The NSA slides are highly damaging to American service providers, thus they are trying to be as forceful as possible in these statements. There are already European government officials calling for the discontinuation of American services and for the development of European alternatives. Making the matter worse is American official's arrogant short-sighted reassurances that the surveillance is for foreigners only. As the NSA called it "our home-field advantage", that these dominant global Internet companies are located here, could quickly be lost thanks to the hubris of our government.
We should give foreigners rights that Americans enjoy. If American enjoys 4th amendment protection, so can foreigners. That mean you can't spy on foreigner without getting a warrant from an open court, rather than secret courts with secret ruling.
Edit:
I am not arguing that foreigners should receive welfare check and benefit from social programs. I am arguing that if they are targeted by the US government, they should be subjected to the same protection. There should be no special exception for anybody, because the special exception was used to justified the NSA spying program.
I completely agree. Our constitution represents the best thinking (at the time it was written, and it's if it still applies) of the best set of rules by which to treat people fairly.
Unfortunately, there are people that venerate the constitution that ignore its precursor document which states that we believe all men are created equal.
If all men are created equal, then they should be treated as such, unless we want to repeat the "some are more equal than others" line.
Are you surprised that the Constitution is venerated more than the Declaration of Independence? The former is the supreme law of the land (or rather would be if it were not ignored without consequence so frequently), and the latter is rhetoric. It is lofty and high-minded rhetoric (or rather would be if its authors had actually meant that all persons should be equal) but rhetoric nonetheless, void of legal value.
I don't mean to agree or disagree (though I am inclined to disagree, I admit, which is why I ask the question). By asking, though, I hope to see the advantages and disadvantages in a real-world situation.
Universal jurisdiction[1] is a fairly new concept, and there definitely precedents. The Nuremburg trials are notably the first major application of jurisdiction over a distinctly separate, foreign and sovereign nation.
Most things that qualify as precedents are predominantly rulings on genocide, crimes against humanity, extrajudicial executions, war crimes, torture and forced disappearances.
The impact of universal jurisdiction is not simple, in fact it flies in the face of Westphalian soverignty[2] in the sense that it destroys it utterly, potentially disrupting over four centuries of precedent and denying nations' inherent right to self-determination.
Great post. I think that there is a distinction to be drawn here, though.
Nuremberg essentially applied penalties for rights violations to people of a foreign, sovereign nation.
The proposal in the GP comment is for new rights–not new responsibilities–to be granted to people of a foreign, sovereign nation.
So I appreciate the background you have provided, and I want to springboard from there to draw a distinction, and to see if there is any precedent for something even more similar.
The simplest and most direct springboard would be "There is no taxation without representation" however that is a whole different (and more volatile) debate.
The UN Human Rights Council[1] would probably be the highest authority to appeal to, considering they have enshrined many rights as natural human rights that are inviolable and universally applicable -- for example freedom of association and assembly, freedom of expression, freedom of belief, Women's rights, and so forth. Many nations don't recognize these rights (and quite a few don't recognize the UN's authority) and the UN's ability to enforce respect of these rights is quite non-existent, but it's a good place to start.
I think in the sense that the rights are human rights, then all humans should get them. But the civil rights in the US Constitution and amendments are, for the most part, meant to protect citizens from the government becoming too powerful and abusing its power. The framers of the constitution, being in the novel position of actually getting to decide what the powers of their own government were to be, were very fearful that it would be too powerful. A fear soon validated by the French Revolution's problems. (The idea that civil rights are somehow "earned" as mentioned in this comment thread is odd... the rights are not a "reward" to be earned, they were put in place as a precursor to any government: no American starts off without them and you do not need to be a taxpayer or even a citizen to enjoy them, you just need to be in US-ruled territory.)
It does not make sense for anyone not residing in the US to be given freedom of speech or the right to bear arms by the US government. These rights are allowed (or not) by whoever governs the place where you are. If the US government is spying on you on your territory, it is up to your government to protect you. Note how the US government reacts when another country is spying on our citizens (well, corporates anyway.)
The fourth amendment was not put in place because "gentlemen do not read each others' mail" but because the Brits used to bust in with general warrants to try and collect taxes and it pissed off the colonists. It was not the principal of the thing, really, but the consequences that got the colonists' goat. Since the US government can't really do anything to people not within the US except as an act of war, their search of your property--while reprehensible--is not meant to have been protected under the 4th.
It does, unfortunately, make perfect sense for any non-American to want their Internet traffic kept from traversing US soil if by so doing it places that communication under US scrutiny. I suspect it would not be hard to set up routing tables that keeps traffic from entering the US unless that's the destination (but I'm talking out of my armpit, I'm not a network engineer.)
Those foreigners usually have those responsibilities in their own countries.
The same works the other way around.
Wouldn't it make sense to have reciprocity so it ends up being a game of citizen collaboration, rather than of competition (as in many other areas of international diplomacy and law)?
> Wouldn't it make sense to have reciprocity so it ends up being a game of citizen collaboration
Yes, I'd be perfectly happy with that. In fact, I'd be thrilled to have the same protections when travelling abroad. Unfortunately, most countries don't provide such protections for even their own citizens.
Say you use some service based in Europe or Asia, and you visited a bunch of countries in Europe or Asia. would you be okay if those governments accessed your data, without any reason, without any warrant? It is not about Americans vs foreigners, or paying taxes or jury duty - it is about having a valid reason for anyone to access anybody's data, and doing it the proper way (warrant etc). Not just in the US, but anywhere in the world.
May be other governments in other countries are doing the same, we don't know. If that's the case, this is very depressing - pretty soon, everyone will be spying on everyone else (if that is not already happening), and this wouldn't be a nice way to live
No offense but I already assume that any information that would run across e.g. Iran or China is intercepted and extracted for absolutely everything it's worth.
Mostly I avoid the issue by not visiting Weibo, etc., but I realize that's not very helpful for those not in the U.S. since there's really only the one Facebook, Google, etc.
Perhaps this kind of thing would lead to either increased federation of website (e.g. there's be a U.S. Google and a E.U. Google and swapping amongst them would not be completely frictionless).
Either that or reciprocal agreements between different nations to increase the privacy rights of their citizens (in fact I thought these already existed). But I don't see a solution that involves not having all these nations intelligence agencies simply skipping out on the collection of intelligence part.
I wasn't saying they should skip intelligence collection, please re-read my comment above. The intelligence agencies exist and are needed for a reason, and they should collect/process information etc - that is their job, isn't it?. No-one is disagreeing with that. However, they should do it via proper legal channels, and do it with valid reason - not just collect all information on everyone en-masse. And the laws governing these should be transparent.
Well whatever else it is, PRISM is "valid legal channels" (even for foreign citizens). There's no generic authority to simply extract information on any desired foreign citizen even now. The law itself is transparent, though the court system actually implementing it is not, nor is the proceedings by which the law is drafted and debated.
But with that in mind I'm not sure how much you're really asking to be different.
The fourth amendment, and Map v. Ohio; upholding civic duties are the end of the deal that civilians are to be responsible for, ceding tyrannous behavior that is disallowed by legislation is the government's. Obviously barring the fact that the Constitution seems to just be a long-standing joke to the government, or so it seems as of late. Also, to be clear I'm not defending the point of whom you responded, I'm just outlining the support for it.
And yet your government asserts rights of control over them without your granting them any legal recourse. Tell me, how do you think that's gong to play out, ultimately?
maratd's idea is that in order to not be violated by a government, one must pay that government. The people you pay will violate you if you don't pay them. It is a textbook protection racket.
Of course it is not accurate to state that the government is running a protection racket because his initial premise from which that follows is stunningly idiotic in the first place. Rights are not given in return for tax money, not even in America. Non-taxpaying non-citizens enjoy basic protection under the law if they happen to be physically located in America; they don't have to "buy" that.
That "physically located" qualification is what needs to be changed. "They don't pay taxes to us" is not an excuse.
> We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.--That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed, --That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness.
All men. Rights endowed by their creator - not the government. The way I read that, regardless of government or location of their birth, the basic rights enumerated in the constitution are the birthright of every single human.
My favorite way to battle the stupid bullshit neocon xenophobia is to leverage their own anti-state agenda (which, to be fair, I generally agree with) against them, by pointing out that the false dichotomy of us/them is based upon them labeling someone as "American"/"foreign", which is in turn based upon whether or not they are born within or without an imaginary line drawn by the state.
>PS: inb4 "but slaves are people too"
Slaves were considered property like cattle, I'm sure there are higher ups who view non-natural born citizens and/or immigrants that way.
Definitely, I'm on the lookout for any kind of service that operates in a country with transparent law enforcement and accountability.
I trust Google not to share my sensitive information (product strategies, negotiating positions) with competitors on request, I can't trust some random agent who knows he won't be held accountable if he looks up and sends that information to his cousin.
There's the potential here to 'disrupt' the whole of silicon valley.
> I'm on the lookout for any kind of service that operates in a country with transparent law enforcement and accountability.
And Diogenes thought he had it bad when looking for an honest man. That the U.S. did this is completely despicable and I'm furious at my government--especially, the guy I voted for who ran on a platform of stopping this--for continuing to pull these stunts. I look out over the panoply of countries with "modern, well-formed" legal systems, and I keep seeing the same abuses:
http://news.bbc.co.uk/2/hi/science/nature/2027377.stm - "The [United Kingdom] National Technical Assistance Centre (NTAC) will decrypt computer data and intercepted internet and e-mail traffic as part of a drive against cyber-crime..."
http://www.smh.com.au/technology/technology-news/every-click... - "[The] telephone and internet data of every Australian will be retained for up to two years and intelligence agencies would be given increased access to social media sites such as Facebook and Twitter..."
Plus, if you're a foreigner (e.g. an American using Australian services), what incentive does the "other" country have to care about you? No one has complained, in this whole debate, about one country spying on the citizens of another country. This uproar happened because the U.S. NSA admitted to gathering data on domestic people under the guise of doing "foreign" surveillance.
The data retention laws in Australia haven't been approved yet to my knowledge, but as part of the Echelon program they're not safe either. Although at least they announced the intention to make those changes to let democracy work and, and didn't use gag orders for spurious reasons.
I'm expecting something in Europe (ThePirateBay crew seem pretty trustworthy), or some self sufficient island? (New Zealand?)
Nope, the processes and safeguards around what the GCSB and SIS can do in NZ are laughably relaxed and just became more so. The GCSB were the agency who fucked up Kim Dotcom's case, after all.
> Definitely, I'm on the lookout for any kind of service that operates in a country with transparent law enforcement and accountability.
Being European, I'm looking for services which operate in my home country. I prefer to be spied where I'm a citizen, because US clearly only protects the privacy of its own citizen, and because it is illusional that intelligence services be transparent.
However, there is no such thing as a european company running cloud services for email, rss, file storage and social network: Not even talking about dismissing american-funded strat-ups, all the supposedly European services are run under a .com website, and this extension puts them under american trade and penal laws - We've had this example of a piracy UK website run by UK citizen be trialled in US, where the defendant knew no-one, for the domain was in .com.
Note that I would trust a cloud service registered in my ophome country and in .se, because they have proper forms of government.
Who's up to start such a company? I'd give them big money to keep my records home.
This is not correct. You and your site are certainly not subject to "american trade and penal laws" just because a .com registered address directs to your server. They can seize your domain name, but that's it.
They can extrade the person: "As long as a website's address ends in .com or .net, if it is implicated in the spread of pirated US-made films, TV or other media it is a legitimate target to be closed down or targeted for prosecution"
It should be noted that the European Economic Area is currently implementing the Data Retention Directive[1], which in my opinion is worse for end-users than what the blogosphere is extrapolating from some dude's PowerPoint slides in this case. If you're using a US hosted service, there's nothing preventing you from deleting your data if it hasn't been subpoenaed already. European countries are starting to enforce a 6-24 month minimum retention period for traffic data.
We're talking about stock consumer services which should be commoditized, at the very least. With AtMail, The Old Reader, Diaspora, there is already open source software to cover most our vital needs, and it is not impossible to develop cloud services in other continents.
I wouldn't be surprised of a sweeping European law saying "For the safety of European Intellectual properties, it is forbidden for businesses to store their email in Gmail". The game is to explain the WTO that this is not protectionism, and given the present NSA leaks, it only makes it easier.
It just depends on how much they want it. China has built decent knock-offs for search engines, email, social network, etc. without much trouble. And as a bonus they've helped grow their software industry.
I agree, less money on the power point, and more on the Utah data center[0]...and just for laughs, lets not forget Ryan Fogle[1], the CIA agent captured in russia.
The comment about MS Paint is one of the stupidest, most naive things I have ever seen on HN. Have you every worked for a company or organization outside of SV? Nobody gives a shit what your slides look like in the real world. Sure, ideally slides wouldn't look like crap, but since most "normal" people don't even notice, nobody tries very hard.
Eh, I'll say this much, the design really does scream "GOVERNMENT PRESENTATION" all over it.
Even the issues about the slight differences between WaPo and Guardian variants of the slides are easy to explain with different versions of Microsoft Office (or even using LibreOffice to try to open).
I'm struggling to make sense of all this. On the one hand, the denials from the companies in question are becoming more and more genuine and convincing - on the other, the NSA PowerPoint did leak which very clearly states the companies' involvement and no one's thus far denied its validity.
The most likely explanation is that PRISM = FISA. The Washington Post article with the slides begins "Through a top-secret program authorized by federal judges working under the Foreign Intelligence Surveillance Act (FISA)..."
Now imagine how this works in practice. The FBI (not NSA, other articles have stated that the NSA works by handing a request off to the FBI to implement on domestic soil) comes to a tech company with a signed court order to hand over the user data for a user suspected of criminal actions. The tech company complies. The data is normalized and assembled on the NSA end, and then a realtime feed goes to the PRISM GUI where an analyst looks it over. At no point does the government ever reveal the name "PRISM" to the tech company - why would the NSA ever reveal top-secret codenames outside of the organization.
When the program is made public, it's the NSA side of the story that hits the papers. The tech companies have never heard of PRISM, they know that the NSA does not have boxes inside their datacenters, and the whole accusation seems ludicrous.
It's a mistake, when you find out that a secret has been kept from you, to assume that other people know about the secret as well, even if they were involved. The NSA is not in the business of telling businesses about confidential national security projects.
Probably neither. It is just my guess, but it seems like the NSA slides overstate how much access they have (after all, this is a $20MM project) and the journalists took them at their word/pushed the sensational angle. The tech companies are understating how much they work with the government. No one is strictly lying, but their various interests are conflicting.
I have a hard time Glenn Greenwald would stake his reputation on this without having more concrete proof. I think that there is still a lot more information to be let out. They are slowly leaking more and more every day so that the story stays in the news. It's a clever tactic. I'm curious why Greenwald isn't going to release the "highly detailed technical materials on how they eavesdrop" that he claimed he had on Twitter. [1] Perhaps it would give up his source? Or maybe it just contains too much national security information or whatever? I'm not sure.
Uh, Glenn has said even more stupid stuff IMO in the context of the Pfc. Manning case so it wouldn't surprise me one bit.
In fact I'd argue that Glenn's reputation is based more on being a "civil liberties watchdog" and far far less on actually being right in his reporting. So in that regard he's simply padding his rep even further.
I'm not sure what Glenn said in regards to the Manning case, but wouldn't that be different because in this instance Glenn is the person who broke the story and has the source? He's casually mentioned on Twitter and in his articles that there's more information coming out. So I reckon we will see.
"it seems like the NSA slides overstate how much access they have"
This strikes me as pretty implausible; verifying the extent of their access to someone's gmail or facebook account seems like something the NSA should be able to do very easily. I think it's safe to assume that this part of the project is $20M, not that they have $20M worth of access to the internet.
Potentially no one is lying, because even if the information in the slides were 100% accurate, they could describe a wide range of possible programs and implementations, many of which are also 100% inline with the companies' claims.
For example, if PRISM is really just an internal NSA tool for interfacing, searching, storing etc information procured from these providers from different means (such as NSLs or FISA warrants), then obviously no company joined it. It's an internal tool! The idea of 'adding' just becomes ensuring normalization of data and other such 'mundane' things.
Note I say, 'for example'. Because amongst all the yelling about, we still don't actually know what the fuck PRISM actually is, and arguments just revolve around how charitable/cynical you are about the parties involved.
This is also what I sort of assume. All of these tech companies like facebook, and google, probably got so many requests for info from the feds that at a certain point, it must have somehow made sense to switch it up and just give them an automated web form somewhere. (direct access to servers..) The telcos have probably had these since way back.. Eventually, there would be quite a few of these web forms, so some 'top' coders put together a system for the feds to query all of the forms at once with one request. Paint on a GUI and call it PRISM. It was nice to hear that Yahoo! still sorts out their fed requests by hand.
Facebook and Google (Zuck & Page) have also stated that each request for data is inspected individually. I don't know where you're getting that there's some automated system for pulling user data.
On Thursday, James Clapper, the Director of National Intelligence, wrote "The Guardian and The Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. They contain numerous inaccuracies."[1]
Today, he released a fact sheet[2] which stated, among other things,
* PRISM is not an undisclosed collection or data mining program. It is an internal government computer system used to facilitate the government’s statutorily authorized collection of foreign intelligence information from electronic communication service providers under court supervision, as authorized by Section 702 of the Foreign Intelligence Surveillance Act (FISA) (50 U.S.C. § 1881a). This authority was created by the Congress and has been widely known and publicly discussed since its inception in 2008.
* Under Section 702 of FISA, the United States Government does not unilaterally obtain information from the servers of U.S. electronic communication service providers. All such information is obtained with FISA Court approval and with the knowledge of the provider based upon a written directive from the Attorney General and the Director of National Intelligence. In short, Section 702 facilitates the targeted acquisition of foreign intelligence information concerning foreign targets located outside the United States under court oversight. Service providers supply information to the Government when they are lawfully required to do so.
* The Government cannot target anyone under the court-approved procedures for Section 702 collection unless there is an appropriate, and documented, foreign intelligence purpose for the acquisition (such as for the prevention of terrorism, hostile cyber activities, or nuclear proliferation) and the foreign target is reasonably believed to be outside the United States. We cannot target even foreign persons overseas without a valid foreign intelligence purpose.
* In addition, Section 702 cannot be used to intentionally target any U.S. citizen, or any other U.S. person, or to intentionally target any person known to be in the United States. Likewise, Section 702 cannot be used to target a person outside the United States if the purpose is to acquire information from a person inside the United States.
These companies are making themselves look really bad to anyone paying attention. Nobody is reporting that they joined a program to volunteer illegal access to user data, so these assurances are canards. What is being reported is that the NSA has been running a secret program to legally collect user data from these companies. If these companies want my respect, they need to admit that these reports are true, declare their opinion against the practice, and state their position on legal reform to make such practices illegal.
What do you call the Google Transparency Report document then? They have been admitting it and documenting it, to the best of their ability (when not gagged). Google has been fighting these in court, they have declared their opinions against the practical, they have been lobbying against these laws. They've done everything they legally can do, unless Larry Page wants to risk being put into federal prison.
The PRISM leak started as this dramatic claim that NSA is hoovering up all of the person data of everyone in the cloud. Now this has been mostly retracted to tech companies sending them data on individual accounts as requested by lawful court order, which is what they've been doing, in public view, unclassified, for years, and admitting it -- that they respond to lawful requests on a case by case basis.
What more do you want? The denials are about as vehement as they can get. The NSA denies the "firehose feed" hypothesis as well.
Sincere question: was it not common knowledge that these companies would hand over user data if compelled to do so by the government? What exactly is new about this revelation?
I'm not sure how others feel, but for me the systematic nature and the scope of collection are what get my hackles up. Requesting specific information on a specific individual because of the suspicion that a crime has been committed is perfectly reasonable. Collecting information on everyone in order to search for illegal activity feels like a serious violation of privacy. We can debate about the kind of information they can get through NSLs only being "metadata", etc., but that's the crux of the issue for me.
There is no evidence they collect information on "everyone". Everyone has denied the firehose feed hypothesis, even the NSA. Verizon didn't deny it, proving that there's no gag order, nor did the NSA. So we have Verizon admitting a metadata firehose, but everyone else denying it, which seems to suggest the tech companies are telling the truth.
I hope so. But we have no insight into how much information was put in the "locked mailboxes." From what we do know, it's reasonable to assume the NSA has been gathering as much information on as many people as is/was legally permissible.
Exactly. This kind of technically correct, but utterly unhelpful resposnse reminds me of the Adolf Eichmann trial. Where have they been the last 10 years? Where are their values and spines at?
You see, if you don't stand up, you still get counted. "Little Brother is watching you, too"
i think the reason this statement feels like it carries more weight is that it doesn't read like a mad libs where the CEO has filled in their company name in the required blanks.
I don't care about whether a given company "volunteers information" (or has it compelled), or whether it's via "lawful means" (which means, we got a secret court order or an NSL for everyone). What I want to know is, of the N users you serve in Country X, how many have had information turned over to a third party?
If you qualify it as "any third party", I really doubt the proscriptions over disclosing specific FISC or NSL orders apply. They do receive orders to turn over information for all sorts of reasons, some of which are totally legitimate.
Wow bet Yahoos glad they took a little longer than Facebook and Google to 'set the record straight'.
This statement definitely carries much higher conviction language that related statements, interesting to note the absence of Marissa Mayer from the statements. I would guess that it just gives a little more PR distance in case things blow up further.
Lately all these PR statements from the companies involved are so carefully structured that they can be interrpreted 2 clear ways.
1) Face Value. Don't look into the wording and just see that so many companies "accused," are not involved.
2) Semantics. Look at the wording for hidden meanings, possibility of a gag order, and these companies are (in reference to this article) involuntarily involved.
I think they are general so the person reading it will take it as they want. I posted a "what will you do now," post on here [0], because that's really what this comes down to. I agree with most that I've ALWAYS assumed we were all monitored, but as I've said many times....it's not what they know, it's what they can prove in court (that's why I'm thankful CISPA got blocked...it was kinda like legalizing what was already going on to be able to use what they know in court).
All the organizations in question have a permanent smut on their record. The angle I'm missing in this discussion is that this is a business opportunity for something new and better. Acquiring new users for a search engine, social network, etc was damn near impossible because you couldn't compete with the resources, quality and brand. Now they have a flaw; privacy. Maybe the homogeneous landscape of the tech industry can get shaken up. Kim Dotcom is creating an anonymous email service and I'm curious to see what other alternatives for common tech pops into existence in the wake of this.
Changing a government will take a lot of time; but a business outside the reach of US legislation could pop up tomorrow.
