Rise of the US Surveillance State

The electronic surveillance of the Internet is well established in the US, and yet, is it properly regulated? Does the law sufficiently protect privacy rights, and what do recent investigations and prosecutions imply for the future?

Here's a summary of the privacy issues related to the Gen. David Petraeus investigation to kick things off.

I'm not sure how I feel about this issue yet. I'm wondering if the FBI's ability to trace digital records is really that much different than their ability to knock on a door and seize documents. I do feel that they shouldn't be doing anything without a warrant and probable cause.

The second problem is that there is simply no way to escape electronic surveillance in this country. The overwhelming majority of cameras in the country are owned by private companies. That doesn't even consider the potential of being "filmed" by 200 million people.

Per NPR, one thing being sought is making a warrant standard for getting online info. I'd be in favor of that.

Well, but they have to *search* for the documents. With the ability to slurp up phone calls and Internet, there's a new... type? level? of collection that was not technically possible 10 years ago. Seems to me that changes the game. I'd like to see more awareness of this in the public, but it *is* inevitable, in my view. I'm hoping that it will be put under strict controls.

Robear wrote:

Well, but they have to *search* for the documents. With the ability to slurp up phone calls and Internet, there's a new... type? level? of collection that was not technically possible 10 years ago. Seems to me that changes the game. I'd like to see more awareness of this in the public, but it *is* inevitable, in my view. I'm hoping that it will be put under strict controls.

An update seems pretty vital--as the story mentions, the bill covering online privacy is from 1986, which, man alive.

I think tied into the "Racism and internet vigilantism" thread I don't think people realize how open the internet is.

Also somewhat to the Libor scandal that there was really damning evidence sitting in emails.

If people realized this what kind of different cost benefit do they run in their brain instead.

People don't murder other people because they know its wrong. Sadly some people just don't because they know they will get caught.

Well there are some things to take into account here.

Americans tend to think anything and everything is "private" or "confidential" until they say otherwise.
Some things erroneously seen as private include your name, your street address, your phone number.

Americans tend to think that what they say or do, regardless of venue is private as well. These would include conversations on the street, phone calls made in public, etc.

Here is a great rule of thumb. Something most often ceases to be private when someone else is the recipient. Why anyone would think that a letter sent to an office, let alone something posted on the internet is private is beyond me. When you are looking someone in the eye, with 4 walls around you, then you can expect privacy.

Now before someone comes up and says it. Unlike Clarence Thomas or Scalia, I do in fact see evidence of an American Constitutional right to privacy.

This whole business about outrage that Gmail is not private is beyond me. Would any reasonable person entrust hotmail or Gmail or Yahoo with their confidential business e-mail? Not likely. Google as a third party trustee of your communications has a very low interest in your privacy. In that same way a mail carrier has a low interest in your privacy if you send an unsealed envelope. A cop who hears you conduct a drug deal because you left your car window open as he walks by is not invading privacy.

What is an issue, for me, is that people entrust ISPs, cell carriers, web service companies to safeguard their privacy. You might as well tell a secret to a 7 year old. Privacy, security, confidentiality is not their business. Private is not the default setting on life. You need to ensure and safeguard privacy.

I think a major step would be to get the courts (because the legislature sure as hell won't) step into the issue and declare that data on a carrier's servers or network is not theirs to give out freely. We already have a robust warrant system in place, and it can even handle fast-moving espionage cases. The same principal we apply to phone tapping should apply to all information transmission methods, from satellite transmissions to carrier pigeon.

I'm in agreement with KG that we have a responsibility to keep the things that we really want private secure, but the counterpoint is that we should have a reasonable expectation that others will not engage in undue invasion of our privacy. The mail carrier doesn't really care about preserving the secrecy of my unsealed mail, but he also shouldn't be dropping it off with the police or an identity thief ring to look through before sending it on. Nor should the nearby police officer be using a laser microphone to listen in on the conversation through closed windows. There is a side of due diligence for business and security concerns, but Google and Yahoo shouldn't be selling my email conversations or publishing them on a whim.

Robear wrote:

Well, but they have to *search* for the documents. With the ability to slurp up phone calls and Internet, there's a new... type? level? of collection that was not technically possible 10 years ago. Seems to me that changes the game. I'd like to see more awareness of this in the public, but it *is* inevitable, in my view. I'm hoping that it will be put under strict controls.

In cases where they're slurping up as much data as they can and put it through some a program that looks for specific words or phrases (an assumption on my part, I have no idea how they actually handle the data they grab), I'd like to see them have to get a warrant to manually look to see whether it's a valid hit or a false-positive, and then a different warrant to conduct an actual investigation into the person/group that triggered the system.
Edit - Looking through the data they've slurped up for other information from/to the people/group (that didn't trigger an alert), or adding the name(s) of the people/group to the list of things that would trigger an alert would be considered an investigation and require the second warrant.

Would any reasonable person entrust hotmail or Gmail or Yahoo with their confidential business e-mail?

This is a dismissable offense in the company I work for, and other large tech firms. So is using external "Dropbox" style file storage and transmission for internal docs.

Another good article in the WaPo today. Note that they talk about the FBI having access to email communications, but they limit the discussion to email access obtained through providers. There's another capability in the Intel world, and I wonder how permeable that barrier is in these cases.

On Capitol Hill, the case has drawn references to the era of J. Edgar Hoover, the founding director of the FBI, who was notorious for digging up dirt on Washington’s elite long before the invention of e-mail and the Internet.

“The expansive data that is available electronically now means that when you’re looking for one thing, the chances of finding a whole host of other things is exponentially greater,” said Rep. Adam B. Schiff (D-­Calif.), a member of the House intelligence committee and a former federal prosecutor.

In this case, Schiff said, the probe may have caused more harm than it uncovered. “It’s very possible that the most significant damage done to national security was the loss of General Petraeus himself,” Schiff said.

A good reason for enhanced privacy laws is not to chop off your legs in the course of trying to figure out whether your toenails need to be trimmed...

Some of you might be interested in reading a Law Review article co-authored by a very young Justice Louis Brandeis.

http://groups.csail.mit.edu/mac/clas...

His most famous written opinions were on free speech, privacy, and monopolies/cartels.

I want you all to bear something in mind. In America, at common law, privacy is not the norm. Privacy is a group of narrowly carved out exceptions. And the concept of anything you say or do being private until you decide otherwise is not correct. This comes up often when it comes to the privacy and confidence among communications with professionals.

KingGorilla wrote:

And the concept of anything you say or do being private until you decide otherwise is not correct.

The concept that everything you say or do is public is not correct either. It all depends on who you are, what the information is, and how/where it was said/written. Those "narrowly carved out exceptions" cover quite a bit.

To create a false dichotomy between private and public communications is just the problem. A wrongheaded view that speech or activity is necessarily one or the other is overly simplistic.

Your e-mails are not private, unless you are hosting your own server and exclusively sending e-mails to yourself. Your privacy interests erode as you involve more people.

I think there is also a major misstep to assume that all people that you may share private information with are as ethically or legally bound to keep that confidence as say a doctor or a lawyer.

You need to remove this misconception that things you say to other people are inherently private. That does not fly in America, more other places from the commonwealth. Attempts have been made to stop the publishing of letters from notable figures on these very grounds, and failed. You sell a desk that contains love letters from your husband, let's call him Richard Wright, and those letters can be published.

Even before the internet your privacy comes down to you, your care, the care of the people that you entrust your information into. A fiction of privacy cannot save you when you or the people you entrust with your communications are careless. The law, the courts, even so called natural rights do not exist to bail people out from their own negligence, the derelection among their confidants, or their ignorance.

Getting back to the mail. And you can do this with e-mail as well. Our Postal system has different levels of letters, UPS does as well. There are certified letters, certified signature required, etc. These have different legal significances. Sending a letter is a far cry from sending a letter registered mail, in a tamper proof envelope, signature of recipient required.

Sending an e-mail vs sending an e-mail with an attachment vs sending an e-mail with a password protected attachment work the same way. If you want a communication sent via e-mail to be as private as possible, password protect a document or PDF and send that as an attachment.

Sending an e-mail vs sending an e-mail with an attachment vs sending an e-mail with a password protected attachment work the same way. If you want a communication sent via e-mail to be as private as possible, password protect a document or PDF and send that as an attachment.

If it's for work, it won't be private even with those precautions. If you want private, tell them in person.

KingGorilla wrote:

To create a false dichotomy between private and public communications is just the problem. A wrongheaded view that speech or activity is necessarily one or the other is overly simplistic.

Your e-mails are not private, unless you are hosting your own server and exclusively sending e-mails to yourself. Your privacy interests erode as you involve more people.

I think there is also a major misstep to assume that all people that you may share private information with are as ethically or legally bound to keep that confidence as say a doctor or a lawyer.

You need to remove this misconception that things you say to other people are inherently private. That does not fly in America, more other places from the commonwealth. Attempts have been made to stop the publishing of letters from notable figures on these very grounds, and failed. You sell a desk that contains love letters from your husband, let's call him Richard Wright, and those letters can be published.

Even before the internet your privacy comes down to you, your care, the care of the people that you entrust your information into. A fiction of privacy cannot save you when you or the people you entrust with your communications are careless. The law, the courts, even so called natural rights do not exist to bail people out from their own negligence, the derelection among their confidants, or their ignorance.

I think we're talking about different concepts of privacy. When I say something to a friend, it's private to us. If my friend then tells anyone and everyone about the conversation, he hasn't violated my privacy, just my trust.
As for the attempts to prevent letter of famous people from being published, your link earlier said that public officials and the like will understandably have less privacy than non-public figures. It all depended on who you were, and what the letters contained.

Getting back to the mail. And you can do this with e-mail as well. Our Postal system has different levels of letters, UPS does as well. There are certified letters, certified signature required, etc. These have different legal significances. Sending a letter is a far cry from sending a letter registered mail, in a tamper proof envelope, signature of recipient required.

Sending an e-mail vs sending an e-mail with an attachment vs sending an e-mail with a password protected attachment work the same way. If you want a communication sent via e-mail to be as private as possible, password protect a document or PDF and send that as an attachment.

Sending a normal letter via the USPS is still private. Tamper proof envelops and signature requirements are just measures meant to ensure they get to their intended recipient with their privacy intact, and provide evidence if they don't.

If I sent an email from my gmail account, and someone at Google read the contents of the email, they would be violating my privacy. They can do things that are in accordance with their privacy policy (since I've agreed to it), which covers more things than most people probably expect it to, but they cannot read my emails without a compelling reason (again, outlined in their privacy policy). If I sent it from my work account, or to my friend's work account, who else could read it would be determined by our respective employer's policies regarding email.

Stengah. Google scans all of your e-mails sent and received in order to tailor the ads that you receive. The text of your e-mails is scanned by a google program.

To date Google has not disclosed the full nature of this program, its data retention policy for this program.

And for the legal history here, ISPs and web service providers have not suffered consequences for their compliance with all manner of requests and disclosures that would land a lawyer or a banker in a severe lawsuit.

In short, they do read your e-mail, my e-mail.

Your e-mail is read by all manner of servers and programs from your ISP, from the DNS, fire walls, etc.

Is there some tech sitting down to read them? No. But all manner of programs, security services are reading your e-mails. And this is where our present system of privacy and confidentiality breaks down. Your speech via an e-mail passes through so many 'hands' there are many points that your date might be made available.

If a concern is about disclosure to law enforcement. So far as I have found, not a single major ISP or mail provider has a court order requirement to disclose e-mails. That is spelled out quite well in their policies. If it is about whether some jack off is reading the e-mails to your wife. It is like filtering out one conversation in a crowded airport, you are safe.

Transparency Report: Government requests on the rise

[G]overnment demands for user data have increased steadily since we first launched the Transparency Report. In the first half of 2012, there were 20,938 inquiries from government entities around the world. Those requests were for information about 34,614 accounts...

The number of government requests to remove content from our services was largely flat from 2009 to 2011. But it's spiked in this reporting period. In the first half of 2012, there were 1,791 requests from government officials around the world to remove 17,746 pieces of content

KingGorilla wrote:

Stengah. Google scans all of your e-mails sent and received in order to tailor the ads that you receive. The text of your e-mails is scanned by a google program.

To date Google has not disclosed the full nature of this program, its data retention policy for this program.

And for the legal history here, ISPs and web service providers have not suffered consequences for their compliance with all manner of requests and disclosures that would land a lawyer or a banker in a severe lawsuit.

In short, they do read your e-mail, my e-mail.

Your e-mail is read by all manner of servers and programs from your ISP, from the DNS, fire walls, etc.

Is there some tech sitting down to read them? No. But all manner of programs, security services are reading your e-mails. And this is where our present system of privacy and confidentiality breaks down. Your speech via an e-mail passes through so many 'hands' there are many points that your date might be made available.

All information I was already aware of. I don't count a computer program scanning my emails to filter for spam/viruses/malware or searching for keywords to display tailored ads as "reading" my mail because the actual content of my mail isn't being read or retained. As for sharing the data they do get from my mail (such as knowing which words triggered which ads, my ip information, and all the other technical information they collect), one has to agree to that before they can use gmail, so it's not really a violation of one's privacy. I mean, I don't like it, but I agreed to it. My consent was given, so it can't be a violation of my privacy. The same goes for the filters/programs that scan my email. I had to agree to allow it before I could use Gmail, so it's not a violation of my privacy. If Google were to do something to my mail that wasn't covered by their privacy policy or terms & conditions, that would be a violation (provided they did it without adding it to their privacy/t&c pages first in compliance with the parts that cover changes to either).

Your question starts utterly loaded, to wit:

The electronic surveillance of the Internet is well established in the US, and yet, is it properly regulated?

Substitute 'assassination' and 'torture' in that sentence, and the ridiculousness of the position may be more apparent. Fundamentally, by that wording, you're perfectly okay with mass surveillance of citizens, you just think a few pieces of paper will magically make it okay.

Malor wrote:

Your question starts utterly loaded, to wit:

The electronic surveillance of the Internet is well established in the US, and yet, is it properly regulated?

Substitute 'assassination' and 'torture' in that sentence, and the ridiculousness of the position may be more apparent. Fundamentally, by that wording, you're perfectly okay with mass surveillance of citizens, you just think a few pieces of paper will magically make it okay.

I've never heard of the internet being assassinated or tortured by the government.

Also: calm down, he never said he was pleased with it, just that it is. Could you please stop telling people what they're "actually" saying? It's getting really tiring and leads to nothing productive.

I think the biggest hurdle is educating the voting public on the dangers of ideas like, "If you haven't done anything wrong, you don't have to worry," and "They're not coming for me." Better laws won't be written unless we vote in better legislators, and most internet users are not aware of the potential problems.

Malor, the only tools we have to fight electronic surveillance are pieces of paper, open source encryption software and open revolt. And disconnecting from the grid, I suppose.

I'm not personally educated enough to join the surveillance software arms race, and I have no rifle training, so my only weapons are my voice and my vote.

Your question starts utterly loaded, to wit:

Quote:

The electronic surveillance of the Internet is well established in the US, and yet, is it properly regulated?

Substitute 'assassination' and 'torture' in that sentence, and the ridiculousness of the position may be more apparent. Fundamentally, by that wording, you're perfectly okay with mass surveillance of citizens, you just think a few pieces of paper will magically make it okay.

Malor, this thread is not about torture or assassination; I have different takes on those, and this is a discussion thread, not a "here's my opinion, validate it" thread. And I've already told you that your assumption that I'm some kind of unconscious authoritarian is just a bizarre fantasy, a highly inaccurate read of what I've said here. I understand you won't take my word on my beliefs, strange as that is, but I just don't understand *why* you feel you have to constantly ascribe beliefs to me that I don't hold. Your insistence on mind-reading to create new, unintended, inaccurate readings is something you should really reconsider. It's really tiresome to have to correct you every. single. time. you decide to present me as some kind of nutbar.

If you don't like the thread, don't post in it.

Stengah wrote:

I had to agree to allow it before I could use Gmail, so it's not a violation of my privacy. If Google were to do something to my mail that wasn't covered by their privacy policy or terms & conditions, that would be a violation (provided they did it without adding it to their privacy/t&c pages first in compliance with the parts that cover changes to either).

Google has a pretty big ambiguity in their privacy policy and in their "disclosures" to governments and to the public. They have never stated their policy on law governing when a foreign government or entity requests information of its users-IE the Chinese Government requests information from an American E-mail address, or a the BBC requests the info of a Russian user. Their policy of disclosure, really all of the ISPs and web service providers is over broad, in my opinion. Their compliance with requests absent a court order, warrant, subpoena shows weakness. Google and Yahoo were just named in a large suit, I just found out, regarding this policy. This policy stretches to Google's DMCA policies as well.

These web service companies have shown an unwillingness to get involved in the legal ramifications of their processes and policies. They are overly complaint with media and government requests. And they spell this out in their policy on privacy. It could very easily say that without a court order, without a warrant, etc. that your information remains with them; but that is not what their policy states. And this speaks to how juvenile much of the internet still remains, even as many still depend upon it. Rather in areas of privacy, or intellectual property, the policy has been on insulation.

I am not saying that google has any of these duties. But rather that people make assumptions that they do. People make similar assumptions in that what they say to their plumber is just as confidential as what they say to a lawyer. What I am saying is that online information is a bit porous right now. The laws need to change for this to change. But in the interim the US or Chinese Government is no more evil than AT&T or Yahoo in creating that system in the absence of clear legal guidelines. Hell, we have only had the Miranda Warnings for arrests for 40 years.

KingGorilla wrote:

In short, they do read your e-mail, my e-mail.

Your e-mail is read by all manner of servers and programs from your ISP, from the DNS, fire walls, etc.

Is there some tech sitting down to read them? No. But all manner of programs, security services are reading your e-mails.

From a privacy standpoint, why should a computer count as having 'read' my e-mail anymore than a dog sniffing at my luggage counts as having 'searched' my bags?

The only regulation that needs to be done in this area is "you can't tap people's communications without warrants". Everything else after that is justification of mass surveillance, which cannot be justified.

CheezePavilion wrote:
KingGorilla wrote:

In short, they do read your e-mail, my e-mail.

Your e-mail is read by all manner of servers and programs from your ISP, from the DNS, fire walls, etc.

Is there some tech sitting down to read them? No. But all manner of programs, security services are reading your e-mails.

From a privacy standpoint, why should a computer count as having 'read' my e-mail anymore than a dog sniffing at my luggage counts as having 'searched' my bags?

Well there is not a government employee conducting these searches or scans (or however you want to classify it).

Dog sniffs and X-rays are a special class. Our high court has accepted in airports and borders a level of security not allowed within. For example, a dog can sniff around your car, you may have your care stopped and thoroughly searched at the border. If you are pulled over for speeding and these actions are done without your consent, these are unreasonable searches. 'Reasonable' changes based on context.

And again, what we have here is a private entity conducting the search, and then handing over information on government requests. The issue is not the search, the issue is not the government, is not google per se. The issue is a lack of guidelines forcing google into erecting a strong wall between our data and requests from BMI, or the US Government, or the Russian Government.

KingGorilla wrote:
CheezePavilion wrote:
KingGorilla wrote:

In short, they do read your e-mail, my e-mail.

Your e-mail is read by all manner of servers and programs from your ISP, from the DNS, fire walls, etc.

Is there some tech sitting down to read them? No. But all manner of programs, security services are reading your e-mails.

From a privacy standpoint, why should a computer count as having 'read' my e-mail anymore than a dog sniffing at my luggage counts as having 'searched' my bags?

Well there is not a government employee conducting these searches or scans (or however you want to classify it).

Dog sniffs and X-rays are a special class. Our high court has accepted in airports and borders a level of security not allowed within. For example, a dog can sniff around your car, you may have your care stopped and thoroughly searched at the border. If you are pulled over for speeding and these actions are done without your consent, these are unreasonable searches. 'Reasonable' changes based on context.

And again, what we have here is a private entity conducting the search, and then handing over information on government requests. The issue is not the search, the issue is not the government, is not google per se. The issue is a lack of guidelines forcing google into erecting a strong wall between our data and requests from BMI, or the US Government, or the Russian Government.

But my point is why are you anthropomorphizing a computer program when even a biological animal like a dog isn't considered the same as a human?

The only regulation that needs to be done in this area is "you can't tap people's communications without warrants".

I agree, that would be a great rule to have in place. Is it in place? Is it likely to be? Is it likely to be supported by the Constitution and the Supremes? How will that be more than just a piece of paper? What sort of oversight is needed to ensure that it's done right? How permeable is the barrier between law enforcement and intelligence, in this regard? Are the two inextricably linked, just because the tech is there? Or is work being done to keep them apart, and limit one or the other in it's reach? What does the decreasing cost of gathering and storing information on the Internet mean for privacy? What techniques exist to block ubiquitous surveillance? How would society change and adapt to that, if it came to be?

There's a lot to discuss here. Please note that on the one substantive thing you've posted here, we agree.

Well Cheeze, so far as I have seen even a dog is seen as a tool with people behind it. There is a good line of cases involving GPS, thermal imaging, laser microphones, etc. There is always the assumption that any tool has a human component involved. And ultimately it is that human component using and evaluating the data for the purposes of an indictment.

I am not sure if I am ready to say Google is the Fate Computer (Go read V for Vendetta). If we are getting into autonomy on the part of programs and technology, then this really is a brand new realm of investigation, monitoring, and prosecution. A dog always has a handler, a camera always has a person behind it (legally speaking). I think a closer analogy to draw is Web Service programs and remote cameras. You have traffic cameras, you have security cameras. The laws governing private and public cameras is very well established.

KingGorilla wrote:

Well Cheeze, so far as I have seen even a dog is seen as a tool with people behind it. There is a good line of cases involving GPS, thermal imaging, laser microphones, etc. There is always the assumption that any tool has a human component involved. And ultimately it is that human component using and evaluating the data for the purposes of an indictment.

I am not sure if I am ready to say Google is the Fate Computer (Go read V for Vendetta). If we are getting into autonomy on the part of programs and technology, then this really is a brand new realm of investigation, monitoring, and prosecution. A dog always has a handler, a camera always has a person behind it (legally speaking). I think a closer analogy to draw is Web Service programs and remote cameras. You have traffic cameras, you have security cameras. The laws governing private and public cameras is very well established.

That's the issue: it's a brand new realm. Let's think about what's involved before we just say a computer scanning through digital text is 'reading' it.

I am not seeing your basis for that Cheeze. I would love to see you explain it in greater detail, however. Other than scale, I am not seeing much difference between what we are speaking of now and the Telegram/Telegraph of the 19th and early 20th century.