If The NSA Doesn't Know How Its Systems Are Used, Then It Can't Know They Haven't Been Abused
from the because-they-have dept
We've already pointed out that, for all the talk from NSA defenders that there have been almost no abuses of the system because of these supposedly foolproof "audits," none of those audits caught what Ed Snowden did, and it appeared that around 1,000 other people had the same sort of access that Snowden did. If anyone thinks that Snowden was the only one who used it to access documents he wasn't supposed to, that seems tremendously naive.As Zeynep Tufekci notes, anyone who claims that the NSA's data hasn't been misused would have to know more about the NSA's system than the NSA does, since they don't seem to have a way to make sure it wasn't abused.
Given this reality, can anyone truly deny the possibility that a malevolent Snowden or a foreign government that might have placed a sysadmin mole into NSA has NOT scooped up personal information on influential and important politicians and is now (or will in the future) blackmailing them? Can we be sure that there is not already massive “unauthorized” snooping at lower levels? There is already a whistle blower who claims Barack Obama was wiretapped by the NSA along with a whole number of high-level US politicians. The possibilities for mischief—ranging from the small potatoes cases of scorned lovers to significant political and personal blackmail and deep privacy violations—is vast. And the scary truth is that nobody really knows for sure what has already happened, nor can anyone claim or guarantee that it won’t. Not the pundits, not the NSA itself, and not any individual sysadmin because, as I’ve already argued, digital unknowns can stay buried forever if tracks are covered with expertise and root access.This, right here, is a key part of the problem. If there has been abuse (beyond what's already been reported), we probably wouldn't even know about it because the only ones who do know about it are those involved. And that's what's so scary here. The defenders of this system seem to have astounding and naive levels of trust that everyone working for them is trustworthy when that's almost certainly not true. The system itself is broken, and the claims from its defenders aren't unbelievable because they're unbelievable, they're unbelievable because what they're saying is impossible.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: abuse, nsa, nsa surveillance
Reader Comments
Subscribe: RSS
View by: Time | Thread
One is to go get it. This is hard. It's expensive. It's tedious. Sometimes it's risky. It's a pain in the ass.
The other is to wait for someone else to go get it, and then copy it from them. Often much easier, cheaper and expedient.
The NSA has spent tens of billions of US taxpayer dollars making the second alternative vastly more attractive to every other country on earth. After, if a junior contract system administrator can walk out the door with a big bundle of goodies, what could a senior, trained, full-time employee who's spent twenty years gaining access go home with?
[ link to this | view in thread ]
[ link to this | view in thread ]
Same reasoning applies to Google and Facebook.
Ties and payoffs go deep and are WEIRD. For instance, here's the Pentagon fighting against NASA subsidizing Google billionaires!
Google Jet Fleet Loses a Pentagon Fuel Perk
http://online.wsj.com/article/SB10001424127887323864604579069730686941454.html?mod=WSJ_hpp_M IDDLENexttoWhatsNewsForth
Spying is the main 'business model' of the internet, especially for Google and Facebook.
[ link to this | view in thread ]
Re: Same reasoning applies to Google and Facebook.
You can opt out of using google and facebook, you cannot opt out of NSA/government surveillance.
[ link to this | view in thread ]
Re: Re: Same reasoning applies to Google and Facebook.
Also, the government has guns and jails. Google/Facebook do not.
These things kind of matter.
[ link to this | view in thread ]
As has been mentioned over and over, Google is a choice that won't lock you up or shoot you if you chose not to use them. The government and its agencies give you no such choice.
I wonder sometimes if this database was not purposely designed this way to cover the tracks of those intending unofficially to use it in this very manner. I suspect the phrase that Gen Alexander gets what he wants might just have hidden depths to it. Not that he necessarily used it but someone in the background with less visibility very well could.
[ link to this | view in thread ]
Blackmail is a powerful tool, especially if trying to influence politicians where reputation is everything.
Or Blackmail newpaper editors.... the list goes on.
[ link to this | view in thread ]
And the same is true of every enterprise that employs more than one person. If several people must have access then the data are not secure.
[ link to this | view in thread ]
Re: Re: Same reasoning applies to Google and Facebook.
let us know
[ link to this | view in thread ]
The chosen ones
It must be odd, knowing you are one of a select few, with powers and abilities coveted by so many other powerful people.
[ link to this | view in thread ]
you have the following trackers/scripts/beacons on this page:
google
google +1
facebook
facebook connect
twitter
nativo
quantcast
reddit
repost.us
rp-api
double-click.net
gravatar
scorecar dresearch.com
quantiserve
...and that's just the first level that I can see without allowing them to run past NoScript, Ghostery, and RequestPolicy. often these things call in there friends when they're run...
If a person doesn't proactively protect their privacy, they can't even read Techdirt without being spyed on by google and facebook, and all those other companies.
Google is not bound by law to honor a request to not track, and you have to give them your information just to make that request. Requesting not to be tracked 'opting out', could actually help them track you.
Mr Masnick, I love your writing man, in fact you're one of my favorite journalists ever- and I understand this analytics stuff helps techdirt pay the bills and know what to write about. I sincerely appreciate that techdirt doesn't require the use of the scripts/beacons to read. You would lose me as a reader if it did.
When people say something so absurd and meaningless as 'you can opt out of google/facebook'- you shouldn't just hand wave at it. You know better, don't you? The (frankly suspicious as its often unsolicited and off topic) statement is ignorant, misleading, and that attitude is really part of the problem. Subverting corporate surveillance is a PITA and breaks a lot of the Internet. there is no meaningful 'opt out'. There is 'I refuse to run your scripts on my machine, to store your beacon gifs/content in my cache, or to respond to your marketing servers' and by technical means even those actions can be tracked by IP.
[ link to this | view in thread ]
or if they have!!
[ link to this | view in thread ]
Re: Re: Same reasoning applies to Google and Facebook.
[ link to this | view in thread ]
Re: Re: Re: Same reasoning applies to Google and Facebook.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
If The NSA Doesn't Know How Its Systems Are Used, Then It Can't Know They Haven't Been Abused
[ link to this | view in thread ]
Re: Re: Re: Re: Same reasoning applies to Google and Facebook.
Since when can security guards put people in jail?
[ link to this | view in thread ]
Re: Re: Re: Same reasoning applies to Google and Facebook.
You can opt out by not using their services, unless you're arguing that Facebook and Google are spying on people who don't even use Facebook or Google. If that's the case, I would be interested to see any evidence for that.
[ link to this | view in thread ]
Re:
So they're not running. So what's the problem?
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Potentially Bigger Issues
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Re:
I haven't heard that one before. Is there really a risk to the host?
[ link to this | view in thread ]
"So they're not running. So what's the problem?"
I applaud techdirts decision not to require them, not all sites do this- that's part of the problem. The main problem is that most people don't understand that this is being done, they don't understand when they read a website they're also telling a dozen data mining companies what/when they're reading on that website. This is not at all an intuitive relationship.
"You haven't seen that rant of hers (you'll have to search for it) in which she declares that Google and FB are fronts for the NSA."
I never said that they are Fronts- that's plainly absurd. But I was ranting, which could be why you missed what I did say. Sorry for that. They are legitimate business's, their data mining makes business records, and those records are fair game to (or are just, flat out sold to) the intelligence groups- ergo they "effectively" do alot of spying that those agencies would not be legally allowed to do on their own. I don't see how that could be considered being a front, as those actions have nothing to do with the companies reason for existing. It's a symbiotic relationship, not exclusive.
Basically, by using 3rd party business records (in which you have no expectation to privacy) the gov is able to subvert it's own laws which are meant to function as checks and balances. This is a breakdown of the system. It allows toothless laws, and lie-less lies- loopholes and subversion.
Datamining and profiling themselves are not intrinsically bad or good- they are simply very powerful tools. They can and will do both great harm, and great good- it's not one or the other, it's both. It's a very difficult line to draw as to what's acceptable and not- and objectively, external factors are what really make up the paradigm of consequence.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Same reasoning applies to Google and Facebook.
[ link to this | view in thread ]
Re:
Spoken like someone new to the conversation that hasn't taken the time to learn the stances. You can still avoid using even these hidden services by just a tiny bit of computer savvy. The easiest is using such add-ons as NoScript, which lets nothing run unless you explicitly allow it.
[ link to this | view in thread ]
It seams like you didn't actually read what I wrote. I can't understand why else you'd say that. My aforementioned rant is in the 'latest casualty of nsa spying: advertising based tracking' comments= the core of the post is on how to subvert corporate surveillance. Please enlighten me on these 'stances' if you read my post and still feel that way.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Same reasoning applies to Google and Facebook.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Same reasoning applies to Google and Facebook.
Buy them off to get out of something maybe. Pay them to arrest someone innocent? I've never heard of that happening the US. I'm sure it has somewhere but it doesn't sound like something that's common or that just any wealthy company or individual could do.
[ link to this | view in thread ]