NSA Email Surveillance Pervasive and Ongoing

dkleinsc writes "The NY Times has a piece about work being done by Congressman Rush Holt (D-NJ) and others to curb NSA efforts to read email and Internet traffic. Here's an excerpt: 'Since April, when it was disclosed that the intercepts of some private communications of Americans went beyond legal limits in late 2008 and early 2009, several Congressional committees have been investigating. Those inquiries have led to concerns in Congress about the agency's ability to collect and read domestic e-mail messages of Americans on a widespread basis, officials said. Supporting that conclusion is the account of a former NSA analyst who, in a series of interviews, described being trained in 2005 for a program in which the agency routinely examined large volumes of Americans' e-mail messages without court warrants. Two intelligence officials confirmed that the program was still in operation.'"

NSA line eater

[davidwr]

Time to bring back the NSA line eater?

--
bomb assassinate washington north korea iraq spy poison

afraid to reply because...

[Minion of Eris]

the NSA might read my comments.

What about spam?

[houstonbofh]

Just start your e-mails with "I found your address on that site..." and the NSA spam filters will drop it.

Seriously... I can't even read ALL my mail. And if I tried, I would probably be infected with 10 Trojans.

Re:What about spam?

[Locklin]

That's precisely the problem. Low signal-to-noise ratio implies a high false-positive rate. They are not likely to find any terrorists, but are probably invasively "profiling" plenty of innocent civilians.

Re:What about spam?

[sshir]

And not just "profiling".

What happens is that they (NSA) DoS-ing investigative resources. FBI and such have only so many men in the field to check the facts. As a result, the ability (probability) to identify true threats goes way down.

The same goes for other after 9/11 security "improvements" like, for example, indiscriminate "deep background investigation" of immigrants - the queue became so long, that it takes years now (not shitting) to get men from "interesting" countries checked! And I'm not talking about nutcases holed up somewhere in Pakistan mountains - I'm talking about people who already walk the streets of the US!

Too bad we don't know how to imitate free market's ability to optimally allocate resources in rigid government setups...

Oh, quit whining

[rbrander]

You got the government you deserve, just like your founders promised. The Executive won't stop this, you know that now - the most "transformational" figure you could have possibly elected got in, and he's down with all of the new executive powers. The Congress won't stop this, because you NEGLECTED TO FIRE MOST OF THEM for ignoring such things for years.

Start firing congressmen and senators in significant numbers, and things will change. Otherwise, quit the damn whining.

Re:

[oneirophrenos]

Why don't share your insight with us - how is an average citizen to "start firing congressmen and senators"? The ability of a common person to influence governmental matters is, as it always has been, very limited.

Re:

[Shooter28]

Stop voting for them.

Re:Oh, quit whining

[kenp2002]

Stop voting for them.

That is no more effective then trying to stop drug crime by say "Stop Buying Drugs" or stopping poor education by saying "Stop Failing Tests".

Even if 1/2 the people stopped voting for democrats or republicans those same democrats and republicans would still win, by a larger magin in fact due to fragmentation between Libitarians, Consitutional, Socialist, Communists, Green, and Independent canidates.

The way to stop it is to PARTICIPATE in the political system rather then just voting or not voting which is the last, and minor step in a long political process.

Voting is just crossing the finish line in the marathon of politics. You wouldn't say that someone who drove to the finish line, got out, and crossed the finish line "participated" in the marathon, no more then someone voting participates in an election.

Get into a party, be active in it, and:

"Be the change you demand rather then hoping for change in others."

Re:Oh, quit whining

[daem0n1x]

Maybe if your political system was proportional instead of based in electoral circles, there wouldn't be the duopoly of two parties that alternate in power with no significant difference between them.

By giving no chance to the smaller parties you're automatically excluding any innovation that could shake the political system a bit.

Re:

[houstonbofh]

Maybe if your political system was proportional instead of based in electoral circles, there wouldn't be the duopoly of two parties that alternate in power with no significant difference between them.

That is only for one position in government. A powerful one, yes, but one that would be limited by a Libertarian congress, for example.

Re:

[kenp2002]

Bills originate in the House of Represenatives which doesn't involve an electoral college. The US President cannot do a whole lot in actually drafting laws, more so the power of veto is part of the checks and balances in that interplay.

Since the seats in the House are by district there is substantially more control over who is elected due to the local level. Money can't hide the fact your an asshole in politics at that ground level where as in the senate you can pretty much BS your way into office with enou

Re:Oh, quit whining

[anagama]

Ummm ... you're thinking our government still abides by the Constitution and are ignoring the huge powergrab the Executive branch has been engaged in for years. In a few decades, Congress and the Supreme Court will be nothing but a rubber-stamp factory for the president's whims.

Re:

[kenp2002]

There hasn't been any power grabs that I have seen. In fact I haven't seen any new executive powers added that weren't there already. The last "Power Grab" that I can remember in history was Theodor Rosevelt.

Re:

[AshtangiMan]

Don't fall prey to the thought trap that the current trend will continue forever. Just like the stock market these things tend to cycle. I'd bet that in 50 years the swing will be back to the states. I don't know how, but the elephant that is the federal government just can't continue to grow. It'll more likely pop like NASDAQ.

Re:

[Red Flayer]

Since the seats in the House are by district there is substantially more control over who is elected due to the local level. Money can't hide the fact your an asshole in politics at that ground level where as in the senate you can pretty much BS your way into office with enough money.

And yet we're still left with only the choice of "the elephants' asshole" or "the asses' asshole". It's assholes for everyone, assholes all around. The very nature of the patronage-based parties ensures that non-assholes are

Re:

[CarpetShark]

The way to stop it is to PARTICIPATE in the political system

Hardly. The reason people put up with the current system is that they believe most people are in favour of it, and they, being reasonable people, have no right to go against the majority. When most people reject the system, giving voter turnout of around 20%, then any government elected by it will clearly be illegitimate, and therefore citizens will feel justified in sitting down to discuss a new system.

You can rarely replace a system by particip

Re:Oh, quit whining

[fuzzyfuzzyfungus]

http://wubi-installer.org/ [wubi-installer.org]

Re:

[kenp2002]

Never in a presidental election in my lifetime has turnout gone below 35% of the population and as far as 1960 goes has averaged around 44%. Over the whole history of the nation I would wager it has only averaged 50% at best.

year, voters, registerations, voter turnout, %
2008* 231,229,580 NA 132,618,580* 56.8%
2006 220,600,000 135,889,600 80,588,000 37.1%
2004 221,256,931 174,800,000 122,294,978 55.3
2002 215,473,000 150,990,598 79,830,119 37.0
2000 205,815,000 156,421,311 105,586,274 51.3
1998 200,92

Re:

[Gizzmonic]

Even if 1/2 the people stopped voting for democrats or republicans those same democrats and republicans would still win, by a larger magin in fact due to fragmentation between Libertarians, Consitutional, Socialist, Communists, Green, and Independent candidates.

Actually, what happens is that every time the 3rd parties start to gain traction, one of the major parties adopts some of their platform. This has happened throughout the history of the United States and it's a good thing. So those 3rd parties aren

Re:

[JCSoRocks]

We need more term limits. Life long politicians are just ridiculous. They start out somewhat normal and by the time they've been in it for 40 years they're corrupt and crazy and named Ted Stevens. Nothing changes because the people don't change because the incumbent has an insane advantage. It's well known that the incumbent almost always wins. I have no idea why this is but it's gotten to the point where neither party really even bothers with a district if the incumbent is running.

Personally, I've voted

Re:Oh, quit whining

[Tanktalus]

It's a dangerous thing to contemplate "fixing" politics. You have to be careful that the fix results in a full net benefit over the current system. And I fully realise that the current system is as corrupt as hades.

For starters, you need to try to imagine what type of people you're going to attract to public service with your change. Is it the people you want to have running the country, or will it further exclude them, leaving public service only for the power hungry?

I ask this of people who oppose politicians (whether municipal, state/provincial, or federal) getting raises. Or tax-free allowances (which, let's face it, merely means they're getting paid more than it looks). If you pay your councillor such a small pittance than only the independently wealthy or the power-hungry will pursue it, how do you expect to attract those who are well-educated and would do a good job? Those people would rather work for the private sector (whether big corps, startups, or entrepreneurially) where they could make double or triple the money, and not have to reapply for their jobs (often at great personal expense, at least for municipal politicians) every few years (every year or so, it seems, for federal politicians in Canada *sigh*). If, and I'm not saying this is necessarily a good idea, we paid our politicians at a rate that the caliber of leader we wanted would get if they were in the private sector, do we not think we'd get more good candidates "applying" for the job? Sure, we'd get more power-hungry people, too, but we'd at least have SOME decent candidates, possibly. Whining about their pay rate right now, when we also complain about how stupid our representatives are, seems counterproductive to me.

Similarly, what type of people would we get with term limits on house/senate members? We'd get a lot more people who don't know what they're doing, that much is obvious. That would definitely impede activity in government - though if you're of the opinion that this is a good thing, I'm not going to argue with you (not really my topic here anyway). But, beyond that, who would you get? You'd only get people who think that the pay and the benefits (POWER!) are worth giving up your career for that term limit (everyone assumes they'll not only win, but be re-elected as many times as the law allows). Let's say it's 12 years. Would you give up your career for 12 years to "serve" in government? Would the type of smart, wise person who you'd want to represent you in government be willing to give up his/her career for 12 years? Would they want to take the risk of getting back into their old career? What types of careers would be easy to give up for 12 years and re-enter? Is that the type of person you want in government? (I'd think lawyers would be one such career, as might MBA's... other careers, like IT or research or Engineers or Medical Doctors or the such might not be so easy to get back to, especially when recertification is required.) Think about it. Who would you get? Is that an improvement? If it's merely a wash, it's not worth the turmoil to make the change. I suspect it'd be worse than what we have now. Don't get me wrong - on the face, I like the idea of limiting politicians' careers. But I'm not sure that such a limit would improve government, or make the corruption worse.

Re:

[Sloppy]

Even if 1/2 the people stopped voting for democrats or republicans those same democrats and republicans would still win, by a larger magin in fact due to fragmentation between Libitarians, Consitutional, Socialist, Communists, Green, and Independent canidates.

Right now, half the people aren't voting against republicrats. When your republicrat congressman wins with 26% of the vote instead of 52%, then we can come up with a way to make him lose. But right now, it's not even close.

Actually, I think the re

Re:

[arb phd slp]

Maybe the solution isn't "stop bitching and start voting." Maybe it's really "stop bitching and start running for office." Now that's sacrifice, and it's no wonder no one steps up. (For sure, don't fucking look at me!) It's easier to just accept a corrupt government.

This is it exactly! The system wasn't designed for people with the skills and capacity to lead to show up for one day every two to four years to choose someone else to do all the work. Direct, personal involvement is the solution to all of our problems. Really. The system itself isn't as broken as people think it is.

I ran in 2004 and I learned a lot. I plan to do so again as soon as I get out of grad school. As small and underfunded as I was, I influenced the discussion. I lost (96 votes, grumble grumble),

Re:Oh, quit whining

[L4t3r4lu5]

You make a lot of people aware of the issues with that particular congressman, then they all contact their government representative regarding the issues with that congressman, and they in turn bring up the issues in congress. One congressman says "Hey, I heard that Billy Blogs has been doing some nasty stuff with this interception malarky! I don't know exactly what it is, but it sounds like he's been listening in on domestic American citizens' communications!" Another congressman says "Awww hell yeah, I hurd that too!" and pretty soon the guy is out on his ass.

Unless he has Haliburton as a sponsor.

Re:Oh, quit whining

[mpapet]

The ability of a common person to influence governmental matters is, as it always has been, very limited.

This is a false statement that people who aren't actually interested in doing the work required to make changes in the organization of their Republic.

American history is full of examples of real changes made by determined groups.

Temperance. (Americans still have a bunch of crazy laws thanks to these folks.)
Suffrage. (A constitutional amendment too! )
Civil rights.
Abortion rights (This battle is still on. The ones that fought for them, and the ones dedicated to taking them away)

So, get off your ass and get to work. Oh wait, I forget where I'm posting this.

Re:

[kenp2002]

Thank you for exposing the real debate behind abortion, Judicial Legislation. I hope to see in my lifetime that crap ruling overturned so the debate gets back to those who should be debating it. Now only if we can get private property rights back...

Re:

[MobyDisk]

Run for office, on a platform of stopping big brother. You don't need to win, you just need to be noticed. The problem is that it is one thing for a concerned citizen to write their congressman and vote; but it takes someone who is really one in a million to run for office -- and it usually falls to the ambitious ones, not the righteous ones.

Re:Oh, quit whining

[arb phd slp]

Bullshit. You're like the elephant who remains constrained by the tiny piece of rope tied to a stake. If you want to use "I can't afford it" as your rationalization for not being involved in the governance of your community, go ahead and do that, but it is only as much of an obstacle as one thinks it is.

I spent about $750 on a campaign for state legislature... and every evening and weekend from June until October. I didn't spend that time raising money, I spent it talking to my neighbors. In the process, I met a couple of people who are in Congress now. They didn't have any money. I also saw candidates going down in flames to candidates who spent a third of what they did.
I think it is giving up evenings and weekends to do political things that makes good people (especially most here) not want to do it. I mean, my bread beats rubbery chicken at the VFW and Rotary and the circuses are on TV.

Re:Oh, quit whining

[donaggie03]

So you spent $750 plus every weekend from June until October. But did you win?

Stop engaging in anti-politics.

[copponex]

Any American who complains that they can't change things ought to be totally ashamed of themselves. Despite all of my criticisms of this country, I do keep in mind that it is one of the freest and most open societies that has ever existed. The biggest problem is overcoming propaganda that tells you that you can't do anything.

And no, voting for someone doesn't count. It's just the least you can do. A real democracy is when a bunch of people from a community get together, decide what they would like done, and then elect someone from their group to go do it.

To all the centers of power, this is known as the "crisis of democracy" - when people actually start running their own country. It's their nightmare scenario, and a goal we should all be dedicated to achieving.

Re:

[Prof.Phreak]

"start firing congressmen and senators"

...out of a cannon...into the sun.

Get off message boards

[Shivetya]

and get on the street and use that shoe leather.

If you want to effect true change you have to put the time and effort in. Politicians rely on APATHY. They know most people will buy whichever person is more effectively packaged and presented to them.

and don't forget the other problem, Congress sucks but my Congressman is one of the few good ones.

Re:

[anagama]

I hope you used a coffee house IP for that, because now it's on their list.

Re:

[sumdumass]

This situation isn't anything new. The US government has had a program like this since the mid 90's and if you remember right, they abandoned their own software for doing so in favor of commercial software (produced by the hack club cult of the dead cow I think). It was project magic lantern or echelon or something of the sorts.

I'm not sure if this "recent" awareness of the program brings about anything new or any new applications but I believe that it was already settled in the courts where a judge said th

Re:

[japhering]

I'm not sure if this "recent" awareness of the program brings about anything new or any new applications but I believe that it was already settled in the courts where a judge said that because a computer and not a human was monitoring, it wasn't in conflict with the constitution.

Sending email has long be held to be the equivalent of sending a post card through the mail. You have no expectation of privacy and the law recognizes this fact. Similarly, if you do NOT encrypt your email, you have no expectati

Re:

[houstonbofh]

Passably depending on the type of encryption, it could be compared to holding it up to the light. But if you have strong encryption, that is reasonable suspicion, right? So just read your e-mail on offshore servers via ssh. That should not draw attention.

Re:

[anagama]

While email may be about as private as postcards, the analogy still fails. It would work if all postcards were first sent the NSA where they were read before being remailed. That isn't happening so with postcards, the message might be read, probably inadvertently. With email, the message is read intentionally.

Re:

[japhering]

Start firing congressmen and senators in significant numbers, and things will change. Otherwise, quit the damn whining.

Sorry, I can whine all I want.. I didn't vote for anyone in charge for just those reasons.

Re:Oh, quit whining

[bcrowell]

Start firing congressmen and senators in significant numbers, and things will change. Otherwise, quit the damn whining.

I live in Orange County, California, which is famous as a bastion of Reagan-style conservatism. In the last general election, my congressman, Ed Royce, outdid his Democratic opponent in fundraising by more than 10 to 1, and won with 67% of the vote. Your prescription is not going to work here in my district. Vote the bum out? If you tell my neighbors that the NSA is reading people's email, they'll probably say that's great, because it's a good way to fight terrorism. My district isn't unusual, either. The reason incumbents in the US almost always get reelected is that we have a two-party system with geographically defined election districts, and party loyalty is highly correlated with geography.

It's a majoritarian fallacy to say that if the minority's rights are violated, the minority should just vote to have them not be violated anymore. The reason we have a constitution is to protect the rights of the minority, even when violating them is a very popular, majority position.

Re:

[Hurricane78]

Allright then! *hopes they have not seen the educational movie "how not to be seen"*

HAI
I HAZ A GVRNMNT
IM IN YR LOOP
VISIBLE "FIRE!"! AUDBL "*BANG*""
NERFZ GVRNMNT!!
IZ GVRNMNT LIEK 0?
YARLY
KTHXBYE!
NOWAI
VISIBLE "MOAR!"
KTHX
KTHX
KTHXBYE

lolrus@icanhascheezburger.com ~ $ ./sjlol.py gvrnmnt.lol
FAIL: INFINITZ LOOPXORZ!

Re:Oh, quit whining

[PeeAitchPee]

the most "transformational" figure you could have possibly elected got in

That's the root of the problem -- people think that BHO is "transformational" because he's a great used car salesman and he happens to be black, but in reality, that's all he is -- a slick used car salesmen who's big on charismatic speeches but woefully short on concrete details, who's selling universal healthcare, an end to the war in Iraq, and all of the other things the Democrats have over-promised during the election and under-delivered -- while every day sinking our country deeper in tremendous debt of levels never before conceived. The Republicans have already proven that they're no better, BTW.

The glaringly obvious answer is to vote for third-party candidates. I don't even care who at this point -- practically any new blood would be welcome. Throw these sons-of-bitches the fuck out of DC and our state and local governments -- both Democrats and Republicans -- and lets see some candidates from other parties in power. Quite frankly, short of a brutal dictatorship, it's pretty hard to imagine fucking things up worse than DC is now doing, on both sides of the aisle.

Re:

[anagama]

Have you seen this yet:
http://www.archive.org/details/ThePowerOfNightmares [archive.org]

Lot's of video of current jerks weaving their evil future selves.

Re:

[anagama]

Considering the content of your message, no wonder you posted as AC. Obama isn't all that better than Bush privacy wise, and his 100% employment program for Health Insurance Executive Middle-men is just frosting.

SMIME

[iluvcapra]

You don't have to wait for government action to keep the NSA from reading you personal email. Get your friends and family a Freemail x.509 cert from Thawte (no cost, a Verisign cert costs $30/yr) and use S/MIME.

Re:SMIME

[oldspewey]

I will give you $100 if you can provide instructions on implementing this that can be understood by all my friends and family ... and that includes my elderly relatives and my "but this is how it come when I bought the computer" friends.

Re:SMIME

[MyLongNickName]

Easy

Step 1. Call your friend, oldspewey and have him install and configure it for you. He LOVES helping his friends out for free.
Step 2. Just give him a piece of pizza when he is done. It is the only thanks he needs.
Step 3. If anything goes wrong with your PC just call him up and bitch. It is obviously something he did to break your computer.

Now where is my $100?

Re:SMIME

[oldspewey]

Ahhh, a page from the book of "it's funny because it's true."

I used to be "that guy" ... giving advice, offering to help people configure things, recommending hardware and software, etc. Then I slowly came to realize a few things:

- People don't value the time you spend helping them
- The more dire the warning being delivered, the more people resent hearing your advice
- Nothing ever sinks in. By constantly offering to help people, all that happens is they develop a mindset of dependence. They sort of slide into the belief that computers are so hopelessly complex they will never be able to figure anything out.

I now just quietly accept the notion that most of my friends and family are riddled with trojans, and I assume that anything I send to them is also being sent to a criminal syndicate in Bulgaria.

Re:

[iluvcapra]

The mechanics of the process can be mastered in an hour. Understanding the principles involved takes a few hours of reading. The only thing keeping people from learning the tech is apathy- if they cared about sending private, authenticated emails they would meet you halfway. But they don't. If it's very important to you, just refuse to send them emails until they get a cert, or they use PGP. You don't get security on the Internet "for free."

Re:

[JimMcc]

I disagree. You have obviously never dealt with the elderly. My mother (mid-70's) gets completely derailed when Comodo pops up asking here to confirm access to the net by Firefox after a new version install.

Different people have different abilities. Some otherwise intelligent people get completely flummoxed trying to follow instructions related to computers. Until S/MIME or other encryption methods can be installed and configured as easy as most anti-virus programs (click to start, click to accept defaults

Re:

[Locklin]

Funny thing is, you would have to educate them, but not how to use S/MIME or PGP, but how to use a mail client. Once they are on a client, and it's configured for them, it's as simple as a "green message means it's a secure channel" (or what ever their client does). Unfortunately, people have come to fear installing software on a computer and believe it's much safer and simpler to just do everything through the big e.

Re:

[bcrowell]

I will give you $100 if you can provide instructions on implementing this that can be understood by all my friends and family ... and that includes my elderly relatives and my "but this is how it come when I bought the computer" friends.

There are two problems. One is the one you refer to, that mail clients make encryption way harder than it needs to be. The other is that there's a network effect. I could figure out how to get encryption working with my own mail client, but that would do me absolutely no g

Re:

[wiz31337]

You're kidding right?
A x.509 certificate will only slow the NSA down a few seconds (if that).

Re:

[nizo]

Yeah, but think of how many more of their resources they will spend monitoring this guy and his family and friends that would otherwise be spent rummaging through our email. So yeah, everyone please start using encrypted email!

And while you are at it, make sure to install lead curtains on your windows and scrambling hardware on all your phones too.

Re:

[Jah-Wren Ryel]

You're kidding right?
A x.509 certificate will only slow the NSA down a few seconds (if that).

That's all it takes to essentially opt out of these trolling expeditions.
If they decide to focus on you specifically, then you've got other problems.

Re:

[Sloppy]

Yeah, a lot of people don't get that. You can't beat the bad guys, but you plus a hundred million people like you, sure can.

Re:

[clang_jangle]

Surely that'll just get you extra special attention.

Re:SMIME

[secondhand_Buddah]

I hate to burst your bubble. But the NSA have full access to the keys. Why do you think Mark Shuttleworth (Now of Ubuntu fame) was paid US$ 575 Million for Thawte? Becuase he controlled a sizable portion of the market, even though physically it was a very small operation.
There is a whole history here but in short, Verisign was started by several ex CIA directors shortly after the Clipper chip program failed. The Clipper chip was an encryption chip designed to handle all encryption. In short the CIA would legally be able to access your keys on the chip. there was a public outcry and the program was shelved. No one expected Mark Shuttleworth to gain such a large portion of the market so rapidly, so they paid him a small fortune to get full control of the market. So basically if you want to rely on personal encryption, use PGP, because certs from Thawte and Verisign are not secure from the prying eyes of government agencies.

Re:

[wkk2]

Just how can a CA get my private key that is stored and generated on a smart card? I could imagine that a certificate-signing key could be taken from a provider via a National Security Letter or other means but this wouldn't give access to a users private key. It might allow a man-in-the-middle attack on https via a forged certificate. Browsers probably should cache public keys and warn if they change before expiration. An attack on SMIME might allow for forged email but it would be difficult to acces

Re:

[secondhand_Buddah]

Well firstly, the keys are generated by a trusted third party (Verisign or Thawte). What makes RSA encryption feasible is the concept of a trusted third party (TTP) . The TTP issues you your private key, and so of course they have a copy of it.
You can of course set up your own RSA key server. Its pretty easy to do, but that means that you are your own TTP which is fine for internal security, but definitely does not work on a public network for encryption where parties need to be identified.

Re:

[wkk2]

For web servers, I've always generated my own key pair and submitted the only the public key for a certificate signing request. If the email key pair is generated by a third party, the whole procedure is bogus. Last time I looked at SMIME, the sign up processed caused the browser to generate the key pair so the private key was never sent. If this is no longer the case, the whole concept needs to be redone and the "trusted third parties" should be ashamed.

Re:

[fractalus]

Not to mess up a good rant, but you do understand that when you hand off a key to a certificate authority for signing, you only give them the public portion of the key? The same portion everyone who communicates would need in order to encrypt anything?

The CA signs your public key. It's basically a third party that confirms to Alice that Bob uses a particular public key. And if you know the public key is correct, only the owner of the private portion of the key can use it for encryption.

The kind of attack th

Re:

[Chris Burke]

No, you have been misinformed. I can see how a couple sentences in that explanation could be misleading, but certifying that you possess the private key associated with your public key does not require the certificate authority to have your private key, and the phrase "...private key, which is also provided to the user" should not be construed to mean the certificate authority is creating your private key for you.

You and only you possess your private keys. Nobody else, not the certificate authority or any

Re:

[just fiddling around]

Ok, let's say I'm down with this.

Now, tell me how I can get my hands on the private keys for these certificates WITHOUT the NSA getting them in transit?

Try the approach Cory Doctorow demonstrated in Little Brother X: do a keygen-countersigning party.

Re:

[brkello]

Sounds like a great idea from someone divorced from reality. This might work for people with 3 tech friends. The rest of us have normal friends that don't care about this sort of thing so we would prefer that the government would obey the laws instead of making us jump through hoops.

Re:

[Abcd1234]

in my case all my friends have gmail accounts. It's not easily accessible to the government (assuming google's internal traffic is not tapped)

God, please don't tell me you're that naive. "It's not easily accessible to the government"?? It's one simple subpoena away, ffs! Assuming, of course, they don't just "convince" Google to give them real-time access to Google's systems.

Seriously, Google is one massive SPOF. That's the *last* thing you want if your goal is to circumvent government surveillance.

Re:

[geekoid]

Wow, just wow.

Ok, here is the point, ready?
It doesn't matter where your email is becasue ti must move through the internet, so its all available when ever you send it...by design.
Oh, and if they want to they will just see who licks it up and get a court order for that person computer? what's that? it's encrypted? well then the will be stymied...unles that put a program to read the email after it's been decrypted.
So, ot a lot you can do and you might as well use Google for convience.
Pretty much all your emai

Re:

[Abcd1234]

It doesn't matter where your email is becasue ti must move through the internet, so its all available when ever you send it...by design

That's what encryption is for. In additional, decentralized transmission and storage (particularly if the links are SSL encrypted) makes the job of organizations like the NSA that much harder.

And note, I said harder, not impossible. My objection is that the GP seems to think that Google is some kind of secure mail solution. It's not. In fact, it's inherently less secure

Re:

[dkleinsc]

One subpoena away is much better than the zero subpoenas away it currently is (which is the whole point of the article).

Our last best hope?

[auric_dude]

Choose from NSA http://www.eff.org/issues/nsa-spying [eff.org], privacy http://www.eff.org/issues/privacy [eff.org] and a whole load of other stuff http://www.eff.org/about [eff.org].

More From The Atlantic

[wiredog]

Here [theatlantic.com].

Four NSA domestic surveillance programs.

• Terrorist Surveillance Program, which involves the monitoring of telephone calls.
• "Stellar Wind," e-mail meta-data mining.
• a program that keeps tabs on all the information that flows through telecom hubs under the control of U.S. companies and within the U.S.
• Pinwale e-mail exploitation.

Why is this a surprise?

[Maximum Prophet]

"Never Say Anything" can do anything they like, because there's no effective oversight. They, and the CIA, are secret organizations, you don't even know who works for them. You can't have oversight of a secret organization.

Congress can bluster all the want, but all that really going to happen in the end is the TLA in question will say. "We promise not to get caught again"

Re:

[geekoid]

"You can't have oversight of a secret organization. "
They do have oversight. What they do not have is transparency.
There is a difference.

My Dearest NSA,

[Bob9113]

My Dearest NSA,

Allow me to use, for the first time in my life, a turn of a phrase that I generally find to be rather repugnant:

If you fear freedom so much, why don't you move to Iran?

This country is for people who love freedom. Who are willing to risk their lives for it. You scared, little, cowards -- shivering in your pajamas at night wetting your bed because you don't know everything I am thinking, all the time -- have no right place in this, the Founding Fathers' most extraordinary experiment.

You think you are more trustworthy than The Constitution? I do not trust you as much as the average crazy screaming panhandler on the corner, let alone as much as the average free American Citizen. You are too scared to be trusted. Scared people act unpredictably. And certainly I do not trust you as much as what is perhaps the most inspired legal document in history.

You are the threat to the American way of life. Not us. Your cowardice eats away at us, and our great society, like a disease. If you can't handle freedom, move to a master planned community with big gates, or even one of the many authoritarian regimes around the world. But don't shit all over what makes this country great just because you can't handle freedom.

Re:My Dearest NSA,

[dkleinsc]

If you fear freedom so much, why don't you move to Iran?

Because in Iran they'd be facing street protests.

Re:

[CarpetShark]

If you fear freedom so much, why don't you move to Iran?

This country is for people who love freedom.

No, the USA used to be a place of freedom, back when persecuted Quakers etc. were fleeing there from Europe. Over the years, it's become less and less interested in freedom, and more and more one of the places that no longer understand freedom.

Similarly, Linux used to be a place of FREEdom, back when a few geeks used it as an alternative to Windows. Now, as it becomes more and more mainstream, less people

Re:

[Bob9113]

Essentially, it's a tragedy of the commons... whenever things become mainstream, they lose the qualities that made them non-mainstream. The only solution is to then step outside of that stream (i.e., out of normal USA society) by moving elsewhere, or getting "off the grid" somehow.

I feel you. [that doesn't sound right without the matching verbal inflection, but I'm keeping it because it is what I mean]

But I'd rather stay here and try to re-ignite patriotism in our hearts and minds than try to create it some

Re:My Dearest NSA,

[BlackSabbath]

Wow! One of the most eloquent Slashdot posts in defense of the Republic that I've read in a while.

However one of your assumptions is fading fast. When you state:
> This country is for people who love freedom. Who are willing to risk their lives for it.
This assumes that:
(a) people understand "freedom" as the founding fathers understood it and not merely freedom to consume whatever the talking heads tell us.
(b) people are actually willing to risk their lives for it.

Unfortunately, I think that the transformation of the enlightened Republic to the Idiocracy portrayed in film is well underway. In addition I believe that even those that still value true freedom are increasingly less willing to risk their lives for it. Hell, most aren't even willing to risk their comfort for it. A society that is too comfortable with itself is perfectly setup for golden handcuffs.

Ironically, in Iran right now, people actually ARE putting themselves in harms way to protest apparent fraud on the part of the executive.

I sympathise 100% with what you've written but sadly I'm convinced that its almost too late for the republic to be saved without "refreshing the tree of liberty". The sad part is that a lot of people would read your post and wonder why you're over-reacting. They think of "Democracy" and "Freedom" as mere trademarks associated with the US of A. Meanwhile, every pillar of the constitution is under attack and while some are noticing, very few are standing up.

Wake up people! Look at what's happening in Iran - the lesson is this: no matter how powerless you think you are, governments of all persuasions fear nothing more than a populace aroused to anger. To quote Jefferson: "What country can preserve its liberties if its rulers are not warned from time to time that their people preserve the spirit of resistance?"

Re:

[brkello]

*clap clap clap* Very moving...really...*cough* Anyways, I am sure the NSA isn't as you describe them. They shouldn't be breaking the laws...but I am sure they just see themselves as trying to protect American lives. They aren't scared/cowards/bed wetters...they are people just like you and me. They are misguided, sure, but calling them a bunch of names and telling them to move out of the country is a bit stupid.

Oh, and Iranians want freedom too...way to fail paying attention to current events.

Re:

[Bob9113]

Anyways, I am sure the NSA isn't as you describe them. They shouldn't be breaking the laws...but I am sure they just see themselves as trying to protect American lives. They aren't scared/cowards/bed wetters...they are people just like you and me. They are misguided, sure, but calling them a bunch of names and telling them to move out of the country is a bit stupid.

I know I cannot convince the NSA to act American, but I can point out the folly of their action by portraying them as what they are: An organiza

Re:

[DNS-and-BIND]

It's rather cliche in Obama's America, but here's an essay [blackfive.net] which attempts to answer that.

Let me expand on this old soldier's excellent model of the sheep, wolves, and sheepdogs. We know that the sheep live in denial, which is what makes them sheep. They do not want to believe that there is evil in the world.

The sheep generally do not like the sheepdog. He looks a lot like the wolf. He has fangs and the capacity for violence. The difference, though, is that the sheepdog must not, cannot and will not ever h

Solution: PGP

[headhot]

sure the NSA can probably crack PGP, but if every one used it, the NSA would not have the capacity to crack every message, forcing them to target communication, which is what they should be doing in the first place.

Re:

[Locklin]

I'd put money on the notion that they simply ignore encrypted email, and if you have been flagged for some other reason (or perhaps by metadata like destination), would rather knock down your door and take your computer than try to crack strong encryption.

Re:

[The Moof]

They probably ignore the mail, but flag you as a well. The government seems to be a fan of the "if you have nothing to hide, then why can't I see everything" mindset.

Re:

[geekoid]

They are targeting communication. Do you mean 'individuals"?

Re:

[Spatial]

The problem is that it has to be integrated, automatic and completely transparent. I haven't used it myself but I assume it's something that needs to be present at both ends.

The people that comprise the majority of email users are completely ignorant of such things. If they're required to understand anything, they'll take the easy way and it'll fail to take off. Which is where we are now.

Encryption has to be the easier way to go. It needs to be the default in popular email clients, Gmail, MSN, etc.

Who cares?

[SuperKendall]

I think it's pretty absurd that people are complaining about the U.S. government scanning emails.

emails are sent in the clear. If you really cared, you'd encrypt it all. Lots more people than the government have been and will be looking at your email, it's inherent in the nature of the system.

The truth is that almost nothing anyone sends via email is worthy of this furor. Again, anything that you don't want others to see you should have encrypted or sent by other means (we still have a postal system you

Re:

[geekoid]

We shouldn't ahve to encrypt our emails to keep the government out.
In a nation of laws there needs to be laws and regulation about only allowing the government to read our correspondence in very specific and defined manners. When they aren't followed, the people not following the laws nede to be dealt with in an appropriate manner.

Re:

[Sloppy]

When they aren't followed, the people not following the laws nede to be dealt with in an appropriate manner.

That just isn't a practical answer to passive scanning, because usually you'll never know it happened.

If someone breaks into your house and steals your computer, you know that something happened ("hey, where's my computer?!") and can investigate, call the cops, etc. The law might end up getting enforced.

If you live in a glass house and someone with a telescope is peeking through your walls, you

Re:

[gstoddart]

emails are sent in the clear. If you really cared, you'd encrypt it all. Lots more people than the government have been and will be looking at your email, it's inherent in the nature of the system.

Telephone messages are sent in the clear too, but it requires a warrant to listen in on them.

The truth is that almost nothing anyone sends via email is worthy of this furor. Again, anything that you don't want others to see you should have encrypted or sent by other means

That doesn't give the government blanket p

Not a real big surprise

[OrangeMonkey11]

Big brother will always be watching what you do; the only thing you can do is vote for someone you hoped would monitor and blow the whistle on activity such as these to keep it down to a somewhat manageable discomfort.

It's a postcard!

[Kiliani]

Since the beginning of (internet) time sending an email has been like sending a postcard. Everybody along the way handling your message can read it if they so choose. You know it, they know it. If you expect privacy, then you cannot be helped. The Electronic Communications Privacy Act is not much worth here ...

I'd rather have people make sure that the NSA is not listening to my phone calls - and you know that this is happening too, at least when you have communications going beyond the borders of the US.

Which of our former classmates and colleagues ...?

[your_mother_sews_soc]

Which of our former classmates and colleagues (and/or professors) work on these kinds of systems? Thirty-something years ago I never would have imagined my peers working to undermine our freedoms by writing such code. I just don't get it. We were taught in classes such as "Computers in Society" things like ethics. This was before the year 1984, and most of us had read (or were aware of the premise of) Orwell's "1984." This would never happen, we thought.

Unfortunately this, and other data mining crap has been created and 1984 is alive and well and it can't be undone. All because some people - some programmers - thought that getting paid was better than doing what is moral and ethical in a free state. We are no longer free, ladies and gentlemen.

new email sig

[spidercoz]

dirty suitcase nuke anthrax bomb jihad the great satan yellowcake plutonium ricin nerve gas flesh eating plague bring on the virgins fuck you NSA

Re:

[kenp2002]

Actually we found in the 1990s an automated phone recording system that kicked in based on key words. It was in a lab at a college and the little recorder worked well. We figured that the goverment had asked for it. We plugged it in (not able to figure out what triggered it) and found that talking about the movie Air Force One with Harrison Ford triggered the little bastard.

So if you want to piss off the goverment and waste taxpayer money try the following sentence:

"Hey did you catch that movie AIR FORCE ON

Email was never secure to begin with...

[Logical Zebra]

Remember, email is sent in cleartext, unless it's encrypted, which most of us don't actually do.

examined != read

[ArcCoyote]

The summary isn't clear about if the warantless bulk surveillance covers content or metadata

Warrantless examination of email headers and other non-content information (IPs, From, To, Subj, relaying hosts) is legal without a warrant, as it is analogous to examining the envelope of a letter without opening it.

Same deal for call records, which are also examined in bulk.

Re:Government investigating Government?

[Sponge Bath]

"Oh wait, someone is knocking at the door...

MiB: Pizza man!
AC: [peers out peephole] Where is the pizza?
MiB: In our awesome van! Come on out and get it...
AC: Well, I do like pizza and vans.

Re:

[Spatial]

They're in it for money, not the greater good. Most people don't even know you can, there's a lack of demand.

Its been tried before...

[BlackSabbath]

> SMASH IMPERIALISM WITH WORKERS REVOLUTION!
> Workers to power!

OK, I'll bite. "Workers to power!" And then what?

It's been tried before. Didn't work out too well as I recall.