Dropbox was revealed as a participant of the PRISM program: anything you store there is searchable. The same is true of Facebook and Google and Yahoo, Apple, all cell phone carriers, all internet carriers and other cloud storage companies including Skydrive/Onedrive.
Dropbox is mentioned in the PRISM slide deck as being a desired participant, not an actual participant. I worked at Dropbox when those slides were released, and none of us on the operations team knew what it could possibly be talking about.
Every company that wants to continue to operate in the US has to comply with US government orders, that is just a fact of life. No one in the technology industry is super excited about going to jail or having their equipment seized. But the kind of compliance that PRISM implies is not something that you just sneak in without anyone noticing.
There was an internal accounting of every server and network connection -- it would have required a shadow ops team running shadow datacenters to sneak it by us.
So people should just upload unencrypted data willy nilly to 3rd party servers because they aren't mentioned in a leaked document? Sounds like a terrible security plan.
And re leaked docs ... I still don't understand the mindset that some people have (maybe someone can help me). When people say, "oh, but the US Gov isn't worried about you" all I can do is roll my eyes.
* How can you verifiably prove that? (they can't)
* How can you verifiably prove other governments aren't?
* How can you verifiably prove chaos agents aren't?
* How can you verifiably prove someone isn't silently watching you?
* etc.
Just because it was or wasn't in a leaked document does not mean that the ability does not exist nor does it mean that such capability is only in the hands of 1 government.
In my eyes, the leaked docs showed "this is the current level" re: security/privacy/surveillance. We have to assume all other governments, corps, & individuals have equally or more powerful systems in place. Why? Because it's the only safe assumption.
That assumption has no bearing on the merits of legality with how the NSA conducts its mission, nor bearing on how others act. The documents merely give evidence and a base-level run down of additional attack vectors. This has absolutely zero to do with a "legal vs. illegal"-action debate and everything to do with technological security and infrastructure.
I encourage everyone to consider RFC 7258 [1] in their future projects. Do it for your users, whomever they may be. Consider RFC 7258 your USSINT 18 (if you're American) ... that is, fucking read it, understand it, and internalize it. Maybe the gov is good, maybe they're bad - that is irrelevant when there is more than just 1 gov in the world.
> Every company that wants to continue to operate in the US has to comply with US government orders, that is just a fact of life. No one in the technology industry is super excited about going to jail or having their equipment seized
I understand this and it is not contrary to my point. I'm actually trying to point out that the companies Snowden mentions have been specifically mentioned by NSA slides/documents and I think this has colored his suggestions. He suggests moving to others - but ultimately anything he suggests will get subverted if enough interesting material gets stored there. Not that that in itself is a reason not to adopt new technologies.
> To sneak it by us...
They aren't sneaking it by you as a company. They cooperate with the corporation and its internal organizational model to create a solution that fulfills the requirements. Most employees, however, can be blissfully ignorant.
I think you overestimate your ability to know such things. I know plenty of Google employees that had no idea about Google's involvement, Facebook employees with no idea about Facebook's involvement, Apple employees with no idea about Apple's involvement and Microsoft employees with no idea about Microsoft involvement.
I also work at a large company, and would have thought I would have seen clear indications of PRISM (& other) activity. Unfortunately that is not the case.
Condolezza Rice (of all people) joined the board of Dropbox.
This is their full time job and their professional expertise. I'm sure that PRISM infrastructure (or beta versions) were accounted for in full.
Edit: It's not condusive to conversation to downvote something merely because you disagree with it. The downvote button (and upvote respectively) are for designating whether you believe something is irrelevant to (/contributes to) the topic.
It's always hard to be absolutely certain about what goes on at a company, but I'm pretty confident about Dropbox not participating in PRISM (defined as a government system that automatically collects considerable data from within a company's private systems).
I haven't been at Dropbox for a year now, but for most of the time I was there I was one of only two SREs that ran the production infrastructure. I knew every piece of server hardware in every datacenter, and what services ran on them. It was my job to qualify and deploy hardware, do the systems level automation, and run the user facing frontends. There is literally no way that something like PRISM could be put in place without my knowledge except by what would amount to sabotage.
Keep in mind that while Dropbox is large for a startup, it only recently surpassed 1,000 employees (150 when I joined). The vast majority of those people are in customer service, and the number of people with access to production is likely still well under 100. For the first five years of the company's life there was one datacenter manager and network engineer (the same person), one SRE up until I was hired, and so on. In operations, we did more with less.
However, this shouldn't make you feel like your data in Dropbox is guaranteed to be safe from prying government eyes. Dropbox can and does comply with government requests -- every company operating in the US does so, or they would not be operating anymore.
I agree with your distaste towards Condoleezza Rice joining the board. It doesn't look good, but I also doubt that she has any day-to-day authority or responsibilities whatsoever.
I'm still not confident. Don't actually answer these questions (NDA and all), but how much traffic do you guys get? Could you possibly inspect it all? Have you inspected the hardware itself? Can you trust the switching equipment?It's reasonable to think that collection happens at the pipes between data centers (like some of the Google collections - which didn't involve any of the hardware present although that collection program wasn't a cooperative one).
Some of the lengths they go for these programs are really impressive. It was revealed that AT&T had secret rooms built that blend into the building infrastructure but MITM every packet that gets sent through (what looks like) normal infrastructure lines.
At some point it feels like you're being asked to prove a negative. That's the thing about discussing secret operations. And it is why the documents are so important.
I wonder now that the Snowden leaks are getting dated about a year old (and it being a few since you've left Dropbox) how much has changed.
Finally, the other companies on Snowden's list are certifiably on the list of already onboarded products, so it's hard to trust them.
> I also doubt that she has any day-to-day authority or responsibilities whatsoever
For example she assigned a new CFO for Dropbox. I doubt she has day-to-day authority (she's a busy woman), but being on the board and selecting upper management is a lot of power.
You're right, there's no way to be completely certain. It's like the adage: "Two can keep a secret, if one of them is dead." When someone else has access to your data, there always exists the possibility that it can be used in some way you don't like.
What I wanted to convey is that user data was not used (at that time) in an untoward fashion by Dropbox. Everyone that I worked with took privacy and security very seriously, and we knew that user trust is tough to earn and easy to lose. Handing data to the government automatically, without a warrant or confirmation of authority, would not have been something that anyone was interested in doing. But the government does have ways of making you do things that you don't want to do (see: Yahoo).
The biggest problem that I have with all of the Snowden revelation stuff is this: people seem quick to blame the companies who are complicit rather than the government who is the root of the problem. The government's efforts against security and privacy are the biggest threat the technology industry has ever faced, and if left unaddressed I believe it will inevitably lead to the US losing it's leadership position.
One last point, regarding Dropbox's CFO. Sujay had been at Dropbox for over three years (since 2010) and was involved in the CFO search for a long time. That they picked him for the role says a few things, but I don't see it as Condoleezza stacking the deck.
Not too sure about the quote based on it's other implications - and I don't think it's exactly the appropriate analogy here...
As an aside the NSA keeps secrets between tens of thousands of employees (although I hear it's Orwellian and depressing to work there). You can keep secrets between small and even large groups of people. You just have to have the right processes and leverages.
'Punishing' companies that collaborate with the government has a few parallel goals:
1.) Wanting to use something that has not yet been purposefully subverted.
2.) Give the companies a real argument for resisting programs.
3.) Speak out against the practices (since it isn't on a ballot anywhere).
Yes, ultimately it isn't the companies' faults (however the complicit few with blinders on for profit motive should be shunned for not putting up a fight).
To your Edit: tell this to the socialist big time thought-police at the HN HQ that will not count your upvotes on your posts if they don't like them I.e.: I have almost twice as many upvotes on posts than the number appearing next to my nickname. Ah hh... "Land of the free" -- as long as they do and talk as they are told!
You left out half a sentence. "Anything you store there is searchable" if the US government has a court order for your data. This has always been the case. Other governments have similar systems for processing data obtained via legal requests, under different names.
Right, but the Snowden revelations showed that the FISA court was/is? a rubber stamp circle without any real due process - and in fact they can search the data and afterwards make a request via the FISA court. The data is also collected and stored and processed by algorithms without any court oversight, it is just when they want a contractor to look through the data manually that the minimal paperwork is involved.
It would be misleading to include that half sentence without also mentioning this.
"The data is also collected and stored and processed by algorithms without any court oversight."
This is false. PRISM doesn't get any data that wasn't specifically requested with a court order. It sounds like your understanding is still based on Greenwald's original reporting, which has since been shown to be inaccurate.
I'm talking about sent to the NSA, processed by algorithms and stored. That's not 'collected'. It's a word game they play. My original assertion stands.
And be careful of "not under the PRISM program". The "not this program" has been shown to be false over and over (in spirit) as there are many related programs that do joint work on shared datasets.
Regarding Greenwald's reporting, can you link to something comprehensive (and trustworthy) about inaccuracies?
Not under any program. None of Snowden's documents show that the US government has the access you think they have, and all the companies involved and the government have explicitly denied it. You're going with Greenwald's misinterpretation of a slide against all evidence to the contrary.
Yeah, that's not right (your document discusses PRISM almost exclusively).
To quote from your document "when you claim something, you should be able to prove it". Can you prove "not under any program?" Of course you can't.
That's a bit mean (there's no way you can prove a negative). But it goes to show the level of sophistry and equivocation in your analysis.
I looked through the document and was thoroughly unimpressed. I don't think you're engaging with the material at the same level others are (e.g. metadata = surveillance & NSA has direct access to metadata -> NSA surveillance by modus ponens). Nor are you considering the vast body of documents, just some choice ones related to PRISM.
I would very much like to believe that somehow Pulitzer Prize winning journalists with the endorsement of The Guardian and everyone who followed merely read some diagrams wrong but after having read your document I can't convince myself of that, nor would it be consistent with other leaks, whistleblowing accounts, policy objectives, etc.
Good work though, I think it's important for people to actually look through the slides/material themselves. I think it's great you're doing that.
Can you prove "not under any program?" No, but the preponderance of evidence (the denials from all parties, the laws that make it illegal, and the lack of any evidence to the contrary despite the fact that the release of this evidence would be a bigger story than any of the leaks so far by a country mile) shows that it is not happening under any program. Yet you still believe it is happening because you chose to believe Greenwald's thoroughly debunked misinterpretation of PRISM.
Where are these "other leaks" that show this is happening? There aren't any. You bought Greenwald's lie hook, line, and sinker.
I think we've exhausted this branch of this topic, but I'm sure we'll have an opportunity to discuss this further on other Snowden articles and I look forward to doing exactly that.
So you'll spout the exact same nonsense in another thread, I'll call you on it, you won't present any evidence for your nonsense, and suggest we do this again?
Your post is a classic example of shifting the burden of proof. You are the one with the belief that contradicts documents, leakers, whistleblowers, journalistic reporting, senatorial reports, US history, partner documents, and on.
Or if you need more direct links look through the other branches of this thread. Plenty of evidence, much of it directly from the Congressional oversight committee itself.
The nonsense comes from trying to reinterpret a small number of slides and to then broaden that interpretation to a expansive umbrella.
It is simply truly the case that the NSA and partnered agencies have broad access to sweeping untargetted collection of data.
Tempora has nothing to do with the companies giving the NSA access to their data. Try to stay on topic.
Shifting the burden of proof? You're the one claiming something illegal is going on without any evidence. I might as well call you a rapist and ask you to prove you aren't.
This is the actual legal definition of collected per DoDD 5240.1-R[1]:
"C2.2.1. Collection. Information shall be considered as "collected" only when it has been received for use by an employee of a DoD intelligence component in the course of his official duties. Thus, information volunteered to a DoD intelligence component by a cooperating source would be "collected" under this procedure when an employee of such component officially accepts, in some manner, such information for use within that component. Data acquired by electronic means is "collected" only when it has been processed into intelligible form."
That would include sent to the NSA, processed by algorithms and stored. The "read by a human definition" as far as I can tell comes from the EFF selectively quoting that definition[2] and drawing their own conclusions from their selective quotation, not the regulation itself. As the regulation itself states, as soon as any DoD intelligence components receives it and processes it, it is considered collected.
The misunderstanding is compounded by Clapper's June 9th 2013 interview with Andrea Mitchell, where he tries to explain that there's a legal difference between collecting content and metadata and fails miserably[3]. Mind you, Clapper is not part of the NSA. That's not an excuse, since as DNI he should know better, but it does explain it somewhat...
Regarding issues with Greenwald's reporting, here's a few:
- Stewart Baker, quoted extensively in the "NSA spies on porn" article, claims the authors omitted key parts of his quotes because it would make them look hypocritical: http://www.volokh.com/2013/11/27/understanding-enemy/
For a good rundown of various NSA programs, I'd recommend reading the Electrospaces analysis[4]. In particular, his analysis of PRISM[5] and BOUNDLESSINFORMANT[6] are really good, as is his recent Strategic Missions List post[7].
I don't know how to read that definition - it contains more legal jargon. What is "received for use by an employee"? When are electronic communications "processed into intelligible form"? Is a server that stores and processes data an employee?
And for 100% sure PRISM received and stored mass data about American communications - both internet records and phone records. There's no debate about that. There was even (faux) legislature proposing moving the storage site from NSA hands to partner hands.
These articles seem like minor quibbles, mostly to do with terminology, but not the broad implications of the program.
There are so many damning slides. Like...
"Of these 1,789 applications, one was withdrawn by the government The FISC did not deny any applications in whole or in part." (42)
"With all querying if you discover its in the US, then it must go to the OSC quarterly report... 'but its nothing to worry about'" (99)
Looked quickly through the articles, not sure if I saw anything really damning - they seemed like minor quibbles.
I must depart for non-tcp-mediated social obligations and consider this an incomplete reply - apologies for that. Hopefully the thread is alive later, and another poster can fill in the conversation here as it evolves. Adeiu.
I don't think any of those are particular minor quibbles. To summarize:
BOUNDLESSINFORMANT: Initial reporting show concrete number on just how much NSA was spying on a whole slew of European citizens. Shortly afterward, the actual intelligence agencies of those countries stepped up and said that those were not reflected NSA spying on those countries, but instead those numbers reflected communications that they themselves had gathered, mostly from areas like Afghanistan, and handed over to the NSA under intelligence sharing agreements.
PRISM: Initial reporting said that the NSA had direct access to the servers of Google, Yahoo, Microsoft, etc., and could conduct data-mining from them without any oversight. Actual story ended up being that those companies were handing over data on specific targets under court order - NSA did not have access to any of their servers.
XKeyscore: Initial reporting was saying that the NSA was sucking up all communications including Americans. The author to the story that I linked to was pointing out that Marc Ambinder had previously disclosed XKeyscore in his earlier book saying that it was a system to index metadata that was already collected using other means, and there was no proof shown by Greenwald or indicated in his slides he published that it had been used to collect American's communications.
The Stewart Baker article: Stewart Baker was interviewed over the phone for the "NSA spying on porn habits" article, but they subsequently left out the core of his argument in order to not undermine their own argument. I thought that spoke to Greenwald's journalistic integrity somewhat - it also puts into perspective the fact that most of the slides he's published have been heavily cropped and there's no way to independently verify the contents of those slides.
The long list of mistakes article: Just pointing that there has been such a rush to report most of NSA documents that most of the initial reporting has had numerous mistakes of varying degrees of severity.
> handed over to the NSA under intelligence sharing agreements
Right, there's a huge amount of intelligence sharing. That's one of the critical points. Domestic law can be skirted by International Law and International Law can be skirted by Domestic Law.
Need an American's data? We can't take it off the wire, store it, process it, and inspect it (in all cases). But Canada can, or Israel can, or Australia can, or New Zealand can (etc).
Need a foreigner's data that blocked by espionage laws? The country may itself be able to. Or a partner that doesn't have an agreement may be able to.
> PRISM: Initial reporting said that the NSA had direct access... NSA did not have access to any of their servers
Right, but this is one of those word games. First, the direct access the NSA DID have was not under the PRISM program. Reading "PRISM program did not give NSA direct access to servers" reads the same as "NSA has no direct access to servers" but it's not.
The 'targetted' collection of data itself turned out not to be very 'targetted' at all. Many requests were for large swaths of data and in many cases the NSA was given direct control of the servers that stored the metadata (as with phone records) but would need to request the companies for the content itself. Metadata = surveillance.
To extend the skirting laws above, the federal government is able to bypass laws on search and seizure by forcing private enterprises to do it and then requesting it as they see fit later on.
Why are these companies allowed to surveil and have access to my information? I don't trust employees at Google or Apple any more than a stranger on the street or any random government employee. Actually, as there are few to nil restrictions on what corporations can do with databases of my and other communications, in some sense it's worse. Aren't we guaranteed security in our persons and our affects? If a federal government forces a private company to censor you, or to surveil you, isn't that still censorship or surveillance - regardless of whether as feds they act on, collect, mine or process that information/data at all?
> XKeyscore ... no proof shown by Greenwald or indicated in his slides he published that it had been used to collect American's communications
But it did show that there were mammoth amounts of American metadata present in the database (however it was collected). Doesn't seem to matter whether XKeyScore was the collector or just a repository.
> The Stewart Baker article... porn
There is a lot that the NSA and CIA can do to influence people, their credibility and the credibility of an idea in groups (MINERVA, etc) - look at what the USAID Cuban Twitter program nearly succeeded in doing, and what similar efforts may have had a role playing in Hong Kong (and dare I say Scotland).
There is no doubt about the use of using Porn to discredit 'radicalizers' (a term used to refer to foreign and domestic targets). AFAIK there have been 0 revealed domestic cases of this, and IIRC only 7 or so foreign targets are known about (and 1 being a Westerner?)
The JTRIG stuff is creepy, real and looks like something right out of a Stasi handbook.
"Used to... discredit a target"
"Write a blog purporting to be one of their victims"
"Email/text their neighbors, colleagues, friends, etc"
"Get someone to go somewhere on the internet or in the real world"
"Can take 'paranoia' to a whole new level"
"Stop someone from communicating [by] bombarding their phone [...], delet[ing] their online presence, block up their fax machine"
"Stop someone's computer from working"
"Why do an Effects Operation?"
Answer 1: "Disruption v Traditional Law Enforcement" (presumably - it's effective and we can do it without the same paperwork/groundwork/courts/etc)
> Right, there's a huge amount of intelligence sharing. That's one of the critical points. Domestic law can be skirted by International Law and International Law can be skirted by Domestic Law.
These slides aren't an example of skirting domestic laws - they're examples of expanding collection on the NSA's target through partnering with other countries. Greenwald and company were trying to spin these slides as saying "look, the NSA collected 300 million German calls" and truth ended up being that the German intelligence service shared their own foreign collection with the US. None of the documents released has shown any indication that the NSA has ever asked a foreign country to provide them with collection on Americans. See [1], [2], [3] and [4].
> First, the direct access the NSA DID have was not under the PRISM program.
These are Greenwald's own words[5]:
The Prism program allows the NSA, the world's largest surveillance organisation, to obtain targeted communications without having to request them from the service providers and without having to obtain individual court orders.
The Washington Post backtracked on their reporting and took out the references to direct access. Greenwald has yet to issue any corrections to his report.
> The 'targetted' collection of data itself turned out not to be very 'targetted' at all.
Except that PRISM did end up being only for targeted communications. See the Privacy and Civil Liberties Oversight Board report on PRISM[8] (they describe targeting starting on page 7, but go into further detail in other sections). To date, the only domestic non-targeted collection has been the Section 215 telephony metadata collection (you can see the gory details here: [9]) and the Section 402 e-mail metadata collection which was discontinued in 2011 (details here: [10]). If Snowden just wanted to reveal either of those two programs, I wouldn't be so harsh on him. PRISM doesn't resemble those two programs in the least bit, though. Nor do many of the other disclosures, which focused purely on gathering foreign intelligence.
Note that contrary to what much of the reporting has suggested, the 215 program did not data-mine for indiscriminate call patterns, and there are restrictions on how they can search the database (see the PCLOB report[9] p.27-28, sections "Contact Chaining and the Query Process" and "Standards for Approving Queries"). I'm not going to argue and, in fact, would largely agree with anyone who says the standards don't go far enough, but most people I've discussed this with start off with a whole set of assumptions; it's only through looking at these documents and listening to congressional testimony that I've been able to figure most of this stuff out, and not many people bother putting that much effort into it.
> in many cases the NSA was given direct control of the servers that stored the metadata (as with phone records)
I haven't seen any reporting which said that, and the PCLOB report directly contradicts that statement (see the Section 215 PCLOB report[9] p.23-24, "Delivery of Calling Records from Telephone Companies to the NSA")
> But it did show that there were mammoth amounts of American metadata present in the database (however it was collected).
Here[6] is the report and here[7] are the slides that it was based on. Note the dramatic difference in the number of times Americans' communications are mentioned in the report (I counted 11) and the number of times in the slides (I count 0). It seems more like he just took assumptions from the Section 215 reporting and faulty PRISM reporting and applied those biases. I've noticed that's a common theme in most of the NSA reporting - there's a lot of fear-mongering about the fact that they could be doing using their tools to target Americans, but no actual evidence. You could make similar arguments about police and guns: they could use their guns to go door-to-door and indiscriminately kill ordinary, law-abiding citizens. But they don't. There's a big difference between having the technical capability to do something and having the legal authority to do it.
> look at what the USAID Cuban Twitter program nearly succeeded in doing
1) USAID isn't the NSA, and 2) the only thing it nearly succeeded in doing was giving ordinary Cubans a means of using the internet to communicate free of government censorship. I don't see what I'm supposed to be outraged at.
> The JTRIG stuff is creepy, real and looks like something right out of a Stasi handbook.
JTRIG is GCHQ, not NSA, and when I think of things straight out of the Stasi handbook, I think of things like making people disappear from their homes in the middle of the night never to be seen again, not discrediting them on the internet.
In any case, I guess my ultimate point is that this issue defies all journalistic norms and really needs to be approached with much more scrutiny than most issues. This isn't a situation where we have dozens of reporters from AP, Reuters, ITAR-TASS, etc. all on the ground objectively reporting independently verifiable facts as they see them. Instead, this is an issue where we have mountains of classified documents who were handed over to few carefully selected reporters by a leaker who is only available for softball interviews by carefully chosen interviewers. The documents are largely incomplete, and the reporters display their biases quite plainly (Greenwald himself is an advocate of 'adversarial journalism,' which embraces bias rather than seeking to minimize it). I've had plenty of people tell me not to trust what the government says, but you can't analyze the situation critically without also extending the same degree of skepticism to the Snowden and his small circle of journalists.
> > First, the direct access the NSA DID have was not under the PRISM program.
You did not provide a rebuttal to this. You quoted Greenwald about the PRISM program. I was making the claim that there are bulk data programs that are NOT PRISM.
> > The 'targetted' collection of data itself turned out not to be very 'targetted' at all.
From the NSA review panel:
"In May 2006, however, the FISC adopted a much broader
understanding of the word “relevant.”84 It was that decision that led to the
collection of bulk telephony meta-data under section 215. In that decision,
and in thirty-five decisions since, fifteen different FISC judges have issued
orders under section 215 directing specified United States
telecommunications providers to turn over to the FBI and NSA, “on an
84 See In re Application of the Federal Bureau of Investigation for an Order Requiring the Prod. Of Tangible Things
from [Telecommunications Providers] Relating to [Redacted version], Order No. BR-05 (FISC May 24, 2006). 5
ongoing daily basis,” for a period of approximately 90 days, “all call detail
records or ‘telephony meta-data’ created by [the provider] for
communications (i) between the United States and abroad; or (ii) wholly
within the United States, including local telephone calls.”"
"Almost 90 percent of
the numbers on the alert list did not meet the “reasonable, articulable
suspicion” standard."
"The statutory objection asserts that the FISC’s interpretation of
section 215 does violence to the word “relevant.”"
> > in many cases the NSA was given direct control of the servers that stored the metadata (as with phone records)
> I haven't seen any reporting which said that...
The NSA review panel:
"We recommend that legislation should be enacted that terminates
the storage of bulk telephony meta-data by the government under
section 215, and transitions as soon as reasonably possible to a system in
which such meta-data is held instead either by private providers or by a
private third party. Access to such data should be permitted only with a
section 215 order from the Foreign Intelligence Surveillance Court that
meets the requirements set forth in Recommendation 1."
"We recommend that, as a general rule, and without senior policy
review, the government should not be permitted to collect and store all
mass, undigested, non-public personal information about individuals to
enable future queries and data-mining for foreign intelligence purposes.
Any program involving government collection or storage of such data
must be narrowly tailored to serve an important government interest."
The rest of the objections are variations on a theme. If you think I missed something I'll be happy to reply.
Regarding adversarial journalism - journalists and judges are the watchdogs of democracy, as they provide the public with the information and stage that information in ways that the public can respond to. State owned media is a very dangerous thing and America and other countries have passed laws limiting the ownership and direct news bearing to citizens.
However, when certain leverage exists (especially in cases where the public does not pay for news media), and when journalists readily repeat whatever officials and PR spokespersons say as though it were fact, or even set the stage with a apologetic hearing, you end up with Judith Butlers and Ken Dilanians. You end up with uncited apologetic airings of Defense Industry officials on the major news channels (and no contrarian voice).
“It was the best story in my life, and I wasn’t going to let anybody else write it…The whole global war on terror has been classified. If we today had only had information that was officially authorized from the U.S. government, we would know virtually nothing about the war on terror.” - James Risen, top US Military journalist for the NYT, Pulizer Prize winner
We need adversarial journalism just like we needed the mud rackers. And what I've seen of Glenn Greenwald's reporting has shown every sign of due diligence, or it has become clear later how well prepared the issues and articles were collated.
How can I vote without knowing what's going on? I'm a supporter of the United States, through and through. But I need to know what's actually going on to be a politically engaged citizen.
Adversarial journalism is the best way to do that.
> These slides aren't an example of skirting domestic laws - they're examples of expanding collection on the NSA's target through partnering with other countries.
The NSA and Israel trade information about each other's citizens, circumventing domestic law. [1] [2]
"The memorandum of agreement between the N.S.A. and its Israeli counterpart covers virtually all forms of communication, including but not limited to “unevaluated and unminimized transcripts, gists, facsimiles, telex, voice and Digital Network Intelligence metadata and content.”"
Have you seen the memorandum between Israel and the US? [+]
Before you go excusing the memorandum as not being a backchannel, remember that Hoover famously left an official paper trail of "I'm sorry, but the information you requested can not be served without a court order" but would serve the memo to those who made an illegal request by sending a trusted FBI agent who also had a copy of requested documents.
Australia spied on US law firms and handed the data to the NSA (with no court/warrant process in US). [3] [4]
The NSA will spy on others' citizens for them and share results. [5] [6]
"Britain's GCHQ intelligence agency can spy on anyone but British nationals, the NSA can conduct surveillance on anyone but Americans, and Germany's BND (Bundesnachrichtendienst) foreign intelligence agency can spy on anyone but Germans. That's how a matrix is created of boundless surveillance in which each partner aids in a division of roles.
They exchanged information. And they worked together extensively. That applies to the British and the Americans, but also to the BND, which assists the NSA in its Internet surveillance." [7]
"NSA 'offers intelligence to British counterparts to skirt UK law'" [8]
GCHQ provides more internet surveillance records than any other nation in the Five Eyes (ATM) and shares this, including the NSA without a warrant system. [9] [10] [11]
There's a great breakdown the GCHQ case specifically. [12]
Of course it goes the other direction as well. [13]
Don't just take this from journalists, leaked documents, whistleblowers, and embarassed officials. You can trust watchdog agencies inside of Canada to give you the scoop too. Watchdog agencies 'chastised' intelligence programs for using allied partners to circumvent domestic law in a 51-page document. [14] [15]
These partnerships are extremely common. The NSA has (had?) 37 partnerships of varying degree of collaboration. [16]
Going to get back to other bits later, as it is far too late at the moment. It's very difficult to square your claims against "not this program", leaks and reports by others (e.g. Risen, Binney), Senate Reports and legislation that tries to move the data from NSA hands back to telecom hands.
A short preview though.
WRT "they could be doing it" - there's a sordid history with intelligence agencies expanding their capabilities, and not having technical limitations in an area so easy to be covert (computer systems) is a recipe for disaster. Especially when you create an apparatus that won't just be used today, but will both store data from today and continue to get access to tomorrow and will be inherited by who knows who.
Of course USAID isn't NSA. The ethics don't concern me. Neither of those are relevant to the point, left woefully neglected.
You round JTRIG down. They disrupt individuals lives and aggressively target inducing paranoia. Yeah that's not the same as a black bag (that comes later, for those who are unfortunate to become a large enough problem). Black bag programs exist. How often are they wielded? Rarely. Thank god. It's not reasonable to draw your line in the sand at assassination or concentration programs. You've also missed the bit about being notified of your rights and being given a jury of peers.
JTRIG location aside, certainly CIA have those capabilities. NSA and GCHQ partner heavily. US has programs for 'persona management' and astroturfing (they at least have defense contractors that provide that ability) and the HBGary leaks show US intelligence contract for it. We aren't just talking about the NSA here. We're talking about institutionalized surveillance. That means signals intelligence, but also partners, HUMINT, ELINT, traditional law enforcement, etc.
Regarding Greenwald. I would love to see more people get access to more document (depends on which - I would like America and allies to win the cyber intelligence war). I'm not sure the powers that be want any more people looking at the documents. We'll see.
Minor nitpick, but I keep seeing people get this wrong: James Clapper is the Director of National Intelligence. He has previously served as the director of the National Geospatial Intelligence Agency and the Defense Intelligence Agency. He has never been the director of the NSA.
I know that (1) because Snowden's documents say so and (2) because I happen to have met one of the people who worked on one of the communication systems involved in PRISM at one of those companies and implemented the DITU integration at the time indicated in Snowden's slide -- and has the FBI T-shirt to prove it.
What's worse with Dropbox is that it deduplicates data across users. So it's really easy for someone who "needs to know" (like the NSA) as well as people who "would like to know" to "takedown" a single user for something and identify every other Dropbox user who has the same content.
