Nearly 200 years ago, de Tocqueville asked why the American experiment in self-government succeeded while its French counterpart led to the guillotine, mob excesses, and ultimate tyranny and he gave a complex answer whose core was that private moral restraints in the populace served to check the unbounded passions in people that lead to oppression. In other words, the private life that each of us leads will hugely influence the way we are governed.
Governments are always ready to grab the greatest degree of power that the people will give them. That is the default because it is hard-wired into the human condition. And this is the major factor not grasped by those today who assume that society is evolving to a point that, if only right-thinking people with good motives are given enough power over our lives, they will somehow magically transform society for the good through government action. In reality, if any persons - right-thinking or not - are given largely unchecked authority over our lives, abuses will inevitably follow. As they gather huge amounts of power, their purpose in life becomes to guard that power jealously and to increase it as opportunities permit. No bureau has ever abolished itself. Farm programs from the depression era thrive today as ever, though the logic for their existence has long since vanished. Politicians of all stripes promote expanded budgets for their own areas of preferred government expansion and spend money they don't even have in vast quantities with little or no accountability to the people they supposedly serve.
This is why it is vital in a free society that its people be educated and morally grounded to value their rights as individuals and to resist and distrust unchecked authority in the state. Do we have that today? Perhaps, but only in a very weakened form. Many people today do not even give pause over the idea that the government claims huge amounts of unchecked power, whether it is to fight terrorists or to expand social programs. There is very little residue in our society of the old-fashioned principled belief that it is wrong to have vast centralized power with very few checks upon it. In her sign off piece, PJ notes: "Not that anyone seems to follow any laws that get in their way these days. Or if they find they need a law to make conduct lawful, they just write a new law or reinterpret an old one and keep on going. That's not the rule of law as I understood the term." This is lamentable but it is a mere symptom, and not the cause, of our ills. Politicians make the law as they go, with no accountability, only because they are allowed to do so by those whom they govern. And, if someone already has vast power over you, it is but a small step to extend that power in a technological age by using technology to spy upon, intimidate, and control people. Why, when these leaders are allowed to lord it over us as they see fit, should they suddenly develop scruples in gathering information that only serves to enhance their power to do what we are already letting them do without so much as a peep of principled opposition?
Privacy is in significant peril, and it is a serious loss when Groklaw goes down over this issue. But assaults on privacy are but a symptom of a deeper malady as modern society increasingly believes that it can hand over massive forms of unchecked government to its politicians in the naive belief that such power can be used wisely if only we have right-thinking leaders at the helm. The answer, as de Tocqueville noted years ago, is not to place faith in leaders but rather to take personal responsibility in our lives and to curtail the powers of those who govern. I guess we shall just have to wait and see if this is possible today.
In the meantime, we can praise those who fight the good fight, and PJ has been a supreme example of this. Tireless, talented, and astute, she has been a wonderful force for good over the past decade. May she find a powerful new outlet for those talents as she moves forward, even in a difficult environment.
http://www.thomhartmann.com/bigpicture/full-show-81913-ron-p...
These are vastly different issues. Providing social programs doesn't infringe on anyone's rights except by taxation, which the government is constitutionally entitled to perform to any degree it wants. In contrast, the tactics employed to supposedly fight terrorism often impact rights which are protected by law.
The funny thing is that they aren't. They're all about power. Power given to the few to control the many. Social programs just have that sugary coating that voters like to swallow, but the rotten corruption of power is at the center of all and its effects inevitably dominate.
Am I missing something? Short of a generational movement to move the Court on civil rights toward information privacy (akin perhaps to medical privacy claims), I really don't see an alternative. The Executive branch has every incentive to maintain their power here (and argue as such under the War Powers). And the Court seems all too willing to cede that authority.
Blatant Intimidation and Control is not what the US Government does. If you want proof, compare the US handling of the Washington Post to the British handling of The Guardian. The Washington Post and New York times have been free to publish everything. The Guardian however, just had spooks smash their computers this past weekend.
The US affords the press freedom: freedom of speech, freedom of debate. There are no spooks here that are trying to shut anything down, anywhere. At worst, we have some secret conversation that happened between Lavabit's owners and the FBI. No one forced anyone to shut anything down however, most certainly not in this Groklaw case.
Abuses that have come to light are all under-the-table sort of affairs. Metadata collection is not technically data, and therefore isn't afforded 4th amendment protections. (See Smith v Maryland). Information gathered from the NSA technically can't be used in a prosecution case, so the DEA unofficially changes the story before it gets told to a judge (see Parallel Construction).
Some laws are working, but there are cracks in the foundation which is leading to an overall breakdown in trust. If anything, viewing the news recently has shown me that these agencies are very interested in following the _letter_ of the law, although not necessarily the spirit of the law.
------------------------
History of the US is a sobering example, of the Government constantly giving up powers in favor of its citizens. Need I remind people of the Office of Censorship in 1940s, where Government agents read every single mail that was going across the mail system? Need I remind people of COINTELPRO in 1960s, the program the FBI used to spy on Malcom X and Martin Luther King Jr ?
The US Government has historically listened to the pressures of its citizenry, and changed. It is not the time to lose hope, but the time to make your voice heard. FBI and NSA, as intimidating as they are, are run by US Citizens first and foremost.
PJ feels extremely genuine here, she is definitely not using this as an excuse.
Wow. There is something very unhealthy in the air or in the water these days. Lots of people seem to be totally immune to the consequences of rampant surveillance and frankly bizarre powers executed by the current set of governments. And all that in the name of the war on some nebulous entity that could not even capitulate if it wanted to (and that's assuming such central command and control even exists).
2013 is fast shaping up to be a year of notoriety, so many things happening in so many places that are all linked to governments overstepping their powers.
Who would have thought 20 years ago that we'd see US whistleblowers hiding in Russia of all places. That there would be meaningful comparisons drawn between the Russian government and the UK government when it comes to dealing with the press, that we'd see torture committed by the people we routinely thought of as the good guys.
It's a weird world we are living in at the moment.
Since comments are turned off there:
Thank you PJ for all the extremely hard work and the dedication. A lot of good came from this, I'm quite sure that there were some cases where both the plaintive and the defense were spending as much time reading groklaw as they were reading their email. It certainly counted for something.
Little do they know that privilege is given at the behest of the oppressor, and can be revoked instantaneously.
I suspect that US tech companies who are complicit in dragnet surveillance - and PRISM specifically - are already understanding this.
Absolutely. Just as 2013 is the year where "ordinary people" have begun to understand that "the cloud" is a scam.
(And that is doesn't make that much of a difference if they store their data with Google, Apple, or directly with the NSA. If the blueprints of PRISM can't be kept from leaking, then subsets of the actual data will leak as well. Five or ten years from know, you'll have a huge grey market of -- medium to low quality, outdated, etc. -- surveillance data.)
I have now gotten for myself an email there,
p.jones at mykolab.com in case anyone wishes
to contact me over something really important
and feels squeamish about writing to an email
address on a server in the US.
Switching to Kolab is false comfort for people who are "squeamish" about sending mail to "a server in the US".
I'd love to see PJ publish her public key and encourage people to learn how to use it.
That helps, but it doesn't mask the data groups like the NSA are really after (who is talking to who, and when).
Thank you, PJ, for the invaluable and remarkable work you have done for the FOSS community and, as a consequence, wider society in general over the years. On a personal note, thank you also for helping me with some research for a paper I was writing a couple of years back even though you were a busy person.
As for whistleblowers — it's all about politics and “your enemy is my friend” between States and Russan rustlers.
Bruce Willis said it best. :)
http://www.youtube.com/watch?v=vD94dVu8lqQ
I really hope that people look not only into the current list of abuses, but also into the whole nature of government that _inevitably_ led to this point.
Band-aids and spin doctors are not going to make these problems go away. At best they'll just make the problems go further underground so that we don't hear about them as often in the news.
Do you think the NSA is looking to cut back its authority or is it looking to prevent public awareness of this kind of thing in the future?
There's still a big world outside the Internet, and yet ironically, we live in a world where some employers are so stupid that they won't hire someone without a Facebook, making the abuse and surveillance of Internet more relevant than it needs to be.
I find it hilarious that in most of the threads I've read on here for months, that people who have actually lived in oppressive regimes say that the US is at least displaying a likelihood of being on the slow descent to Hell, while people in the US are quick to point out that it's still fine because we have elections and we aren't being forced out onto the streets and shot in the back of the head.
Read any book on history, strategy, authoritarianism or "real" conspiracies and it's abundantly clear that the best way to control a population is to analyze and manipulate the information they consume; I will not be surprised when we find out in 30-50 years that the tech companies were not only complicit in passive surveillance, but in active manipulation to control public opinion and perception.
Further, people self-actualize and learn to evolve to higher ideals, so once you debase intelligent debate/freedom of expression and make every personal detail of a person's life that passes over an electronic medium open to dissection and survellience, you debase the minds of the people as a whole and open the door to committing worse atrocities.
It's actually less difficult than it was 50-100 years ago to control public opinion. Before, you'd have to burn books and control every major newspaper and broadcasting corporation. Now you can just astroturf on Reddit or Twitter, or edit Wikipedia is subtle ways, and have the same effect.
The comparison that some have made between the US Government and Stasi is more accurate than you think, with regards of Zersetzung:
> By the 1970s, the Stasi had decided that methods of overt persecution which had been employed up to that time, such as arrest and torture, were too crude and obvious. It was realised that psychological harassment was far less likely to be recognised for what it was, so its victims, and their supporters, were less likely to be provoked into active resistance, given that they would often not be aware of the source of their problems, or even its exact nature. Zersetzung was designed to side-track and "switch off" perceived enemies so that they would lose the will to continue any "inappropriate" activities.
Source: http://en.wikipedia.org/wiki/Stasi#Zersetzung
Data mining is a very interest challenge and represents a major step in large-scale computing technology, but it pales in comparison to data manipulation.
Imagine for a moment if the intelligence-surveillance apparatus were redirected outward: methods used for parsing human communication would be re-purposed for disseminating seemingly-human propaganda. Who you're responding to on Twitter, reddit, or HN may not be a person.
Imagine for a moment if spammers were quite a bit more convincing in their emails, and that their poor grammar and spelling were improved.
If your communication (and location) data is stored by US companies complicit with programs like PRISM, and there is no hope that this data will ever be destroyed, then that's enough to make you communicate (and move) a lot more cautiously.
That brought back a quote from a past: "He who controls the past controls the future. He who controls the present controls the past."
I had to look it up to get the exact wording right. Was only half surprised that it comes from Orwell's 1984.
There's still a big world outside the Internet, and yet ironically, we live in a world where some employers are so stupid that they won't hire someone without a Facebook, making the abuse and surveillance of Internet more relevant than it needs to be.
The same sentiment is extended to any service, which requires me to have a Facebook (or any other social media) account.
Am I the one who pitched Saddam's Weapons of Mass Destruction to justify an invasion of an irrelevant country that resulted in ~125,000 dead civilians?
Am I the one who has been helping build the system that has devalued an American college degree to the point of worthlessness? Did I decide to over-advertise the college experience to impressionable kids? Did I decide to give more student loan money to college students? Did I decide to raise the cost of my university to account for said federal dollars that I can now obtain out of greed?
Of course there's a bleeting majority supporting all of this. They're, like all citizens in a democracy, only as good as the media they're fed: http://fsi.stanford.edu/publications/how_to_subvert_democrac...
But many of the policies and actions are coming from a higher-level than your average citizen.
EDIT: However, I agree that the stupidity and apathy of the general populace is at least partly to blame. The people who know what's up ahead of time aren't confident enough to act until it's obvious, in which case it's usually too late. The rest just don't care and assume someone else will solve the problem. Further, following trends and the subsequent inability to make it through a turbulent or confusing time without devolving into mass panic and animal-like behavior is also a problem.
see: the cultural revolution
I gotta say that stopping Groklaw, which is a public site anyway, because someone else might be reading it, doesn't seem to make a lot of sense, despite the emotional ploys in this article. She can write and save drafts locally in a (GASP) local word processor and encrypt anything she chooses to upload to remote storage. The government will then not be able to read unfinished Groklaw articles. Does this resolve the issue?
This whole article should've just been a public key and a PO box address with this note: "I will not acknowledge plaintext mail. If you are uncomfortable transmitting encrypted data over the wire, please send a USB disk to this box."
I still agree with you, though.. PGP is pretty good, after all :)
The NSA probably isn't storing all the contents of voice calls either, but it really doesn't matter all that much. They can still tell who you communicate with when and how often. That's not conducive to democracy or free speech.
Furthermore, because of how few people use GnuPG or other such tools, I would expect you'd only be targeted harder for using them.
GnuPG is PART of a solution to this. If you do need to hide the recipient, sender, subject line, etc., then you'll have to bolster your solution with other offerings. One suggestion may be to use temporary email addresses created through Tor, so that the gathered mail header data is not meaningful. Another suggestion would be to encrypt the data and dump it onto a filehost and send the link through a non-email channel. But in any case, it is crucial that the content of one's messages remains private.
>Furthermore, because of how few people use GnuPG or other such tools, I would expect you'd only be targeted harder for using them.
Indeed this is the case now, but as we get more people set up with GPG, it will no longer be an effective method of discrimination.
I'm sure she can, but by doing so has reduced the set of people capable of sending her mail significantly by imposing the requirement that they figure out GnuPG before they send her an email.
If you're worried, use a long keylength. I've been using 4096-bit keys for over a year now and there's no noticeable performance hit for regular comms on my computer. On my phone, 4096 is noticeably slower than 2048, but it still works fine (probably about a 5-10 sec operation to decrypt an ordinary email, and I have a comparatively "old" phone).
In the last few weeks quite a few providers of private communications and/or freedom (for some definition of freedom) have shut down. Lavabot, Freedom Hosting, etc. If the US could shut down The Guardian they would.
This leaves fewer and fewer secure channels for private communication, and less and less information about what is actually going on.
This is an incredibly dangerous road to walk down, and is akin to the Intelligentsia leaving Germany in the 20's. We all know how that ended.
(1) edited his to her - thanks for pointing it out rolux
Am I exaggerating here? The scary thing is I'm not. He's not done. It's going to get worse.
Attaching his name to this just makes it so that we all vote for a Republican next year, congratulate ourselves for getting rid of the guy who loved spying on us all, and everything stays exactly the same.
I'm not trying to defend him or say he is blameless here. I'm saying that it's bigger than who is in the President's chair at the moment, and I wish we could think about these things in a more systemic way.
This was followed by Carter signing FISA....
Regan followed, signing among other things legislation to allow the military to enforce drug laws domestically as an exemption to Posse Comitatus. This meant that the military was involved in surveillance at both Ruby Ridge and Waco, and also directly provided military equipment and in some cases personnel to these operations (in addition to Navy SEALs raiding crack houses in some cities).
Then came Clinton and things got worse again with the Anti-Terrorism and Effective Death Penalty Act and some other laws.
Then came GWB, no further comment required.
And now we have Obama.
Whoever we elect screws us. That's the truth.
pj = Pamela Jones
But yeah, it's devastating -- especially when it comes just one day after a editor of the Guardian states that they can no longer report on certain topics from London.
It seems like we need entirely new communication protocols.
How about new government - one that isn't broken and tramples on all of our civil liberties? The first step is to dismantle the military industrial complex
Whole new enforcement of privacy laws, you mean?
http://www.theguardian.com/commentisfree/2013/aug/19/david-m...
That's stupid. Of course they wouldn't. They would require them to stop reporting on the security state. But that is vastly different from shuttering them all together.
The Guardian certainly performs a public service in a variety of other domains (from which the government can and does benefit). The security state just doesn't want the press banging around in their domain.
Let's not let the hyperbole get away from us here.
And yet, when taken as part of the whole picture that is the internet, government surveillance is little more than a drop in the ocean. While governments may collect a possibly significant amount of correspondence and analyze some of it, almost all online data, e-mail correspondence as well as photos and documents, search history, browsing history, our physical location, the driving, running and cycling routes we take, the busses we use and more, is constantly collected, analyzed monitored and used, all day every day, by private corporations. These corporations are even less subject to oversight than any democratically elected institution, and their employees are less carefully screened.
Government surveillance is wrong, but at least it raises an outrage that, in time, is almost certain to bring about change. Corporate surveillance is a more dangerous beast. It employs manipulation and deceit rather than plain-old secrecy, and worst of all – it causes little outrage.
Some have compared the current state of things to George Orwell's Big Brother government, but those who've read the book know that Big Brother does not rule through secrecy and intimidation. Big Brother is never mistrusted, never hated, and never feared or suspected. People subject themselves to his control willingly. Big Brother is loved. That is how absolute power is gained. And that is why a democratic institution has little hope of ever attaining Big Brother status, especially in America where any government is automatically suspect. The real danger to our privacy and our freedom, the true potential Big Brother and the danger that dwarfs any government surveillance online, is Google, Facebook and their ilk.
... usually don't destroy hard drives of journalists or don't detain people as a matter of harrassment just to name two recent actions undertaken by governments who use their introspective powers to take conclusions ("we have to have this Miranda guy") and act upon them ("we know he's in Berlin. Check the flight records")
The point is that the control of the governments does not seem to work anymore OR, at the same time addressing that "Big Brother is loved": nobody cares, because governmental agencies do the right thing. (That is my impression until now, living in Europe)
I actually remember a similar action taken by Apple (though through the use of a government agency). But bear in mind that corporations' rights to employ violence have been taken from them, but only after they'd been put to good use. They had a long history of terrorizing and killing people (in the US it was during the days of the Pinkertons), and Google is already more powerful today than the robber barons ever were. If government is weakened enough, corporations will gladly fill the void.
When you use Gmail you are sending your mail to Google, first, and then it is relayed to the recipients. When you search for driving directions to an address, you are sending data to Google that says "I want to know how to drive/cycle/walk to X location right now". When you search for some phrase you are sending a request to Google that says "I want to know about this".
There is no reason why they wouldn't hold onto that data. You sent it to them, because you want the response that they can provide. It's an exchange.
People who do not understand technology to the depth and detail that you do are not halfwits or children. They know what they intend to accomplish and giving up their most personal information for perpetual archival is seldom a property they are asking for. If the technological tools they possess do not faithfully obey their intentions with a minimum of unintended side effects then the problem is with the technology or the services not the user.
Technology is neat and important, but it exists to serve the user. Faithfulness to the users needs and intentions are the only criteria by which we can judge technology.
Governments have a monopoly on the use of force, on law making and on many other things that we all depend on. Governments have much greater powers than any particular corporation, and hence the abuse of that power is a lot more dangerous.
They do now, but that was not always the case: http://en.wikipedia.org/wiki/Pinkerton_Government_Services
> ... on law making
How elected representatives vote is public record. How corporations and lobbyists sway them, however, is not.
> Governments have much greater powers than any particular corporation
Yes, but unfortunately this may be changing. I don't think any government in the history of mankind has ever had as much information about people as Google does.
So yes, corporations can indeed put you in jail.
don't do this. Since 1999, email providers in Switzerland are forced to keep all logs and data for one year (currently in discussion to prolong this to 5 years) and hand all data over at the authorities request.
If you don't comply you will be punished by fines or even jail.
I once (early 2000s) received one of these orders and I honestly don't remember whether it had a judges signature, but I think it was just some police officer signing it, so I can't be sure whether there was (and is) any court oversight.
If you want your conversations to be confidential, don't choose a Swiss provider.
What it seems to come down to is the general fear that the NSA COULD, from a technical perspective, be reading specific unencrypted emails. But before the recent news stories, did PJ (or anyone else) really send and receive emails thinking "there is no way the NSA, or anyone else, can see this email"?
As far as chilling effects go, the knowledge that a multi-billion dollar signals intelligence agency is technically capable of reading an unencrypted email seems pretty mild. Is free speech and free communication really so fragile that it rests on the idea that casual communication you make no special effort to protect is totally out of the reach of large police or intelligence organizations?
That's really, really distant from how the average non-technical user thinks of email. They just drop the e and think of it as mail.
In both the US and where I am in Australia, the two major parties are barely different and doubly so in regards to this whole issue. A vote is not going to mean a great deal.
But a vote that can make some difference is voting with our wallets. Can very conscious purchasing decisions made by more and more people remove some of the influence held by the very richest on our planet? Is that too dreamy?
Where possible, I try to avoid purchasing from the biggest brand in any category, but there'd be a lot, lot more I could do about this. If we imagine the typical food pyramid, but fill it with brands and apply it to every product and category showing the richest and most influential at one end and the delightful smallfry at the other, could we help motivate people to make better decisions about where they spend their money? Or even where they earn it? Earn a fraction less to work for a smaller supplier perhaps.
Apps, surveys, social media, gamification - these are all things that might help people make more careful decisions. Ride a bike, grow food or buy from independent greengrocers at least, seek out furniture that's locally made, etc.
Give me a site/app that asks me about my life and rates my efforts or motivates me to make a better choice in everything I do. Help me identify brands that feel independent but are actually owned by corporate monsters.
i suspect that the problem is deep seated. For example, why can't just anyone enter the banking business? Why isn't there any mom & dad run banks - small, local banks with customers they can could with their hands (and toes)? Why is something as important as money (and teh ability to lend it out) controlled by so few?
Code will not be enough, the system only respects one thing, money. If enough people move to services outside of the States, the real people in power will tell the government to reinstate at least some civil liberties and human rights. But even then, don't expect too much.
As mixmax said, this is "akin the Intelligentsia leaving Germany in the 20's." It will start with moving to hosting and services outside the country and will eventually be followed by people physically leaving the country. As James Joyce said, "silence, cunning... exile"!
It's not so bad. I've been an expat for 26 years and I've never looked back.
What service can we trust at this point?
After the Evo Morales flight debacle, it's pretty clear that their five dollar wrench works equally well on other nations as well.
The internet is broken, everywhere.
He wrote:
First they came for the communists, and I didn't speak out because I wasn't a communist.
Then they came for the socialists, and I didn't speak out because I wasn't a socialist.
Then they came for the trade unionists, and I didn't speak out because I wasn't a trade unionist.
Then they came for me, and there was no one left to speak for me.
Suggested courses of action?
Tried and didn't work:
* voting
* not voting
* protesting online / offline
* writing about these issues, raising awareness
What options do we have left? Violence? Hopefully there's more.
The privacy movement has not even begun to begin what is necessary to change the law. For example: can you name the leading organization that works solely on privacy? There isn't one. The issue is only sort-of covered if you add up the partial work of a bunch of different orgs, like the EFF, ACLU, NRA, Emily's List, etc.
So: want to move the needle? Start an organization, raise many millions of dollars, collect thousands of contacts, and then run a big scary public and grassroots campaign. Give money to privacy-friendly politicians, and spend independent money to defeat opponents of privacy. Recruit privacy-friendly folks to run for local, state, or federal office. Take meetings with corporate, regulatory, and congressional staff to find folks who are sympathetic to the cause. Run privacy conferences. Pay people to write privacy blogs. Pick a nasty law and create a test case to get it into litigation. Etc, etc.
Now you might say "we shouldn't have to do that." And you're right. But: life isn't fair. Black people should not have had to risk lynchings in order to vote, but they did--and they did it. And they fought it.
Never forget that by changing your actions, and your awareness, you are influencing other to do the same.
But it is also in everything together. My rule is that if I protest, I write my congressmen. If I voted based on issues I wrote about I write them and explain my votes. I have at times gotten interesting responses that show I have sometimes managed to get folks to stop and think which is all one can hope to do.
But beyond that we need to do what is needed now. We need to get guaranteed secure email services going in nations which have strong privacy protections. We need to create networks of end-to-end encrypted voice traffic which use open source architectures designed for privacy. The NSA has handed the good guys one heck of a market. All that is needed is the time and effort.
What we need is multiple court systems, multiple police systems, etc. And what's more important -- the ability to freely choose between them. Just like you're able to choose Pepsi over Coke or to choose Google over Bing, or to choose one bank over another.
This isn't easy system to achieve, but mostly because a lot of people are skeptical.
More on this topic: http://mises.org/rothbard/newlibertywhole.asp
See "Lawrence Lessig: We the People, and the Republic we must reclaim" (http://www.ted.com/talks/lawrence_lessig_we_the_people_and_t...)
What would the effects be from a flash boycott if X-million people suddenly stopped buying from a corporation? Someone could devise a model to calculate the effects and find potential candidates.
The SOPA blackout showed what's possible when the Internet organizes (http://en.wikipedia.org/wiki/Protests_against_SOPA_and_PIPA). Turn it into an Internet meme that empowers the people, and keep it going until the echo grows too loud to be ignored.
It would probably require the cooperation of a team of computer scientists, finance geeks, and social-marketing gurus to organize the campaign. Or maybe one clever hacker could pull it off.
See "Derek Sivers: How to start a movement" (http://www.ted.com/talks/derek_sivers_how_to_start_a_movemen...)
Rootstrikers: http://www.rootstrikers.org/ted_promo
And online protests are mostly useless. 10.000 people in the streets raise more attention than 10.000.000 facebook likes.
Voting/not voting/protesting/etc. are tactics that are only useful as part of a larger campaign, and as part of a large group committed to a particular goal.
Hashtag: #fnf13
The pirate parties together with other organizations all over the world plan to join in. Spread the message and contact me if you plan to organize something.
I agree it's upsetting and citizens should be demanding oversight. But to assume your plaintext transmissions over uncontrolled wires are somehow private seems absurd. It's like the silliness people got whipped into over Google's WiFi collection which was essentially passing "-s 0" instead of "-s 64" to tcpdump.
Tell me. You're speaking with a friend in a public square or park in your town. You're not speaking in code with your friend. Judging by what you just said I expect you assume your every conversation is being monitored.
We have certain expectations of privacy and basic human decency. Just because it's possible to wiretap and hoover up all unencrypted communications I wouldn't have concluded that the spooks are doing so because I would have thought they wouldn't stoop to this behaviour. Sure there was a little bit of info here and there but there's nothing like hard evidence (Snowden-style) for changing ones mind.
You don't have to show us all how smart you are, we know already -- so you can keep these types of comments to yourself.
Advances in massively deployed array microphones aside, I don't find speaking in a park to be remotely similar to transmitting over a large public network. On the Internet, you are willing handing your data off to multiple third parties. You have little control over which third parties, or even which countries, your data flows through.
I'm not insulting anyone's intelligence. I'm simply questioning why anyone assumes they've got privacy other than "because it feels like it should". And, hey, that might be a good argument and something to get enshrined in law. (Although, I'd be surprised if the USG backs down at all, except perhaps to concede to some more oversight audits.)
Snowden's "hard evidence" is great because it gives bigger, solid ammunition to argue against mass surveillance. But it's not like anything has suddenly changed, nor should anyone's behaviour change (other than to use encryption when possible).
P.S. Your comment would be better without the sarcasm. I'm being honest and serious in my attempt at commenting here.
You should be aware of the possibility that someone may be eavesdropping in this situation, yes.
>We have certain expectations of privacy and basic human decency.
Our expectations of privacy are valid in private contexts, like a home or business. Public contexts, like a busy shopping center or the internet, do not contain inherent guarantees of privacy. Even though one can normally assume that no one dangerous is listening in, it's a risk you always take when you engage in any conversation or behavior in a visible location.
>Just because it's possible to wiretap and hoover up all unencrypted communications I wouldn't have concluded that the spooks are doing so because I would have thought they wouldn't stoop to this behaviour.
This is pretty naive. Whenever there is a large benefit:cost ratio in play, people should expect that someone at some point _will_ stoop to that level. The ability to record and filter huge portions of worldwide communication is obviously hugely beneficial to all nation-states, so they're obviously going to do it. There are even some who would argue that this is not fundamentally immoral, so it's an even less clear-cut case than things that are obviously fundamentally immoral, meaning it should've been even more expected.
These monitoring programs have been occurring for a long time, most likely since Snowden was a child.
>You don't have to show us all how smart you are, we know already -- so you can keep these types of comments to yourself.
I think just the opposite. We should be using this as an opportunity to educate everyone on the critical importance of encryption (analogous to placing your comms in a sealed envelope, instead of leaving them bare on a postcard), not express moral outrage that some people would "stoop so low". I guess if you're into that, you can do that too (I find it trite, personally), but it shouldn't be done at the expense of the resolution to this problem, which is widespread adoption of full client-side encryption.
With private carriers like FedEx (which aren't allowed to offer normal letter service in the US) there's no such restrictions. FedEx directly states "We may, at our sole discretion, open and inspect any shipment without notice."[1]
1: http://www.fedex.com/us/service-guide/terms/express-ground/i...
A 1 GB USB costs approximately 4$ , you can encrypt the information and use the regular mail with no return address. To avoid cameras in the post office you can use a 3rd party or a real world dropbox.
This sounds so sci-fi dystopian it's hard to believe it actually a plausible solution.
ps. Don't forget to use gloves, make sure "they" can't track your purchase, and also check if the drive is clean as a whistle.
I do not know whether this - i.e. shutting down - is a good strategy in general. It raises some awareness, it might cause some change ... but what if change does not happens? What other means of protest will we have?
But I have to say, this is getting to me too... more than I would think something like this would.
Also, I wonder what the other contributors she had given post privileges to think of this (I thought she had stepped down/away from some of the cases groklaw was covering).
I was under the (probably wrong) impression that most of what Groklaw did was explain the law and court cases in simple terms.
That sort of information comes from having serious inside, in-depth background information.
You know, the sort of stuff serious investigative journalists /used/ to do. Like the Washington Post in 1972 when they reported on illegal activity by the President (http://en.wikipedia.org/wiki/Watergate_scandal#Role_of_the_m...) rather than the Washington Post in 2013 when the report on Presidential Broccoli (http://www.washingtonpost.com/blogs/post-politics/wp/2013/07...).
We've seen a rare example of serious investigative journalism and how /our/ countries respond to it by targeting family and loved ones of the journalists. That's the way we used to say only the KGB or the Gestapo behaved in the Bad Old Days. Guess what ? The Bad Old Days are right here and right now.
No wonder PJ is concerned that continuing Groklaw may expose her to serious risk from the authorities. Commenting on court cases and filling in the background through back-channel information from Deep Throat (or whatever pseudonym they use today) sure does not seem to be worth that risk to me.
It's sad that any comment on this stuff makes it sound like you go around wearing a tin-foil hat.
Note that I am not saying there were none...just that I never noticed them. Anyone have an example or two?
Oh, and she did all of the above in simple terms. Groklaw is easily one of the best blogs ever. Sad day to see PJ go.
Have they resigned themselves to it? Are they devising new corporate communication policies that assume always-on surveillance? Are they thinking things will improve after this storm has passed?
My personal information for my apartment is stored on an FTP server and their offices use WEP encryption on their WiFI. They have a scan of my passport, every facet of information about me; if their storage was compromised it would be fairly devastating to their tens of thousands of clients.
Unfortunately I have no clout regarding the storage of this information, and no choice as to who I store it with.
Snowden uses Lavabit email service. Snowden leaks top secret material belonging to US and UK. US demands Snowden's emails from Lavabit. Lavabit shuts down.
pj reads news of Lavabit and concludes that email is not anonymous. (Email was never truly anonymous, unless you count anonymous remailers. Surely she knew this.) pj concludes that she should shut down Groklaw. (Why not just warn everyone that she will comply with legal requirements, like Google and myriad other web-based businesses do, for example. Millions of people still use these services even with that warning.) pj concludes that she should no longer use "the internet" (cf. email). (Huh? Email is but one use of the internet; it was designed ages ago and was never intended to be anonymous.)
Are people who leak top secret material and are wanted by US authorities sending emails to pj? If not, then please help me understand pj's logic.
If Snowden sent emails to pj, and pj, like Lavabit, does not wish to comply with authorities and hand over whatever they've got, then I guess shutting down Groklaw makes sense. I guess.
You cannot have a right to privacy as Brandeis envisioned it when you lack any reasonable expectation of privacy. Reading pj's post it sounds like she's abandoned _all_ expectations of privacy with respect to the internet (which includes email among so many other potential uses). This reeks of "all-or-nothing" thinking.
Lawmakers have no reason to exceed the expectations of their employers. If you the voter and taxpayer expect zero privacy, you should not be surprised if that's what is delivered.
"While we’re happy to provide a privacy asylum in a safe legislation, society should not need them. Privacy should be the default, not the exception."
So it's come down to privacy asylums and digital refugee camps now. WTF?
Seeing it again now after years... Weird.
Then I went to http://planet.fsfe.org/ and found out they're still using my site design there.
Wow. I'm floored.
This is... I don't know. With the storm brewing right now, they need help. People help.
Guess I know what to do.
This is how I've been feeling about it for the last few weeks.
Now I'm reading this story, in which pj explains her story which was exactly my point from the comment linked above. What's the deal?
Anyhow, yes, when the sum of human communication is read by the US government (and other governments and private intel corporations) then it's incredibly destructive to the human condition and society.
We're fucked. Time to start fixing this for real. Open up your IDE's and/or text editors and get to work. Make sure to open source (GPL or Affero GPL) everything. Work on decentralized P2P encrypted networking. Good projects: cjdns ... see you on the flip side. Hack the Planet!
We need some kind of a "want my privacy back" backlash or a movement. A slogan that we can unite against and spread the message across the populace.
It's the kind of slogan you use against not only the mass surveillance by the NSA, but also against vehicle miles traveled tax that puts a GPS in your car and against those insurance company OBD-II dongles (Progressive Snapshot) that record your driving and transmit it back. Against surveillance cameras on every city block. Against the idea that "if you have nothing to hide", then you will have no problem with surveillance.
They aim to create an self-hosted e-mail client with (among other things) a new take on encryption usability. I think this is one step in the right directoin of making e-mail encryption easier to use. If you think so too, back them :)
I'm in shock.
All tech geeks set up mail servers with encryption and volunteer to migrate their non-tech friends and family to new email homes. We also show how to configure encryption in their mail clients and start getting them to use native email clients rather than webmail.
This will have two effects. It will send a message to Google/Microsoft/Yahoo!/insert big mail provider here/... that they have been lax in protecting the privacy and interests of their users. Of course, given the free-as-in-beer model of webmail it was long apparent to some that the user was actually the product and the advertiser was the actual customer. If a user is seen as a mere data-point then there is little incentive to assure these mere data-points privacy. maybe this will be the kick in the pants the big providers need. Maybe that model is irredeemably broken and always has been but we just didn't know it yet.
Email should be like snail mail. Everybody acts as their own mail server and mail client in snail mail land. Your inbox is the physical letterbox and you would never let some corporation provide that value in return for some dubious positive (convenience? a nice interface to your mail store? the ability to search your mail store? ...)
The second effect is that it sends a message to the spooks and claws back a vital channel of our privacy. We can work on safe and easy anonymous browsing and safe and anonymous and federated social networking and whatever else further down the road -- mail needs to come first.
Think about it. There are enough tech geeks. Every geek should need to know how to do this anyhow. This will scale. We need to build a movement around this. When something in the political arena forces the immeasurably invaluable Groklaw offline something tangible needs to be done. We have had a series of ever more alarming wake-up calls (though I hate how clichéd that sounds) since the first Snowden revelations. We need to start acting on these calls. Sure our response needs a political dimension (a global moratorium on digital mass surveillance) as well but I think that this technical part-solution has got legs.
What do you think?
I certainly wouldn't be comfortable with my peers having the opportunity to control my email and the myriad of accounts associated with it. I can't imagine they would be happy with me doing the same with their data.
> We also show how to configure encryption in their mail clients
Encryption is fairly useless without authentication, and we can safely assume that the NSA has control of Certificate Authorities.
> Think about it. There are enough tech geeks. Every geek should need to know how to do this anyhow. This will scale.
I've been battling with the concept of hosting my email for quite some time, and it always boils down to being a horrific thing to set up. There's a pile of easy ways you can screw up and make something insecure or spam-ridden. I spent a good day trying to put together a solution I was happy with, but couldn't.
If you have to stay on the Internet, my research indicates that the short term safety from surveillance, to the degree that is even possible, is to use a service like Kolab for email, which is located in Switzerland, and hence is under different laws than the US, laws which attempt to afford more privacy to citizens. I have now gotten for myself an email there, p.jones at mykolab.com in case anyone wishes to contact me over something really important and feels squeamish about writing to an email address on a server in the US.
Both of these solutions are distributed, encrypted entirely (even metadata) and solve email's privacy problems.
The Tor Anonymity Router mentions the types of monitoring they attempt to subvert, and mention that full internet monitoring is not one of their design goals. This is simply because with any low-latency system, correlation between the entry and exit can be obtained. Similar attacks exist for networks such as Bitcoin for similar reasons.
> But what journalists who need to communicate more anonymously that that used pseudonymous PGP keys - one per story
In this case you run into troubles with authenticity. Without persistent keys being authenticated in some way (see "web of trust"), there's no way in telling if the person is communicating with a government proxy or the real target journalist.
That's the issue with the "encrypt everything" mantra, authenticity is stupid difficult to verify.
I think something sufficiently secure is possible for email. I think it would require a whole new set of protocols and approaches, and for some things (like voice) it is not.
There seems to be research under way to get a messaging protocol built into GNUnet. Google turns up this pdf [2] for example.
Well, your free state is in jeopardy. Now is the time to assemble your well-regulated militia to secure it!
PJ presents it generically, but I can't help wondering if that is for legal reasons and something specific has happened that cannot be told.
Either way, a tragedy - the world needs, right now, exactly people like PJ and websites like Groklaw.
-- the crux
Whenever I think about NSA now , in a corner of my mind , I see Dan Brown Saying, " I told you so". With a copy of Digital fortress (his book about NSA) in his hand.
E-mails are unsafe for private communication. What the recent revelations did is that they showed that e-mails really are unsafe.
If you are really afraid that you are under surveillance, switch to PGP. It's not hard.
Could this happen to a site like HN? And if so, would we know?
yes lets all bend over and take it up the ass...
because someone says what they learned makes them not want to use e-mail? this is precisely the opposite of how to stand up to oppression.
no matter what it is the response should not be "well i'm going to stop being free and let them oppress me" you may as well just lay down and die in my mind...
you are born free whether you like it or not and nobody can take that away but yourself.
We succumb to terror pushing away meaningless bits of code on Github as a crypto projects in response. Some projects flourish sure but the same forces that profit off the court-less killings of others are collating your data, your pet projects. Harvesting your stolen info out of botnets.
Giving you a salary for technician work keeping infrastructure ticking.
Enough enabling the beastly mess that is privatized 'national' security. The payments to infrastructure providing companies for data access. The kidnapping/torture/drone fire of others when technological routes don't work.
If you have a career with Dell, AT&T, Booz Allen Hamilton, SAIC, and many others, start making demands or make resumes. Stop being complicit.
I disagree. Let's use all our skills and avenues, not just some of them.
> We succumb to terror pushing away meaningless bits of code on Github as a crypto projects in response.
That is a subjective opinion. Email itself is meaningless bits of code. You want us to stop using email altogether? What about the web? Why are you even posting on this forum so?
> Some projects flourish sure but the same forces that profit off the court-less killings of others are collating your data, your pet projects. Harvesting your stolen info out of botnets.
That is alarmist hyperbole.
> Giving you a salary for technician work keeping infrastructure ticking. Enough enabling the beastly mess that is privatized 'national' security. The payments to infrastructure providing companies for data access. The kidnapping/torture/drone fire of others when technological routes don't work. If you have a career with Dell, AT&T, Booz Allen Hamilton, SAIC, and many others, start making demands or make resumes. Stop being complicit.
Dell? A computer hardware device assembler? What on earth are you on about. You appear to think that the entire info-tech infrastructure, companies and "wage-slaves" alike are complicit in all this. Computers are a kind of tool, you can use them for beneficial, neutral or nefarious means. Let's keep the spotlight where it is needed -- on the secrest out-of-control governmental surveillance organs of various nation states.
In short. Think a bit before you post and spare us the melodrama.
"Former intelligence contractor Edward Snowden began downloading documents describing the U.S. government's electronic spying programs while he was working for Dell Inc in April 2012, almost a year earlier than previously reported, according to U.S. officials and other sources familiar with the matter.
David Frink, a spokesman for Round Rock, Texas-based Dell, declined to comment on any aspect of Snowden's employment with the company, saying Dell's "customer" - presumably the NSA - had asked Dell not to talk publicly about him.[1]"
Thanks for the heaping pile of denigration.
[1] http://www.reuters.com/article/2013/08/15/usa-security-snowd...
> That is alarmist hyperbole.
Those were two direct references, the first being SAIC with their military drone[1] and domestic 'domain awareness center[2]' operations. The second being Endgame Systems and their monetization of botnet data/malware[3].
> Let's keep the spotlight where it is needed -- on the secrest out-of-control governmental surveillance organs of various nation states.
On it with laser-like focus, sir.
[1] http://articles.latimes.com/2011/dec/29/world/la-fg-drones-c...
>Some projects flourish sure but the same forces that profit off the court-less killings of others are collating your data, your pet projects. Harvesting your stolen info out of botnets.
What in the fuck does this even mean? How is it relevant? The only problem with "fresh" crypto projects is that if you fuck it up, and you have bad crypto, it's as good as no crypto.
Most of us here don't work for those companies, nor do most people being spied on, so this advice sucks.
Legislation and regulation are the long-term methods of stopping this, but the short-term method of dealing with a technological problem is better technology.
It means projects with sound footing are likely to be undermined aggressively by all means. Through courts, around courts, under courts. Undermined using infrastructure and resources provided by many potential contributor's day jobs.
A bit like trying to build a castle on the weekend while getting paid to help knock it down during the weekdays. Wondering why it didn't amount to much some time later.
The code still has a purpose, even if it's not the "right" solution, long-term.
Stop bothering with the articles here, and "get out of the building":
* Call or write a real letter to your representatives in congress (assuming you're American).
Hopefully that is something everyone has already done.
* Coordinate - isn't there some place where people are organizing/coordinating this stuff?
* Write a letter to the editor in your local newspaper.
* If you're in the bay area, how about helping to organize a primary challenger for Nancy Pelosi? She did not vote to defund the NSA. People in SF have the money, the means, and the incentive to get someone in office who cares more about this stuff.
* Donate money to politicians/groups opposing this stuff. The EFF, for instance.
The NSA has just created a huge market for guaranteed secure communications infrastructures. The technology is there. It may need some extensions but it is there.
Some ideas (again no time for a startup now and this is too important):
1. An email-like service based on TOR with content encrypted via public key encryption end to end.
2. The second is an encrypted voice network. This can't encrypt metadata a swell in a way that central offices can't see it, but the contents could be encrypted easily enough.
The code is a means to an end. We can't code our way out of the problem. We can build businesses that get us out and code is supportive of that.
I've taught more people about the Web Of Trust and how to use GPG in the last ~1.5 months than in the last ~1.5 decades.
"...and we sit watching our TV's while some local newscaster tells us that today we had fifteen homicides and sixty-three violent crimes, as if that's the way it's supposed to be."
Something about this current drama has made the whole concept of encryption and the realities of surveillance suddenly resonate with a LOT more people. It's not a majority yet, of course, but a change in perception this dramatic is a amazing.
"We sit in the house, and slowly the world we are living in is getting smaller, and all we say is, 'Please, at least leave us alone in our living rooms.'"
I have people emailing me encrypted email now, who just last year ignored the idea with the usual dismissal of it being "unnecessary" or "too complicated"[1].
"Well, I'm not going to leave you alone. I don't want you to protest. I don't want you riot. I don't want to write to your congressman because I wouldn't know what to tell your to write."
So now that people are finally noticing the reality they live in, and are finally getting mad, I see this as what educators call a "teachable moment" to try and suggest a few broader concepts tan the gpg lessons they are asking for.
"I'm as MAD AS HELL, and I'm NOT going to take this anymore!"
A few things I've been trying to teach recently, now that there are actually people listening:
* General education on the concept of data mining, and the power of a handful of JOIN clauses. The idea of grabbing all your phone calls is something most people already understand. Connecting a few random bits of entropy together to get a surprisingly reliable primary key is still not widely understood.
* Web Of Trust - Starting small and local is good, just like in elections. It would be amazing if somehow the Key Signing Party could be worked into some traditional social ritual.
* Stop supporting the feudal model of email, by tying your identity to an @company.com domain. Land is king IRL, and staking your claim on the internet is important for similar reasons. It would be nice if everybody could change their MX records and hosting service as easily as they change POTS long distance providers.
* Stop using webmail - many of the benefits of encryption are lost if you don't keep the keys in your physical possession, as demonstrated by lavabit and elsewhere.
This doesn't directly fix the problem[2], but it is stuff that can be done (and is being done) now, and these are certainly things that would help immediate problems faced when organizing a revolution. The NSA doesn't have the manpower or money to strong-arm their snooping routers into every last-mile endpoint. This kind of long-term cutting of the data the NSA can see is one of the better weapons we have against them.
"Then we'll figure out what to do about the depression and the inflation and the oil crisis. But first get up out of your chairs, open the window, stick your head out, and yell..."[3]
[1] You would think a Biology professor would understand an argument about how this isn't necessary about them, but about maintaining the "herd immunity" of the email ecosystem...
[2]: It might in the long run, once a lot more software support is written, and it finally becomes possible for regular people to extend their web of trust as far as, e.g. groklaw.
[3]: Incidentally, the lecture at the end of Network comes to mind every time the government panics about Snowden: "...and YOU have meddled with the primal forces of nature, and YOU...WIIL...ATONE!"
edit; formatting
Many of the people at these businesses you mention are wage slaves and they can't so easily just get up and leave.
Code gives us tools. Such is a start, but only a start. We need solid, internationally federated businesses, which can be built to take on this challenge. Yes open sourcing the tools is important too, but only as a means to an end.
We need to build up an infrastructure for actually using these tools and that means businesses offering services.
I do not have time to do another business (I am ramping up two businesses right now). I do have time to consult, advocate, and advise on this very important topic.
Crypto sucks hard for beginners and it's pretty much in diapers.
...
David Frink, a spokesman for Round Rock, Texas-based Dell, declined to comment on any aspect of Snowden's employment with the company, saying Dell's "customer" - presumably the NSA - had asked Dell not to talk publicly about him.[1]"
[1] http://www.reuters.com/article/2013/08/15/usa-security-snowd...
Unfortunately, the majority of wage-slaves are so indentured to their overlords that simply leaving is not an option, as the alternative is penury and starvation - particularly when you work for a giant like BAH, who'll ensure nobody will ever employ you again.
If you want to make a stand, don't hand in your notice, don't make a resume, don't make demands, just don't show up, and let 'em flail. Worst they'll do is fire you, and in today's world you do not need to pledge fealty to an employer in order to survive, and the fewer people that do, the more rapidly things will change.
If all the IT folks simply walked away from their machines, they would stop working, but we do not, and instead we strive to make their machines work perfectly without our intervention.
Jump ship before they decide to push you overboard, anyway - because they will. If you think your employer respects you, and will give you a job for life... you are wilfully deceiving yourself.
Ask HN: Do you work for any of the included companies? (Dell/HBGary/AT&T/etc)[2]
[1] http://motherboard.vice.com/blog/the-doj-is-suing-barrett-br...
"botnet-analytics package gets you access to a database of Internet addresses, organization names, and worm types for hundreds of millions of infected computers, and costs $1.5 million."
Folks like the industrious pj have much to worry about when 'outside channels' are made into a a for-profit process. Combine 'parallel investigations' with 'outside channels' with a healthy dash of money for the ringleaders and some for the heads of the companies they pay (Google) and you plenty of reason not to talk law or much else over Email.
It is becoming a desperate situation for noncombatants.
To summarize my point, quoting PJ, "privacy is vital to being human, which is why one of the worst punishments there is is total surveillance..."
It's been built. I've been asking for years for people to start adopting it. Nobody has been interested.
"What I do know is it's not possible to be fully human if you are being surveilled 24/7." Yeah? Well if you're using this as your benchmark, then you should never go out in public, because I guarantee you're on videotape someplace. Security cameras are everywhere. And let's not play games: your ISP has been monitoring your browsing & download history for decades. Nevermind phone calls, any tolls you paid while driving, any bill you paid via credit card, any flight you've taken, any country you've traveled.
Now this is broken and suddenly you care? Stop fucking playing the victim card for attention, I'm sick of it. And I'm not just talking about the Groklaw people, this goes for whoever jumps on the "OMG I'm shutting down now" bandwagon for a portion of the 15 minutes of fame going around.
You want to make a difference? Start getting involved in politics. Internet-rage does nothing but get you a few website hits before people go back to caring about the A-Rod scandal, or the Obamas' new dog.