What good is a set of "rules" (not even laws) if they are deliberated and enforced behind closed doors? Why should the FBI even bother following these "rules" if nobody is transparently ensuring that they do?
Also, I did not realize just how intricately NSA data is shared with the FBI (and who knows how many other agencies). From the article, it sounds like any FBI analyst can run an arbitrary query on the "to" and "from" fields of email addresses, at any time, as many times as desired. So effectively the FBI has one giant inbox with Americans' communications in it?
That inbox will get hacked. It's only a matter of time. If thousands of federal bureaucrats have access to it, I would be very surprised if foreign intelligence agencies do not already have access to it in some capacity.
Scary stuff. People should continue to assume all systems are compromised and email is public information.
> That inbox will get hacked. It's only a matter of time. If thousands of federal bureaucrats have access to it, I would be very surprised if foreign intelligence agencies do not already have access to it in some capacity.
That is honestly my problem with NSA/FBI/etc.
They have the biggest pot of gold at the end of the rainbow and the attack vectors are limitless. Political [The Hitler scenario], technical [foreign intelligence, terrorists, basement hackers, etc.], handling of garbage [someone didn't dispose of it correctly], internal [someone wants to go a target on their own, sell it to the Chinese, etc], etc. etc.
The fact Snowden was able to do what he did is proof they aren't competent enough to be trusted with that pot of gold.
It probably has been hacked already. NSA respects FBI OpSec so little that this interface is already used to funnel disinformation to counterintelligence adversaries. That the lives of random citizens are randomly fucked up is a mere side benefit.
If there ever was an example of the pot calling the kettle black, this is it.
Recall that NSA allowed a Dell employee to have free reign of countless of their internal systems, and to make copies of literally hundreds of thousands of internal documents. Not just NSA documents, but also Australian Intelligence and British Intelligence documents. And probably a lot more.
Thousands of people is a gaping security hole in and of itself... Even the most technically illiterate state actor can pay off a dozen disgruntled federal employees to run queries.
It makes me wonder why the media doesn't focus on the human attack vectors. Buffer overflows and zero-day sploits are hard to understand... but anyone can understand bribes.
"What good is a set of "rules" (not even laws) if they are deliberated and enforced behind closed doors?"
Nobody in government service gets punished for following rules; many are in place to serve as a CYA measure. Oh, you did something that is horrible or unconstitutional in hindsight but that was how you were instructed to do it and you were following the rules? Well, here's a hand-slap for you, shame.
Contrast and compare with how our government treats whistle-blowers, for the full depressing experience.
> Oh, you did something that is horrible or unconstitutional in hindsight but that was how you were instructed to do it and you were following the rules? Well, here's a hand-slap for you, shame.
So, Nuremberg defense? I think we pretty much agreed in 1961 that criminal behavior following orders is still criminal behavior...
The data would be located on JWICS. The chances of it being hacked is close to zero. Foreign intel agencies do not have access except by deliberate leaks or a spy inside.
Most foreign agencies would probably take a far more direct route, one they've been using for centuries, and use one of the multiple moles they surely have placed inside of these organizations.
If private American communications data finds its way into the hands of foreign intelligence organizations, does it really matter whether the database was "hacked" technically or via traditional espionage? The end result is the same.
Actually, the term hacked is more often used nowadays in social engineering cases since that is how most data breaches occur. Espionage falls firmly under social engineering.
I hate secret courts. Everything about a secret court/FISA is offensive to democracy and the longevity of a free society. I strongly believe we will be ashamed of ourselves in the future for allowing them for so long in our country.
This end of even the pretense of due process, 4th amendment, and Posse Comitatus is one of the most important shifts in American domestic policy in my lifetime.
No no, your packets don't have to leave the US. They just have to be going to the same server as the guy from Germany. Social graph contact node exploration is what they do for fun and profit, 6 degrees of Kevin Bacon and all that.
Whats more, if you really get down to the technicalities, they have taps at all the major fiber nodes domestically, collect that information, but supposedly it's not collection in NSA terminology unless they look at it after they collect, which is just the most back-asswards way of arbitrarily defining terms as I can think.
So in reality, all your packets, even the encrypted ones, belong to them. Become a high target node on the graph for any reason, and expect your data to have a "7 year storage" tag, so they can focus your data and walk the cat back later.
Yes, the surveillance state is real, and it sets up what William Binney calls the "turn-key totalitarian state". FOSS and encryption will save the computer literate, but the masses are in for rude surprises.
Both you and that which you reply to are incorrect. Deliberate surveillance of domestic communications of any persons or international communications of U.S. persons without judicial approval is unlawful. Nonpublic information regarding U.S. persons incidentally captured in foreign surveillance must be minimized.
Surveillance state may be real, and we all know what has actually been going on (to include massive interception and storage of so-called metadata of domestic U.S. communication on a vast scale), but that doesn't change the fact that U.S. surveillance of foreigners located in the U.S., or of communications of U.S. persons that take international paths, is flat-out illegal without judicial approval.
What is really needed (barring a codified policy change by the legislature and executive), is some meaningful restraint from the Supreme Court on government intrusion into so-called metadata collection. We've come a long way since the pen register.
That was your point, but the replies by x5n1 and arca_vorago to which rebutting, misrepresented the status quo as legally permitting surveillance of U.S. persons transiting international boundaries. It does not.
Does the NSA have American citizen's data because other countries share it with them? I thought that they were forbidden from having this type of data...
The FBI already has some information -- that they got from NSA -- that they desperately want to use.
But they can't use it yet because they lack a credible cover story to use for "parallel construction" (look it up).
They tried to use Apple to get their little parallel construction cover story -- and now they're just changing the rules so they don't even have to use parallel construction any more.
During the big Snowden leak time frame, it came out that the DEA had been conspiring with other agencies, using the NSA data, to perform parallel construction illegally.
So we already know it's going on within the US Government. Is the FBI using it? Whatever the line is between plausible and damn certain, that's perhaps where this falls.
Also, I did not realize just how intricately NSA data is shared with the FBI (and who knows how many other agencies). From the article, it sounds like any FBI analyst can run an arbitrary query on the "to" and "from" fields of email addresses, at any time, as many times as desired. So effectively the FBI has one giant inbox with Americans' communications in it?
That inbox will get hacked. It's only a matter of time. If thousands of federal bureaucrats have access to it, I would be very surprised if foreign intelligence agencies do not already have access to it in some capacity.
Scary stuff. People should continue to assume all systems are compromised and email is public information.