for things that should be part of government records.
That's actually the opposite of good practice; good practice in security is to base your planning off of facts and research. Throwing away your whole setup after every gig works for Mission: Impossible, and I guess it makes people feel extra-super-ninja, in practice it just perpetuates the endless (and pointless) culture of I-know-something-you-don't.
Opsec should be based on reality and threat modeling, not endless rounds of whatabout.
Edit: if you (the rhetorical you, not parent specifically) actually know something here, chime in!
That really is the difference between "proven secure" vs "not proven insecure", which would you consider best practice?
As far as fingerprinting WiFi devices goes: It is an rf device and all rf devices vary in behaviour due to component tolerances. This shows in such things as spurious emissions, power variations across its transmission spectrum, oscillator drift, etc, etc. These are fairly easy to detect remotely. One example is shown in this paper: https://www.cs.ucr.edu/~zhiyunq/pub/infocom18_wireless_finge...
That paper states that the accuracy could be as high as 95%. Apple has sold over a billion iOS devices with WiFi radios in them. I'll let you Google the base-rate fallacy for yourself, and decide if that risk is worth it.
The paper is only one such method, there are countless and these methods have been in documented use in signal intelligence since at least WW2, combined your accuracy increases. And this is on top of all the other known methods of fingerprinting network devices.. Besides, most of the time you only care whether the same device was used, 95% gives you a lot of certainty.
Within propper constraints "proven secure" certainly is possible.
Good security practice is considering all devices as insecure until proven otherwise. Also, mitigating known unknowns where a general problem happens a lot. Devices snooping on you, misleading you, interdiction, hacks on firmwate, etc. Then, you mitigate it in situations where you're unsure of what's going on just in case. So, long as mitigation isn't too costly.
I used to buy and get rid of WiFi devices and throwaway computers for that reason. Also, buy them in person at random places with cash. You can even turn it into charity by using FDE, wiping them afterwards, and reselling cheap or donating to others that cant afford full price. Put Ubuntu and Firefox on them to spread some other good things.
Well that's impossible (see also the halting problem) so that's pretty clearly not good security practice.
Nothing in that says anything about what your threat model is. What risk are you mitigating by doing this? This sounds like the type of "ignore the words and listen to the sound of my voice" security espoused by management and vendor sales people.
It sounds like you have a diverting past time, and I wish you the best with that, but this isn't what security is about. Security is about identifying and mitigating specific risks. This goes doubly for operational security. All else is security theater.
Extra comment to add something I left off. There's at least two types of static analysis and solver tools: unsound and sound. The sound ones, especially RV-Match and Astree Analyzer, use a formal semantics of the code, a formal statement of the property, and automatic analysis to determine if it holds or doesn't depending on the goal. Related, SPARK Ada and Frama-C have their formal specs and code turned into verification conditions that check for code conformance to the specs. The VC's go through Why3 which sends them to multiple, automated solvers to logically check them. Far easier to scale and get adoption of these automated methods than manual proofs.
The main drawback is potential errors in the implementations of the analyzers or solvers that invalidate what they prove. Designs for certifying solvers exist which essentially are verified or produce something verifiable as they go. There's examples like verSAT and Verasco. The tech is there to assure the solvers. Personally, I'm guessing it hasn't been done to industrial solvers due to academic incentives. Their funding authorities push them to focus on quantity of papers published over quality or software improvements with new stuff over re-using good old stuff. Like infrastructure code, everyone is probably just hoping someone else does the tedious, boring work of improving the non-novel code everyone depends on.
Also, given my background in high-assurance research, I'm for each of these tools and methods, mathematical or not, to be proven over many benchmarks of synthetic and real-world examples to assess effectiveness. LAVA is one example. I want them proven in theory and practice. The techniques preventing or catching the most bugs get the most trust.
"Well that's impossible (see also the halting problem) so that's pretty clearly not good security practice."
No it's not. It's been done many times. The halting problem applies to a more general issue than the constrained proofs you need for specific, computer programs. If you were right, tools like RV-Match and Astree Analyzer wouldn't be finding piles of vulnerabilities with mathematical analyses. SPARK Ada code would be as buggy as similar C. Clearly, the analyses are working as intended despite not being perfect.
"Security is about identifying and mitigating specific risks. "
Computer security, when it was invented in the 1970's, was about proving that a system followed a specific, security policy (the security goals) in all circumstances or failed safe. The policy was usually isolation. There's others, such as guaranteed ordering or forms of type safety. High-assurance security's basic approach was turned into certification criteria applied to production systems as early as 1985 with SCOMP being first certified. NSA spent five years analyzing and trying to hack that thing. Most get about two years with minimal problems. I describe some of the prescribed activities here in my own framework from way back when:
Note that projects in the 1960's were hitting lower defect rates than projects achieve today. For higher cost-benefit, I identified the combination of Design-by-Contract, Cleanroom (optional), multiple rounds of static analysis by tools with lower false positives, test generators (esp considering the contracts), and fuzzing w/ contracts in as runtime checks (think asserts). That with a memory-safe language should knock out most major problems with minimal effort on developers' part (some annotations). Most of it would run in background or on build servers.
Modern OS's, routers, basic apps, etc aren't as secure as software designed in 1960's-1980's. People are defining secure as mitigates some specific things hackers are doing (they'll do something else) instead of properties the systems must maintain in all executions on all inputs. We have tools and development methods to do this but they're just not applied in general. Some still do, like INTEGRITY-178B and Muen Separation Kernel. Heck, even IRONSIDES DNS and TrustDNS done in SPARK Ada and Rust respectively. Many tools to achieve higher quality/security are free. Don't pretend like it's just genius mathematicians or Fortune 25 companies that can, say, run a fuzzer after developing in a disciplined way with Ada or Rust.
It's less a culture of I-know-something-you-don't than a culture of someone-may-know-something-I-don't. I don't understand your implication of intellectual delusions of grandeur here; I see it as the opposite.
If you read the other reply to my comment, you'll see that it was in fact a case of I-know-something-you-don't, although in this instance they are in fact wrong about the implications of the thing that they know. The gate keeping that goes on in security (saying that there's a threat but not saying what it is) is extremely frustrating to me.
Your security profile needs to exceed that set for the highest level of clearance you could possibly gain. In practice that means exceeding the highest level of security used in an organisation. You wouldn't want to inadvertently exfiltrate a clients data would you?
Aside from that, it is not uncommon for say a department to not be aware they are being pen-tested with consent of their management, and you don't want to trigger counter measures.
I upvoted you because your first sentence is a useful observation, but I'm having a hard time using any of that to justify throwing away a wifi adapter. Even if it were possible to fingerprint the adapter beyond its MAC address, there's no global database of whitehat pentester wifi adapter fingerprints, and such a thing would be worthless anyway. You're not going trigger countermeasures by reusing a wifi adapter. The only threat model that remotely makes sense for that kind of precaution is fear of nation-state level resources trying to identify and catch you. And that's well outside of the realm of "pentesting".
(And the idea of accidentally exfiltrating data through a reused wifi adapter is ludicrous)
They have a little. 5ghz is more common, so you won't get any thing there. WPA2 is significantly harder to crack, and I usually do it on GPU with pyrit or hashcat-ocl and a wordlist. WPA3 is out now, too, and I'm there aren't really any well-established procedures for it yet.
Just FYI WPA2 is pretty solidly and quickly broken (lookup KRACK attacks). WPA3 is unfortunately already partially broken (though currently joining the network / password breaking aren't fully broken, see Dragonblood attacks).
The best wireless adapter for those who use the penetration platform Kali Linux & BackTrack. The wireless USB adapter has been tested to work with Aircrack-ng and supports packet injection along with monitor mode.
The Alfa AWUS1900 is a nice model, but if you want something cheaper (and will put up with 2.4ghz-only), the TP-Link TL-WN722N is cheap, but get the v1 chipset! It's the best-supported with drivers on linux. Oh yeah, and you will probably need to do monitor mode on linux.
Don't know about counterfeiting, but when I tried to order yubikeys via German amazon, every single one of the blisters looked suspiciously as though they had been tampered with. They were opened juuust slightly on the side - enough to potentially slide the key out and in again, definitely something that you could miss if you weren't paying close attention. I placed a second order and the exact same thing happened. It was quite weird and I've since ordered from yubico directly.
That's not true, since CAs don't have "the keys to decrypt all traffic." They have the ability to sign website operators' public keys, but they do not have access to the website operators' private keys.
Of course, the CA could also issue a fake certificate with attacker-controlled keys, but if they tried to do so, they would get caught by Certificate Transparency.
Guess there could be two attack vectors, one that is easier to avoid and the other not so much.
The first one being a targeted attack. Then any ordering of Yubikeys can leave to vulnerable as the supply chain can be intercepted (because they see it's you and switch out the key to a counterfeit one). This can be solved by going to a in-person store and buying it there. Then there is no risk of you being personally targeted as you can go to any store.
The second one, is where all keys sold being counterfeit, which you cannot solve by going to a in-person store or ordering online. Not sure how you could avoid this vector.
While this is a theoretical problem anywhere, it's a practical problem when ordering from Amazon far more often than anywhere else. Going to a reputable physical store likely shields you from the second scenario nearly as well as the first. Also, in the case of Yubico at least, you can order directly from their website, which presumably minimizes the number of hands the product has to go through, thus minimizing opportunities for a counterfeit to be swapped in.
It recommended me "20 ORANGE SNAPPY GRIP -Bucket Handles -Mining-Gold Prospecting-Gardening" under the customers also bought... I guess I'm just not leet enough. This in spite of the fact that I've actually bought a few external wifi adapters from amazon.
Before his story broke there was an AMA on Reddit about govt surveillance, I'm 90% this was Snowden. Does anyone else remember this?
The person spoke of these things happening in ways we "couldn't imagine". People were guessing at what he meant and his responses were mostly "it's much worse". One redditor posted some highly technical speculations to which the author responded "you're getting close".
Reddit's search isn't good enough to retrieve this but I would LOVE to find that post again.
Funny enough Google has great tools for searching within that time period. Snowden broke around Q1 2013 right? So I tried searching from Q4 2012 to Q1 2014 and the first thing that came up on government surveillance was actually this.
Which I assume is not what you meant but it's pretty early in the timeline of Snowden's revelations.
Setting the timeline to 2012-01-01 - 2013-07-03 is just before Greenwald broke Snowden's story and those results are very different.
Interspersed are results that were likely updated in Google's index after july 3rd so there are some false positives so to speak.
You'd have to browse more of those results. I've only got 3 pages in.
Edit: Actually this IAmA from Cory Doctorow could be it. He's definitely in the know about what the government is capable of and speaking from that experience. Which pretty much predicts Snowden's revelations.
Of course I remember when AT&T was implicated in mass surveillance by a former employee back around 2004, that story just got lost in the ether.
I was annoyed that someone called Ed Snowden a 'Traitor'. Hopefully it gets a bit more recognition in this thread
For me he made the Great Game of Privacy a lot fairer. You should read the excellent entry on Wikipedia about the aftermath of the leaks. If the leaks meant that privacy-loving folk went 'dark' in light of the leaks, then this is a net plus. Snowden's actions possibly hindered NSA in catching undesirables, but it's a small price to pay for a bolstered Internet and privacy-respecting comms. And who's to say that the apparatus even worked that well in foiling the efforts of plotters? Bill Binney consistently drives his message home that the NSA's surveillance apparatus is very inefficient at foiling plots, and I agree with him.
Even if it stopped one plot in all the time of its existence, it's still an enormous effort and an enormous amount of money spent just to foil one plot. Old fashioned police work is better at foiling plots because it doesn't have to rely on big data algorithms sifting through the noise of Internet traffic (most of which is innocuous). Old fashioned methods work because they employ simple detective work - it doesn't need the NSA at every choke point and decrypting countless crypto.
Wow, I thought Binney was just some random analysist news shows brought on to discredit the 2016 hacking thing. Didn't realize he was the key catalyst for the Snowden leak after the government shafted him when he tried to reveal the same NSA overreach using the "proper" channels.
At a fundamental level, I trust the moral compass of the average person more than I trust the moral compass of government which has incentives to do the wrong thing.
The most basic tool of law enforcement investigation is the average citizen calling the police when they see someone doing something wrong. Unethical laws are more difficult to enforce, because the average citizen doesn't call the police when they see someone breaking an unethical law. Most people don't call the police when they see someone smoking marijuana, for example, because the average person has a moral compass which tells them that putting someone in jail for smoking marijuana is reprehensible. Historically, whenever the law has been wrong, many people have been saved by people refusing to report them: the underground railroad, hiding of Jews in Nazi Germany, gays under anti-sodomy laws, etc.
In contrast, I believe that when someone is actually doing something wrong, people call the police on them. If I witness a murder, rape, child abuse, etc., I would absolutely call the police. And while there are certainly high profile cases of people standing by and letting bad things happen, I trust people to do the right thing most of the time.
Pervasive surveillance bypasses witnesses as the basic tool of law enforcement, which takes the power out of the hands of the average person. This might allow law enforcement to catch more bad guys, and if that were the only concern, violating our privacy might make sense. But the flipside is that it allows law enforcement to put more people in jail who aren't bad guys--people who smoke weed, teenagers who sext, etc. As long as there are unethical laws, privacy is the fundamental tool which allows average people to trust their own moral compasses and not call the police on people who are breaking unethical laws.
Pervasive surveillance also takes responsibility and knowledge of their rights, out of the hands of the average person. Witnessing should lead to empathy, the imagination that the same thing could happen to me, and if I think that would be wrong, I need to call out that wrongness when it happens to others. That is civility. That is how we build trust. That is foundational whether it's the average person or the average lawmaker or the average police person.
When we're carving out areas of society where we accept less trust, then we can only lose trust, and that area becomes dangerous to us and a safe haven for corruption.
Honestly, saying that the NSA has done maybe one useful thing in its entire existence and that everything it does could be replaced by "simple detective work" just shows you to be incredibly uninformed and ignorant about what the job of the NSA actually is.
> The first example was the case of Najibullah Zazi, who confessed to plotting to bomb the New York City subway system in 2009. Joyce confirmed that the NSA’s Internet surveillance program led officials to a suspect in Colorado who turned out to be Zazi. The FBI took the necessary legal steps to identify him and ultimately capture him, in concert with authorities in New York. Under Section 215's authority, Joyce said, the NSA was also able to nail down a “previously unknown [phone] number of one of the co-conspirators.”
> “Without the 702 tool, we would not have identified Najibullah Zazi,” Joyce said later in the hearing.
Okay, sounds pretty legit. His plea bargain was partly informed by threatening his parents, but it does sound like there was a lot of other evidence collected through traditional police methods.
> The second instance described was a thwarted plot to bomb the New York Stock Exchange. Under Section 702's authority, the NSA monitored a known extremist in Yemen who was communicating with a man in Kansas City, Mo. This information led the FBI to Khalid Ouazzani, his co-conspirators and ultimately the plot to bomb the NYSE. Ouazzani ultimately confessed to sending money to al-Qaeda and was never convicted for the stock exchange plot.
Okay, so we... removed a small funding source of Al Queda? Maybe it's just me, but if I were trying to attack Al Queda's funding, I'd start with not having the CIA give them millions of dollars before going the "surveil all Americans" route. For comparison, the CIA gave them $2 million in one payment, while Ouazzani gave them $23K. The NSA yearly budget is ~$10 billion. The NYC police budget was $5.6 billion in 2018 and they handled 295 homicide cases in 2018.
> The third instance cited by Joyce was the case of David Headley, an American in Chicago who aided the 2008 Mumbai terrorist attacks. The FBI had received a tip about his involvement in the attacks when the NSA’s 702 surveillance also identified Headley as involved in a plot to bomb a Danish newspaper office that had published cartoons of the Prophet Mohamed that were considered offensive by some Muslims. “Headley later confessed to personally conducting surveillance of the Danish newspaper office,” Joyce said.
So basically, this guy was already going to be arrested for the 2008 Mumbai Terrorist Attacks, but due to surveillance they were able to also charge him for... surveiling. The irony is staggering.
> Regarding the final case, Joyce testified that data collection under Section 215 helped uncover terrorist activity that the FBI had been unable to detect previously. In 2007, the FBI closed an investigation it had launched shortly after Sept. 11, when it could not connect the subject of the investigation to terrorist activity. Years later, under its Section 215-sanctioned metadata collection program, the NSA identified a phone number in San Diego that was in contact with a known terrorist overseas. The NSA’s discovery allowed the FBI to reopen the investigation and disrupt the terrorist activity. Joyce later confirmed that the activity involved providing financial support to a designated terrorist group overseas.
This could not possibly be more vague.
Ostensibly, since the source is the NSA's PR team, these were the best cases the NSA could come up with? This sounds like a strong argument that the money should be better spent on traditional law enforcement.
It's common knowledge that NSA dragnet surveillance recorded the phone calls and captured the metadata of almost every American for a few years, and probably still is. This, I would argue, we can agree upon without having to present evidence.
If you're going to argue that this violation of human rights was necessary, the burden of proof is on you to prove this extraordinary claim.
During the Cold War, the US government did a lot of things which were extraordinarily harmful to US Citizens and contributed nothing to fighting Soviet totalitarianism. Soviet totalitarianism was certainly a threat, but US repsonses to Soviet totalitarianism were often counterproductive. There's a strong argument to be made that the US government did more harm to US citizens during the Cold War than the Soviets ever did. I'd be open to hearing evidence that the NSA was an exception, but you certainly haven't presented any.
Simply trotting out old tired Russophobia doesn't prove that pervasive surveillance has been good for the American people, it just shows your own bias. You're turning a blind eye to the wrongs done by the US government, some of them much worse than pervasive surveillance.
> There's a strong argument to be made that the US government did more harm to US citizens during the Cold War than the Soviets ever did. I'd be open to hearing evidence that the NSA was an exception, but you certainly haven't presented any.
What harm do you claim the NSA did to Americans in that time? Their mandate is foreign surveillance, and while citizens do get caught in their net (especially with foreign contacts), it's not their focus.
I can think of a couple, but they seem relatively limited?
a) Surveillance revealing domestic crimes that were prosecuted through parallel construction.
b) American businesses benefiting from NSA intelligence gathering, through politicians passing along information.
The whole thread was about the NSA's budget and mission, so I misunderstood your point. It appears you have no specific qualms with the NSA other than the fact they exist under the same government as the FBI/CIA?
No, I'm just shooting down the idea that simply saying the NSA was involved in fighting the cold war doesn't mean they're positive for US Citizens.
I haven't mentioned my qualms about the NSA up to this point, but since you asked: I object to spending $10.8 billion in 2013. I object to the fact that they have so little oversight, the public had to find out what their funding is from a leak. I object to the fact that this spending resulted in only 4 arrests they will tell us about over a period of years which are all fairly questionable. I object to their continued violation of the constitutional right to privacy of almost every American. I object to them undermining encryption standards which weakens the security of people and companies everywhere.
The second thing you quoted is part of my evidence for the first thing you quoted. It's not a backtrack at all.
Do you have an actual evidence-based opinion, or are you just trying to catch me in weird gotchas? I'm sure I've said something slightly incorrect you can track down, but that doesn't really negate the evidence I've linked.
While it happened after the end of the USSR, we know that the NSA contrived to get a crypto system they knew to be weak standardized. And that weakness was later leveraged by hackers in at least one case.
I probably could have worded that better--it's ambiguous. What I meant is that a lot of the things which the US government did were harmful to US Citizens, and a lot of those same things that the government did, contributed nothing to the fight against Soviet totalitarianism.
Many of the mkultra experiments are a good example: the US government drove a bunch of US citizens insane for projects which ultimately resulted in no useable weaponry.
My point being: simply waving your hands and saying "the cold war!" isn't a valid defense of US government organizations.
Unfounded claims, calling someone incredibly uninformed and ignorant, with zero evidence to back up these admonitions, shouldn't be posted here. If you have a claim to post, back it up with some kind of evidence or data. No one should have to be called "kidding" when they call out a lack of any kind of data.
This made me realize I have heard ZERO news on Assange after his arrest, and the likelihood of him being tortured and rendered and railroaded of course means our nation (US) of laws and rights is a sham.
Don't tell me it's boring, this should be a sideshow for the media like OJ. Rape trial? Russian meddling? Little guy vs the government? International intrigue?
A truly independent media would be tracking his case to make sure due process is followed, but we all know what media is in the age of corporate conglomeration and oligarchy.
Though please keep in mind that smile.amazon.com is a marketing stunt. Firstly, it makes people less reluctant to buy increasing Amazon's revenue and secondly, Amazon is donating the money, so they get to pay less tax.
Since Amazon says it's not available until September 17th and you can only pre-order it now, I think probably even those 7 are records inaccurately registered before the book is actually there, and there are probably 0! Or did some libraries get the book earlier than Amazon can? Possible, but my guess is not.
Fair enough! I was thrown off the fact that it hasn't been released by the Worldcat page saying that there were three editions. I assumed that it was not possible to have data quality issues of that magnitude.
Oh, Worldcat data quality is definitely very problematic.
At it's best, it definitely doesn't represent _every_ library copy.
It requires libraries to register their copies with the central database. All of these libraries are different organizations with different software, at varying stages of 'legacy', trying to interoperate with each other, usually without very well-resourced IT teams. Then WorldCat has got to figure out when copies at different libraries are copies of the "same" thing, and what "same" means.
The worldcat database is very useful, but it certainly has data quality problems.
Amazon also says "4 formats and editions": hardcover, paperback, kindle, audiobook. Technically I'd say these are "formats" not "editions" -- the text is the same in each, although you might consider the audiobook a separate "edition" maybe, as it's not text at all, it's a whole different sort of thing. (And the Amazon UI hides it behind a 'more' link, although still just referring to the whole list as "4 formats and editions").
I'd guess Worldcat knows 3 of those 4 -- maybe all except kindle. Worldcat, like Amazon, is not really capable of distinguishing "editions" from "formats".
I'm not sure I'd consider the "3 editions" a "data quality" error exactly, in this case. It does point to some of the complexities of figuring out what's out there in the bibliographic universe, and how to model it in a consistent way that makes sense to users. (What _is_ an edition vs a format anyway?). Amazon gets data and corrections from people trying to sell books there providing some data entry/correction labor for free. And Amazon's website and data are _core_ to their business. As well as from other DBs like ISBN. Worldcat has to try to piece things together from a bunch of disorganized under-funded non-IT-expert nonprofits, who may consider "getting good data to WorldCat" not the highest among competing priorities, along with other DBs like ISBN.
Neither WorldCat nor Amazon are _great_ at determining "what separate editions/formats exist of this thing, and how do they relate to each other" in the general case. Cause it's a hard problem. Amazon does well enough to sell books apparently. They each have strengths and weaknesses. For things published decades before Amazon existed and/or no longer in print, WorldCat will do better in some ways.
Maybe the long term solution is to put together an open source library database package that serves the needs of 90% of libraries without modification, and make it convenient to make high quality data available.
Yeah, at one point OCLC was actually being kind of litigious with trying to make sure their db was _not_ open. I think they got over that, at about when they realized nobody actually really wanted it so much anymore. But it's debatable whether it's "pretty open" at present.
LibraryThing was sort of another attempt, that sort of still exists.
It's just a really hard thing to do, that takes a lot of resources to do well, and nobody's managed to figure out a funding model.
There are a handful of projects with various business models and degrees of openness of data that have tried or are still trying to do this. For whatever reasons (and we can debate em), they haven't really taken off or been succesful. shrug.
1. The book is announced, but not yet released (17 Sept).
2. Worldcat tends to lag acquisitions, and whilst extensive, is not fully comprehensive. There are nonlisted collections, and lagged reports.
3. Further acquisitions will be added.
And most importantly: Libraries are highly responsive to patron requests. Ask for the book to be added, and in all likelihood it will be, and you'll be notified when it's in and/or added to the waitlist.
The publisher Metropolitan Books looks like it's part of Macmillan so they're likely a traditional publisher, which suggests he got a pretty healthy advance on the book because of his fame.
I would also guess that even if he sold enough books to earn out the advance, his take on each incremental book is really small as the publisher took most of the financial risk with the advance itself.
One of the NYT best selling authors I spoke to over beers told me at most he can hope to get in the range of $200k in his lifetime for his book that was top of the charts for a significant amount of time, and continues to be very, very famous in it's niche.
An "advance" is just that: payment advanced against projected sales, and hence, per-volume royalties.
The publisher generally calculates the advance based on projected sales, and that's often all the money an author will see, though if an advance is "earned out" (sales exceed the projection), the author can earn additional royalty payments based on a percentage of the per-volume sales price. The usually cited figure is 10%, though this may vary.
TL;DR: Snowden is guaranteed the advance, but may earn more.
Assuming Print on Demand w/ amazon. He's not doing that but we'll just assume to keep it easy. And list price of $24
Amazon takes $5 to print
Amazon takes $9.60 royalty
That leaves $9.40 or 40% available.
Of that Macmillan takes their cut to cover editing, covers, advertising, etc.
And what is left is probably $2.40 for each sale.
For Self published folks (going eBooks this time). Assuming you list for $10 and get a 70% royalty from amazon.
You'll earn $7 for each sale.
But, then once you factor in advertising (on amazon which goes to amazon), your earnings for each book drop to maybe a 5-30% royalty range. And that assumes you can sell your book for $10, which most self published cannot.
I have friends who sell $10k worth of eBooks/mo who make $2k/mo. So 80% goes to amazon and 20% goes to them.
The answer seems straight forward. The term "authorities" comes with the assumption that they're the ones "leading". We've been taught for most of our lives the person up-front (parent, teacher, president) is always right and the vast majority of people won't question that.
Myron W. Orfield, Jr., Deterrence, Perjury, and the Heater Factor, supra note 13, at 83:
> Respondents, including prosecutors, estimate that police commit perjury between 20% and 50% of the time they testify on Fourth Amendment issues.
It should also be noted that many of these respondents did not consider lying at a suppression hearing perjury, infra text accompanying note 47, which would have the effect of deflating these percentages.
The FBI sat on incriminating info about Epstein for years and even still has yet to raid his New Mexico ranch for evidence. Given that he had damaging info on many people with their hands directly on the levers of power in "Western democracies" you'll have to excuse my skepticism that these agencies are acting in the interest of their common people.
I think the administration badly, badly mishandled Snowden and Assange, and allowed Russia to coopt them by isolating and threatening them. If they had treated them as whistleblowers and journalists (even if they had nefarious motivations), they could have kept them in "the west" instead of driving them into the arms of Russia. I don't believe that Assange was a Russian agent at the beginning but he was surely one by the time of the 2016 election.
There's a reason we have laws around a free speech and a free press-- they make the country stronger, even if they make it harder to govern.
I think you do Snowden a disservice when you lump him in with Assange. Snowden you can easily argue is a whisleblower. You can't argue that with Assange since he doesn't have first hand knowledge of what he is leaking and instead actively recruits people to feed him information to leak. He also seemingly encourages people to commit crimes to get more information for him. Snowden did that all himself. In addition, Assange does not have the high bar that information must meet in order to warrant a leak. He instead leaks everything that he has that fits his political goals. A whistleblower needs to be more precise and targeted with what they disclose. Snowden gave his documents to journalists to sift through, judge, redact, and publish. Assange just throws everything up on his website. Lastly, like multiple people in these comments mentioned, there is the question of their relationship to Russia. Knowingly or not, Assange has clearly been used as a tool of Russian Intelligence. Snowden being compromised is more of a conspiracy theory at this point with little (but some) real world evidence.
You think Assange put himself at as much risk as he did to promote himself?
He spent 7 years locked in an embassy (to great detriment to his health and was arguably worse then jail), is now in jail, and is facing at least life in prison, if not the death penalty. You really think he did all that just to promote himself and for some attention?
As far as I know the case was closed then reopened after some embarrassing US document leaked, and without any new relevant element. As far as I know, the Sweden authorities had the possibility to interrogate Assange without extraditing him, yet for some reason did not use that possibility.
Finding reliable sources with all relevant details is a hassle, so take it with a grain of salt. Nevertheless, I believe at this point that this unrelated affair is more an attempt at character assassination than a real thing. (I do recall that he reportedly didn't used protection, which would qualify him as a major jerk. Legislations seem to disagree on whether this was a crime or not, though.)
He is being extradited to the US on the charge that he helped Manning break into classified computers. These alleged actions are no longer journalism.
Greenwald and Poitras never faced charges for publishing the documents Snowden leaked / provided. The NY Times did not face charges for leaking the Pentagon Papers that Ellsberg gave them. Assange would not have been charged with leaking documents that others provided—but he is alleged to have taken a step too far.
How good a journalist he is is debatable. His ethics as a journalist may be debatable. His status as a (possibly bad, possibly unethical) journalist is much harder to debate: he set up a way to have information, which he then made public. Sounds like journalism to me.
One huge ethical red flag for Assange and Wikileaks is their view on redacting documents. They published numerous details that a traditional journalistic outlet would never make public include the names of informants. This almost certainly resulted in people being killed.
> They published numerous details that a traditional journalistic outlet would never make public include the names of informants.
Valerie Plame would like to have a word with you.
If we keep going down this road we'd end up with No True Scotsman. The reality is "traditional" journalists have done this - Assange is not an outlier in this regard. If we tolerate the "worst" of the traditional (which US society clearly does), then we can't use this as an argument against Assange.
>Valerie Plame would like to have a word with you.
I probably shouldn't have used the word "never", but the fact that the Valieria Plame reveal was such a big deal is basically the exception that proves the rule that it is highly unusual for a journalist to reveal this information.
Assange is certainly an outlier in the number of people who he exposed and the reason for exposing them. He reportedly said on the issue that "they're informants. So, if they get killed, they've got it coming to them. They deserve it."  Maybe you think that is a No True Scotsman argument, but I really can't imagine a well respected journalist showing such a complete lack of concern for human life. A traditional journalist would generally required some reason of tremendous value to justify putting those people's lives at risk. Assange's reasoning instead appears to be "They deserve it."
> but the fact that the Valieria Plame reveal was such a big deal is basically the exception that proves the rule that it is highly unusual for a journalist to reveal this information.
It was a big deal because people wanted to score political points, not because of a breach in standards. The more relevant point is the standing the journalist still had in society - he did not lose his job for it, let alone be prosecuted for it.
The quote you provide is taken out of context - at least from the Wiki page it is not clear if he is referring to the names that were leaked, as opposed to the ones that they ultimately decided to redact. I suspect the latter because it says "initially refused".
> but I really can't imagine a well respected journalist showing such a complete lack of concern for human life.
When you add the "well respected journalist", we really are in No True Scotsman territory. If all you mean to say is "He is a lousy journalist," then we have no disagreements. Without that qualifier, have you thought about extreme views held by existing, famous journalists? How much of an outlier is Assange compared to other "extreme" but established journalists?
I think the administration screwed up massively in more ways than one.
- They conducted illegal, and most likely ineffective surveillance. I mean, if they have as huge watchlists as it is claimed, they can't reasonably watch very closely.
- A subcontractor named Snowden, managed to leak a lot of secret stuff. And while it is the most memorable instance, it is not the first serious leak.
- They failed at damage control. The couldn't cover up, discredit, etc... While there is a debate on whether Snowden is a hero or a traitor, no one seem to question the truth of the leaks themselves.
- They couldn't catch Snowden, or found a way to get him to come back home. He is now with the Russians.
Being a believer in the Hanlon's razor, my hypothesis is that the NSA has become a bloated administration. Focused more on their budget and jobs than national security. Massive surveillance is just a way to keep them busy. Snowden's leaks and their aftermath actually tell two things: the extent of surveillance, and incompetence.
I was going to say exactly this. It's amazing how many Americans honestly think it's clear that Snowden is a "bad guy" because he's close to the Russians. Likewise Assange was pushed into a position that made him very unlikable to the US center-left (he could have probably played his hand a bit better). So mainstream American's are distrustful of both and pretty much everyone hates Assange.
There are lots of us who aren't though. The Russians gave him safe haven and I'm guessing it was the only big country at the time that would do so and challenge US hegemony. As much as I hate them for hacking and influencing our elections I recognize Snowden's decision made logical sense. Any smaller country would have rolled over and turned him over to the US.
In fairness to Snowden, he didn't intend to stay in Russia; his fate was sealed when the US revoked his passport. I can't imagine Snowden being much of a fan of Russia given a) what he probably knew during his time working at the NSA and b) actually living there.
If you examine what Ed Snowden leaked, it’s clear he was trying to do significant damage to the NSA. Much or most of what he stole and was leaked was unrelated to domestic surveillance. Much of it revealed our overseas activity. It’s difficult to see how any of it was to the benefit of Western interests.
He wasn't "just trying to damage the NSA", he was trying to get the truth out about surveillance, the fact that the NSA was damaged was tangential and they shouldn't have been spying on US citizens. The NSA and other gov police entities were basically breaking half the dictates and the entire spirit of the US Constitution.
What are the motives for leaking information regarding our actions on foreign soil against foreign citizens? I was a big fan of Snowden until he started doing that. That isn't whistleblowing against Constitutional violations and seemed to indicate a shift in his objectives. It now appears that he is just against US spying at large, which is a perfectly acceptable political opinion to have, but it doesn't justify whistleblowing in a lot of people's minds.
> What are the motives for leaking information regarding our actions on foreign soil against foreign citizens?
1. Removing plausible deniability. "Well we might be deeply involved in domestic surveillance but we certainly don't do it outside the US!". The laws that enabled the NSA to do the surveillance were attributed to accessing data that traveled outside the US.
2. Demonstrating the power and reach for legitimacy/plausibility.
I'm sure I can come up with more than the first 2 minutes it
took to assemble this post.
1. They don't need plausible deniability because they wouldn't deny they are spying on foreign nationals. Every world power spies on foreign nationals. The controversy that Snowden revealed is that they are spying on their own citizens, spying on foreign citizens is already known and accepted as a reality of modern politics.
2. No one was really questioning the plausibility or legitimacy of the documents Snowden released (there was some challenges on the interpretation of those documents) and revealing unconfirmed and unrelated intelligence operations does nothing to confirm the information about the domestic operations that he released.
Your assurances that you know what the NSA (or proxy) would reason is laughable, for example. You have a view that he's a bad actor and it doesn't matter to me, other than it's a trivial thought experiment to justify his actions. GL
> What are the motives for leaking information regarding our actions on foreign soil against foreign [human beings]?
Which side of an imaginary line you were born on should not determine your rights. If he leaked documents about operations against Americans, and then also about operations against foreigners, in my mind he did the same thing twice.
If there was another difference, like spilling the location or identity of a person likely to be at risk, please spell that out. I have yet to see an example.
>Which side of an imaginary line you were born on should not determine your rights.
That is what I am talking about as a "perfectly acceptable political opinion", but it is not an opinion that is based off any laws. Almost no mainstream political figure would share that opinion and therefore if that is the basis of Snowden's arguments, it isn't a wonder why he was treated harshly by the mainstream political system. Foreign spying is an accepted aspect of modern life. I totally understand if you think that spying in unethical. But Snowden would have been received much more favorable if he simply focused on the domestic spying operations which are largely unpopular rather than also revealing the foreign operations which are mostly accepted as necessary by the general population.
Just the fact that, at the time in 2013, a large amount of unknown data was stolen and shared with foreign powers by someone with such privileged access was certain to have catalyzed risk adjustments to global operations, including down to the level of specific human assets. Without a doubt, those in the military are informed that Snowden absolutely did real damage to operations. I’ve heard this in person from multiple military officers. Casualties aren’t going to be discussed.
Snowden’s leaks clearly benefitted adversaries of the NSA:
* domestic global powers such as goog and fb were able to lock down their customer data, which has the downside of shifting unchecked power to those entities
* foreign powers of the us now had confirmed intel on usa’s global intelligence gathering playbook and adjusted accordingly
Additionally, we can perhaps gain insight to any potential upsides or downsides of the proliferation of civil libertarianism that is directly attributable to the actions of Ed Snowden. I do believe personally that the first global superpower (whether the CIA and Google, China, etc) that obtains a way to break all current encryption (and has all of the pcaps) will have a huge upper hand in understanding social effects of this movement of the late 2010’s.
> Without a doubt, those in the military are informed that Snowden absolutely did real damage to operations. I’ve heard this in person from multiple military officers. Casualties aren’t going to be discussed.
They said the same thing about Chelsea Manning, then in her trial the prosecution finally admitted that they couldn't actually point to any casualties.
As a European citizen I’m very glad that Snowden reveled the depth of US surveillance over the world. It may have not benefited US citizens, but it had removed US surveillance from conspiracy theories to put it on a list of facts and I’m very glad for it.
Sure, I read them. Many of them were about operations against US citizens. However, not all of them were. Here is one example that comes to mind. That story in this leak is interesting, newsworthy, had serious repercussions, and was potentially unethical for the US government to do. However it is also exactly the type of thing everyone expects the NSA to be doing and it doesn't involve the spying on any Americans. This is the type of leak that will ensure that Snowden isn't embraced by the US government.
Your words do nothing to counter the argument of the comment you were replying to. The fact that the vast majority of the documents leaked were completely unrelated to domestic surveillance is as strong an indicator as we can get that he was specifically trying to damage the NSA, and any claims otherwise are PR.
drone strikes on people based on heuristics over metadata was the kind of logic that was operating at the highest levels of the intelligence apperatus, and not even congresspeople assigned to intel committees were aware of it.
people should know about the kind of insane stupidity that they get up to overseas that make the country less safe. or what, do you really think that that kind of stuff is what's keeping the terrorists from doing another 9/11?
This is a strawman, and isn't relevant to my argument at all. GP of my original comment never made the claim that the NSA/US weren't doing bad stuff (outside of domestic surveillance), only that Snowden was trying to damage them.
I love that Trump's DoJ hounding Assange into British custody and unsealing a huge indictment against him has done nothing to shake many Democrats' faith that Assange is some kind of Trump/Putin stooge.
He's probably as free as he could be. Certainly more free than in US. Russia is scoring against US by simply letting Snowden live free. Then even if it will be hard for you to believe, some countries grant asylum to asylum seekers, simply to comply with international treaties
>I think the administration badly, badly mishandled [whistleblowers]
Yes, but by design. Other than passing lip service towards transparency. The fact is Obama admin actively sought to silence them. I know this isn’t popular because HN won’t want to hear anything bad about Obama, but it’s a fact.
In the seven years of Obama's presidency, the administration launched a record number of cases against those who revealed what the government wanted kept secret. Under Obama, eight whistleblowers have been prosecuted under the World War I-era Espionage Act, more than under all other presidents combined.
Agreed. one of the most illuminating aspects of the Obama administration was the divergence between great tolerance for corporate whistleblowers on the one hand, and animosity toward government whistleblowers on the other.
Also, people cite the "more than any other administration" argument frequently, especially in media, but rarely think to mention the small sample size. nice work!
Yea, there is a special handling of that whole line. More than any other administration - doesn’t seem like much. And the qualifier that we’re talking about 8 makes it seem less important.
However, those 8 people also the qualifier of “combined” where the sum of people charged with espionage until Obama was less than 8 people total, and then he comes in and exceeds that. No one should believe that from 2008-2016 we had some resurgence of traitors to the country. Just people charged as such in most cases for doing the right thing overall.
To put my views into this perspective. Am I glad that Snowden and others leaked information on government programs? Yes.
That said, I think it's amusing when people need to call out "Under president <whomever>'s administration..." as if it makes a point by itself and implies something directly about the president that was named. Let's not pretend here, that's exactly what you were doing. Using this same logic, I hope you blame George W. Bush's administration entirely for the 2008 recession. I want to be clear, I'm not pretending that the sitting president's policy decisions and other influences don't have an effect. But inherited legacy, context, and the surrounding details play a huge role in how these things play out.
First, the people you are talking about (Thomas Drake, Shamai Leibowitz, Chelsea Manning, Donald Sachtleben, Stephen Kim, Jeffrey Sterling, John Kiriakou, Edward Snowden) all have different circumstances surrounding their cases.
Second, they all stepped forward roughly around 2009 and later. Most gathered the information they leaked between 2000 and 2008 working on programs for the CIA and NSA. They all leaked information that wasn't supposed to be leaked. The default in our government is to handle that with punitive measures. If they had stepped forward during any other presidency would the outcome have been the same? Yes.
Third, alluding to some sort of hypocrisy with regards to transparency when talking about intelligence programs initiated by the CIA, FBI, NSA, etc is ironic. Just because an administration wanted to embrace transparency doesn't mean it's fine to free-for-all leak information from those agencies.
> They all leaked information that wasn't supposed to be leaked.
What did Thomas Drake leak that wasn't supposed to be leaked?
> If they had stepped forward during any other presidency would the outcome have been the same? Yes.
Kiriakou in fact stepped forward in December 2007. The Justice Department under Bush did not pursue him, and it was explicitly the Justice Department under the Obama administration that did so.
Similarly, Jeffrey Alexander Sterling was in contact with a journalist during the period 2002--2004 (for a book published in January 2006), but his prosecution was also led by the Obama administration.
> What did Thomas Drake leak that wasn't supposed to be leaked?
He leaked information classified as "secret". Additionally he leaked unclassified information of which some of it was classified as "Unclassified—For Official Use Only" which means it is not supposed to be given to the public and is intended for internal or law enforcement use only.
> Kiriakou in fact stepped forward in December 2007. The Justice Department under Bush did not pursue him, and it was explicitly the Justice Department under the Obama administration that did so.
I'm not going to disagree here. For whatever reason, the CIA brought this case back in 2012 and asked for it to be pursued.
>Similarly, Jeffrey Alexander Sterling was in contact with a journalist during the period 2002--2004 (for a book published in January 2006), but his prosecution was also led by the Obama administration.
The Bush administration sent (the journalist) James Risen a subpoena on January 24, 2008. The leak investigation surrounding Sterling didn't come to a culmination until 2010. The investigation started in 2003, under Bush.
>[all had difference scenarios and different times]
Yet all were charged by the Obama Admin, for something people largely agree with and in most scenarios exposed government breaking the laws they themselves set.
As to your argument it doesn’t count because Obama didn’t put the cuffs on them himself - no, it was only Holder and Lynch who did the actual work, who directly reported to and were appointed by Obama himself.
I wonder if you would apply the same “AG autonomy” to decisions Sessions or Barr have made where those don’t reflect or implicate direction from Trump?
I'll quote myself, "I'm not pretending that the sitting president's policy decisions and other influences don't have an effect. But inherited legacy, context, and the surrounding details play a huge role in how these things play out."
The point being, there are often things initiated by past presidents that come to a head within the time the sitting president is in office. How the situations that arise are handled absolutely reflects on the sitting administration. But people who ignore the history and legacy surrounding those situations because it feels good to take a shot at an administration that has a letter after it (be it R or D) that a person doesn't identify with is overly simplistic.
There were a lot of things the Obama administration did that I do not agree with. Specifically, the use of drone strikes, how the ACA was handled (albeit a lot of players were involved), continuing revolving door policies, and more.
Yeah. Never post any facts about the BHO admin on HN or you'll be down-voted. It's amazing how many people have been sucked into the smooth and confident talk (and the complete lack then of media fueled outrage). Too many people's confirmation bais forces them to forget that actions speak louder than words.
If DJT did even half of the questionable things BHO did there would be blood in the streets. Point that out? Down vote!!!
To be clear, I downvoted both your and your parent's comments, not for saying disparaging things about Obama, his record, his hawkishness (many of which criticisms I quite eagree with), or anything otherwise negative about him, but rather for saying that HN is a place where that stuff is wrongthink.
When we start using the word disparaging to describe facts and truth we are ALL in a lot of trouble. So as well-meaning as you believe you might have been with your downvote, you wording has only confirmed the general problem / bias.
Irony that just pointing these things out will get more DVs is Chapelle-funny.
You might be having trouble wrapping your head around the thing, because the thing you're trying to wrap your head around is completely different from what I said.
To be clear, then: I did not downvote your experience. (I'm not even sure what that means. Can you explain?) I downvoted the counterfactual conclusion that you've drawn from your experience, and then crowed condemningly at the community.
I don't know about friendly. If you're wanted at home, and living in a foreign country at the pleasure of the local regime, there's going to be hard limits on what you're allowed to do without consequence.
The distinction is responsibility. If he were operating under orders from Russia, Russia bears ultimate responsibility for his actions. If they have no control over him and his actions merely benefit them, he bears responsibility for his own actions.
Well, then I suppose it was indeed a PR stunt for the Russians to accept South African farmers, and they are according to your logic indeed Russian Agents! That is assuming a PR campaign pushes an agenda, and I would argue it does.
Hold up, where did you get the idea that Assange has at any time worked for “the Russians”? It seems like he’s stuck to his guns and his convictions on Wikileaks without any misstep. There was never any indication that he had a change in loyalties or that the quality of Wikileak’s content had changed, was there?
Yeah it would have been an opportunity for Obama to shine but alas he didn't. Just the mediocre, status quo President that we elected. In retrospect, I'll take him any time over our current Mango Mussolini.
People spend so much time patting themselves on the back for electing the First Black President - who was witty, looked leader-ly on TV, and wore a (D) behind his name - that they totally let him off the hook for so many abhorrent policies, like mass surveillance, drone assassinations, and the way he mistreated the biggest whistleblower of our time.
It's so disappointing how few people seem to have complex thoughts about our political system/politicians, and it shows in the ever-decreasing quality of those things as time advances. Bandwagons are dangerous, and it seems we only have bandwagons left.
I believe he is a hero and did the right thing, but I think there is no way the US could do anything but try to put in prison someone who illegally made state secrets public.
That would have set the precedent that anyone with secret bad looking intelligence about the US would be safe to come out with it.
Turns out I'm sure that there is a lot of intelligence that looks quite bad for the US.
There are in fact whistleblower laws. The big question at hand is how it was handled. Snowden claimed to go to his superiors first, which checks off an important box. So the question is if he did that or not. I believe he was also supposed to attempt to report to Congress before he can legally go to the media. It's definitely a gray area and if you believe it is right probably depends on how much you trust the government and moral factors.
I think he did the right thing too (though maybe not the best way, but that's a completely different argument). But I don't think you have to treat him as a traitor. We're a society that values democracy. A branch that is over reaching should be realed in. We've done this is the past. I think the framers very much understood that democracy is always a balancing act. One that must be continually fought for. I think anyone who really has looked into democracy clearly see this. I think we've just lost sight of that (I'm talking about a lot more than Snowden though)
This sounds awfully similar how Western governments singled out the so called communists. If you don't support war and actively protest against in the Middle East does not make you an agent for isis or Muslim brotherhood.
If he was an agent the Muller investigation would have revealed it. It doesn't say so in the paper that is public, I actually read the whole thing.
You're an agent if you get orders from Kremlin, people's interests align often with different people, hence the world and politics is complicated.
It also made me stumble across his interview from a couple years back talking about the "why" but I didn't dig enough to find out of the unbroken glasses are purely a time-series thing, or if he finally got tired of it and got his glasses fixed / got new glasses.
I wonder what if he would mention anything about 5G in the book. As far as I understand, all the fuss US making against Huawei is actually due to its (future) crippling of its eavesdropping capability. Not that 5G is a panacea for that but Huawei is augmenting their equipments against such attacks, and they will be the main supplier.
Amazon controls so much of the internet that it's increasingly hard for anyone to avoid them. The deal they struck is far more involved than your typical company using AWS, but I wouldn't look to Amazon's customers to make any assumptions about Amazon's motivations beyond their lust for more money.
The reality is that this book doesn't pose any meaningful threat to the US government's mass surveillance programs and having impotent critiques of the US Government openly available as opposed to outright banned gives us a false sense of security in our freedoms.
Unpopular opinion destined to attract downvotes but: IMHO the NSA spying program was outrageous...for the colossal waste of money and time it was.
First, if you're really worried about privacy, why is it not a DEFCON 1 outrage that state DMVs are selling your info to private investigators?  Or if you're really worried about your personal liberty, isn't your local police force a greater threat then NSA eavesdroppers?
Back in 2013 the NSA claimed it was spying on 29 petabytes of internet data (out of 1826) a day , or 1.6%. That's both a trivial amount of overall traffic and an insanely large dataset at the same time (since it accumulates every day).
Isn't a big chunk of that traffic encrypted? Even if it's not, how do you find terrorists in that data? Do they self-identify? Even if they use a trivial substitution cipher ('cupcakes' instead of 'bombs') it would evade these billion-dollar supercomputers.
To me the NSA's spying program was security theater akin to airport security: expensive machines that don't even catch terrorists. They fail their own internal tests 95% of the time! . I personally would like to know what algorithms the NSA was using to successfully identify terrorist data in exobytes of (possibly encrypted) datasets. Sounds like billions spent on airport scanners to me.
Finally, on a political level, Snowden seems like a massive hypocrite to me for hiding in China, which harvests the organs of political prisoners  and Russia, which routinely assassinates political opponents and journalists . But he's mad that what, the US was reading his Gmail?
I realize he's super popular among the HN crowd and the libertarians for whom all gov't surveillance is evil but I, for one, am not a Snowden admirer. Downvote away.
<RANT>US expatriates are the only expats in the world that have to file annual taxes (and report foreign bank accounts). It's ridiculous for most of us (99% are not tax exiles or tax evaders, we just left the USA for our own reasons). </RANT>
In many countries it's hard or near impossible for US citizens to get bank accounts and other financial services, I guess due to them not wanting to deal with reporting requirements? Europeans, Aussies, and pretty much everyone have it way easier. Makes me so mad.
A few years ago, the IRS came after Boris Johnson, then the mayor of London, now the PM, for taxes on the gain from the sale of his house in London. He was born in NYC, you see, making him an American citizen. He ended up paying the tax and renouncing his US citizenship.
Ha. My ancient mother, who is English, was conducting some mundane transaction in an English bank the other day when the teller asked her "You're not American are you?". She was so surprised she didn't know what to say.
AIUI, it's not just reporting requirements but the potential for massive fines that's driving this.
It costs over a grand to quit the club known as "citizenship" you're going to want citizenship in wherever you reside first when you give up US citizenship (you could choose to be stateless, but that makes more problems than it solves). Doing this does not absolve you of existing debts in the eyes of the IRS. And finally, you'll be interviewed at the consulate and if your stated reason for giving up citizenship is "the overseas tax thing", you'll be denied a visa if you ever want to visit the US again.
You can choose to be stateless? I thought I've read in UK media that countries are not allowed to make a person stateless. This is in the context of ISIS fighters with dual-nationality, these people are having their British citizenship stripped.
Apparently, you can run for any government office in a foreign state and it immediately nullifies your US citizenship. I have only heard this as rumour, and I don't have time to confirm / deny this, but it may be worth looking into.
You don't have to look that hard to find that this is not true.
Boris Johnson (the UK Prime Minister) was a US citizen until sometime in 2016. His UK political office roles until then included serving as a MP (2000-2008), Mayor of London (2008 - 2016), and UK Foreign Secretary (2016 - the time he relinquished his US citizenship). Reports indicate that he gave up his US citizenship to avoid the IRS taxing him.
For some cases it sounds like only if you have the intention of giving up your citizenship, then you have to get a "Certificate of Loss of Nationality". But I'm not a expert in this area, but I can see where this idea is coming from.
Such employment, however, will result in one's
expatriation only if done voluntarily with the intention
of relinquishing U.S. citizenship. Running for foreign
office, even foreign head of state, is not a potentially
expatriating act; only accepting, serving in, or
performing the duties of a foreign office are potentially
expatriating as described above.
The Department has adopted an administrative presumption
that U.S. nationals intend to retain their U.S.
citizenship when they naturalize as nationals of a
foreign state, declare their allegiance to a foreign
state, or accept non-policy level employment with a
The presumption that a person intends to retain U.S. nationality is not applicable when the individual:
1. formally renounces U.S. nationality before a consular officer;
2. serves as an officer in the armed forces of a foreign state engaged in hostilities with the United States; or
3. takes a policy level position in a foreign state
Cases in categories 2 and 3 will be developed carefully by a U.S. consular officer to ascertain the individual's intent toward U.S. nationality.
Kinda confusing, but sounds like if you were elected prime minister of Canada (which would be policy level), then there's the presumption you wanted to give up citizenship, while working as a employee for the Canadian government such as driving the snow plows would be ok but things are reviewed by case by case.
You can renounce citizenship. There is a large multithousands dollar "fee" to do so. And if they find out you did so to avoid paying taxes (ex. renouncing citizenship and then turn around to cash out some Bitcoin) they can still go after you for taxes.
Most citizens never hit the threshold to actually pay except if you file from a known tax haven. Income up to $115k is untaxed and any other taxes you do pay are deductible.
"Income up to $115k is untaxed and any other taxes you do pay are deductible."
It's not as simple as it first seems.
If you claim the foreign earned income exemption (FEIE) so you don't pay anything on the first $115k or whatever, then you can't claim a credit for all the taxes you paid in the country where you live. You can only claim a portion.
So, if your income goes up above some certain amount, you're better off (lower US tax bill) giving up the FEIE so you can get a credit for all foreign taxes paid.
But, if you do that, then you can't claim FEIE again within 5 years, unless you get special permission from the IRS. To apply for this permission (with no guarantee) you must pay a fee of a few thousand USD to the IRS.
> $400 per year in time and money to file a tax return
That number seems pretty high unless you have very complicated income (in which case you likely have a lot of money too)
Also worth mentioning is that Foreign Income is taxed differently, so while you technically still have to pay taxes, I believe for most people who work mostly in a foreign country don't have to pay very much.
Yes, like, say, having an accountant that can read and understand your taxes where you live in Italy and then use that information to file US taxes. And of course they'll need to understand the tax treaty between the two countries so you don't end up paying extra. Of course it's complicated and a huge pain in the ass! And that's with a relatively normal, stable, well-established country with a lot of US citizens living in it.
I should add: $400 is also a bigger deal when you live somewhere and don't earn as much as a software developer in the US.
If you're a resident of the US with not too complicated income then this is true.
Working in a different country means you need to know _their_ tax laws, how much you need to pay the US, etc. It becomes complicated quickly, and if you're trying to minimize what you pay in taxes it's another story altogether.
You claimed to be thankful for not being "double-taxed", from which I inferred you're a Canadian, living abroad, "thankfully" not contributing to the roads, schools and hospitals of this country from you which, once can assume, you hope to extract benefit from in the future.
If you're a Canadian who lives in Canada and pays Canadian taxes, there's no controversy.
> You claimed to be thankful for not being "double-taxed", from which I inferred you're a Canadian
It's not "double-taxed", it's double-taxed. The U.S. system in fact makes it possible for the same income to be taxed twice at the full rate. And you didn't need to infer that I'm Canadian, I said it right in my comment.
I'm thankful I'm covered by the Canadian agreements, which allow me to credit my Canadian tax payments against (most of) my U.S. tax liability. I still have to file taxes in the U.S. like every other U.S. citizen, I still have to file FBARs with FinCEN like every U.S. citizen. I still have to pay Canadian taxes like everyone else who makes Canadian-source income, I still must pay the OHP like every Ontarian, I still must pay into CPP even though I may never be able to take it. Even if I didn't make Canadian-source income I would still be paying property taxes either directly or indirectly, paying sales taxes every time I bought something other than groceries, and that's where the roads and the schools get their money; though because of some combination of my personality and the quality of the schools I never did get more than primary school out of the system here before I left to work and began paying net taxes in my second year of full time employment.
I don't know why you're being so hostile. If somehow this arrangement allowed me to not pay taxes lawfully, how would that be my fault? It would be all of ours.
Frankly it's appalling that they manage to make things cost enough to justify these taxes, especially as every Canadian sees these obscene transfers of wealth from every taxpayer to Bombardier, the leniency extended to SNC Lavalin, the "equalization" process by which unproductive Canadians feast on productive ones for the privilege of living in equal comfort without ever considering moving for work; but I do pay them, you're welcome.
The other countries that tax worldwide income: Libya, North Korea, Eritrea and the Philippines. Great company to be in.
You could call it ridiculous because it’s so unusual. But the reason most countries don’t do it is that taxes are a supposed to be a deal - the government forces you to hand over money and pays for services you use in return. Expats - they aren’t using those services.
And your point about tax evaders is moot - taxing global income only hurts law abiding expats, not evaders. Seems like you’re being hostile and skeptical for personal reasons.
This controversy is directly related. You should inform yourself.
Canadian taxpayers spent $100MM evacuating Lebanese Canadians from Lebanon in 2006, many of whom were citizens but had never paid taxes to Canada. We now bill for extrication. Seems like a fair compromise.
If you're a Belgian citizen, and move to, say, Canada, you'd file taxes in Canada and that'd be the end of it. If I, as a US citizen,move to Canada, I'd have to file and pay Canadian taxes, and file - and maybe pay - US taxes in addition.
What you're talking about is if, living in Belgium, you have income from other countries that needs to be reported, which seems fair enough - after all, you live and pay taxes in Belgium, not those other countries.
>taxing global income only hurts law abiding expats
If you want to maintain your citizenship and have a safe-haven to run to if SHTF, then you should contribute to the tax system. I truly don't understand why this is controversial. An American passport is powerful.
Edit: I suppose I shouldn't be shocked that the tax avoiding leeches in Silicon Valley don't feel obligated to contribute to the societies from which they extract their wealth. I'm glad the system is catching up.
If S* is hitting the fan, aren't you assuming said expat lives in, to use El Jefe's words, a "S* country"? By conservation of mass, the S* comes from somewhere. Instead, most expats live in W. Europe, Canada, or Japan/Korea. Pretty safe.
" tax avoiding leeches in Silicon Valley don't feel obligated to contribute to the societies from which they extract their wealth"
Well, no. Ppl aren't complaining about paying taxes to the sovereign of where they live, even on their global income. That's another discussion. It's about paying taxes, usually mostly locally earned income, to an entity far away that has no jurisdiction and that provides nothing in return.
As others have mentioned, your American passport does provide you with services. But if you truly believe it's worthless, why maintain citizenship? To save the fee to renounce citizenship, even though it will save potentially tens of thousands of dollars annually? Doesn't make sense to me.
No, it's a safety measure. And I think people are lucky to have it, at the low cost of some of your tax dollars.
In fact I live in the US but haven't applied for US citizenship for this, among other, reasons("passport" being woefully misused word in this context). Anyway, that is a very poor advice since:
1. Most people have one citizenship, including expats (most return).
2. Giving up your US citizenship implies very many more things than not paying taxes. Look up ex-pat type laws.
"American passport does provide you with services" Well the passport surely doesn't. The citizenship might, but I've been an expat all of my life (started bouncing around the world at the tender age of three weeks). I've never used, no one in my family has every used, an no one I know has ever used our rich, Western countries' services 
I have used the services of the local police very many times.
"No, it's a safety measure"
The Special Forces aren't on a razor's edge ready to jump and come get you. That's BS from Hollywood. You get in trouble abroad, and yes, you can ask for the local consulate to send someone to see you in jail. That's, in the vast majority of cases, about it. But I try to avoid jail myself.
 We're not British. Apparently, Brits get into so much trouble abroad that the Brits have come up with a simple solution: charge the drunk louts for consular services!
EDIT: To be clear, when I move to another country, I take pains to declare that I'm no longer a resident lest I continue being eligible for that country's services.
If you wanted an actual safe haven, you'd chose something like Andorra, Vatican, San Marino, Liechtenstein or Monaco. Those have a homicide rate of 0. Japan with 126 million people has 0.2, UAE 0.5 and South Korea 0.6.
"Seems like you’re being hostile and skeptical for personal reasons."
You made three assertions. One was factually incorrect. One was a matter of opinion, about which I was curious to understand your reasoning. The third seemed like it was unlikely to be true and hard to get data about, so again I was curious.
I'm sorry if my pointing out an untrue statement and asking for more information about others seems hostile.
My personal reason for wanting to point out the incorrect assertion about the US being the only country: https://xkcd.com/386/
Why does it matter? My brother in law lived in Costa Rica for 10+ years. He never had to pay a single bit of tax. I know a few people in Europe with higher salaries and they have never paid a cent either.
I’ve yet to meet anyone who lived overseas and had to pay the IRS.
> He never had to pay a single bit of tax. I know a few people in Europe with higher salaries and they have never paid a cent either.
He didn't say pay taxes; he said file taxes. Every year I have to tell the US government how much I made, and then explain why I don't owe them any money (i.e., already paid tax on it to the UK). It's a stressful hassle even if you don't end up owing anything.
I pay taxes to the US (and not to the country I live in) on the small amount of passive income generated in accounts located in the US. I'm not 100% sure if this is the Right Thing to do or not, but it seems fair. But my taxes would be a lot simpler and less stressful if I only had to report this income (and on years where this was 0, not report anything at all).
I had to pay. I have lived abroad for several decades and when I decided to do some independent contracting I realized that now I have to pay social security. Also, while I generally pay more taxes than an American, every once in a while there is a tax break that I get that Americans don't. In that case I have to pay that amount to the US.
Snowden will absolutely be revealed as a HUMINT asset.
I am extremely grateful for his revelations but I always found his justification for his actions to be rather flimsy.
He worked as a CIA operative and then NSA contractor helping build global surveillance infrastructure (as well as allegedly designating targets for its use) but only realized his actions were unethical because they spied on US citizens and lied about it? What about all the other people he spied on or stripped of their privacy and rights? They don't count because they weren't born on the right soil? Suddenly lying becomes an ethical issue for someone who worked in the espionage world...
He took a lot more documents than just the NSA surveillance disclosures. Thousands of emails, IMs, and other correspondence between DoD officials unrelated to NSA that blew several agents cover. These fell into the hands of Russian and Chinese agencies..somehow
From the perspective of the American experiment in democratic rule of law, my feeling is that Snowden's work has had both positive and negative impacts. Maybe net positive because of increased scrutiny over the natsec apparatus and elevation of "privacy" from a govt perspective (though IMV corporate invasions of privacy are far more profound and impactful and have only deepened); net negative because of the increase in chaos and distrust in governing (I see a direct line from Snowden to Trump).
It's one thing if these are the ebbs and flows of an open society.
Many people in the natsec apparatus- yes, at the institutional level attacked by Snowden- have counterclaims that Snowden's narrative of his actions and motivations is incomplete, that there is more to the story, that there are other reasons he lives now in Russia, which is not an entity that is conducting an experiment in democracy.
To put Snowden's work in better perspective, I would like to see- his use and sources of cash. That's all. And that's not this book.
Not sure why you're being downvoted. Even if I don't believe that Snowden is a Russian agent, I think that is a fair question. The point you make about the sources and uses of cash telling the truth about someone is a great one not only within the context of Snowden.
Has US intelligence actually claimed Snowden is a Russian agent? People keep saying he is a traitor, but not whether he was always a spy or had been recruited directly by the Kremlin. All that is being fueled by media speculation.
There is also the likely possibility he didn't expect to be awarded a medal for uncovering the US governments own surveillance program on its citizens.
Anyone have a link to steal and read the book for free? I don’t support his cause but wouldn’t mind reading the book. Yes I’m admitting to intent to pirating Ed Snowden’s book. It’s not like I’d be stealing sensitive military secrets and selling them to Omidyar for a pledge up to $250MM. How many Russian speaking people were in his orbit in Hawaii from 2011-2013? How many of them had the operational capacity to pull off a conspiracy to guide Ed to Mother Russia undetected?
2) Yes Russian speaking folks are in our IC, military, private sector etc. and are certain to have been in his orbit
3) someone could ask mr Omidyar
Given his connections to Booz and his level of intelligence (punahou grad along with Obama etc) He could be a total patriot at heart and it would be difficult to know the difference. Shit, maybe Pierre is a triple agent, a regular Bond good guy. But I’ll tell ya when I heard he bought up the secrets I was sure at that moment that he is either a total patriot or is part of a conspiracy. Probably just an opportunist though. Kind of like the geniuses who foresaw bitcoin’s rise.
It’s impossible to tell without access to the full trove. He could be releasing things in a way that either minimizes or maximizes damage (or anywhere in between) to the US.
Yes, we can only speculate. I’m not in the intelligence community and those who are aren’t likely to voice things publicly.
The whole situation seems odd. A calculating genius spends months planning what is ostensibly a haphazard plan to wind up in Russia supposedly not by choice? Then Omidyar also in Hawaii and connected to Booz buys up the secrets. Seems odd to me.
If Mr. Omidyar were patriotic maybe he would have bought up the secrets and kept 100% of them private, thus extending the oath of secrecy that military officers all take. Mr. Omidyar has come forward as an agent of the free press, not as a sworn patriotic military officer. Difficult to tell his motivations from the outside yet worthy of speculation.