To act as devil's advocate (or advocate) to the point made in my own post, the concern would be that excessive security measures ultimately decrease security (and privacy). If we're using backdoors or analysis of centralized repositories of user data to detect attacks, not only are we hurting anonymity but we're making our network less secure (and private) as well.
Again, I don't entirely agree with his line of thinking, but it's not about "real names". Suppose, as a matter of network security, you were analyzing packets entering or leaving your network and comparing them against historical records of network data. This would enable you to detect security anomalies but also raises privacy concerns.
By way of analogy, it's sort of like saying, "I want to be able to access my grandma's e-mail to make sure she didn't reply to some identity theft scam." The goal isn't to find real names, but to detect unusual behavior. Creepy and paternalistic? Yes. But not about real names per se.
How Coviello arrives at the conclusion that anonymity is damaging privacy isn't exactly clear. It may be the enemy to security (or at least, unhelpful to retributive actions), but the online anonymity shielding crooks doesn't threaten users' privacy, at least not directly.
I don't entirely agree with him, but the point he's trying to make is pretty straight-forward actually: Anonymity decreases security. Without security, criminals (or the NSA) can break in and access your private information. That's bad for privacy.
This sort of belies Snowden's claims that he carefully vetted materials going out to journalists for things for things that might affect national security. The rationale for Snowden doing public was that the U.S. was conducting illegal surveillance on its own citizens (something that violates the NSA's mandate and raises 4th Amendment issues).
In contrast, spying on the French or the Germans may be a bad idea, but it's not illegal or unconstitutional. It's part of the NSA's job to spy on foreign leaders (even our allies). It's one thing to whistleblow on illegal behavior. It's another to release classified information because you have a policy disagreement.
Proper channels typically means "up and out" -- the problem being "up" often means reporting to the problematic party to begin with. Not sure what a proper "out" channel would be, but I wonder if giving government contractors a way to bring cases directly, discreetly, and pseudonymously to the judiciary would work.
Because not all laws are written this way -- many laws still include concepts such as "reasonableness" or "substantial evidence", which permit a fair degree of judicial discretion.
Judges also decide what to do if you have two laws that are otherwise clear but contradict each other when presented with a particular test case (that wasn't anticipated at the time the law was drafted or "encoded").
Re: Re: Re: Re: Re: Who is really the zombie here?
Because natural language processing isn't quite there yet and the the law isn't (yet) written in a machine-readable format (although there are attempts to do this -- take a look at https://github.com/mpoulshock/hammurabi)
What part of this is outright cronyism vs. regulatory capture? I know plenty of people who could build healthcare.gov quickly, reliably, and cheaply, but I've also seen plenty of government contracts. Those things can be monstrous, and there are plenty of qualified individuals unable to work on healthcare.gov solely because they couldn't (or wouldn't) want to comply with all of the government's rules. Imagine if you had to do a cost-benefit analysis or choose the lowest bidder on every sub-component of your system. Ugh.
Our PERSONAL information, unless we knowingly give it out for use in some kind of study, is NOT information that "wants to be free."
YOU (and I) personally don't want such information to be free, but it happens. Information wants to be free is not a normative statement about what should happen but what does happen.
A substantial amount of the information that triggers the Streisand effect is "personal", yet we see how well efforts to control that go.
It might be wasted type but you're aware that prior to the NSA being directed to subvert the order that the order was no domestic surveillance, correct?
Yes, but it didn't work. And there's no easy way to enforce it. Or know when it's being violated.
One thing that gets tossed around a bit here but is missing from the privacy discussion: Information wants to be free. What doesn't that apply to information we want kept secret from the NSA?
We usually use that phrase in the context of paywalls or DRM. But it's absolutely relevant here as well. Even if we didn't explicitly bargain for the NSA to see our private information (much as content holders don't bargain for their content to be shared outside of the original licensee), anything we put on the Internet can and will make its way out to them if they truly want to see it -- if not be the NSA, then surely by a foreign government which owes us even less accountability than the NSA (if such a thing is possible).
That doesn't me we have to condone domestic spying, much as we can recognize piracy happens without condoning it. But it does suggest that attempts to keep information private are a temporary stop-gap at best.
I'd argue that a better place to draw the line is not "what does the government know?" but rather "what can the government do with what it knows?". It's hard to control the flow of information, but it is (somewhat) easier to recognize and prevent certain conduct. I'm not sure what those conduct-based lines would be, but the DEA's prosecution of drug-based offenses based on NSA intel definitely fall on the wrong side. Privacy is a part of civilized society -- but not all aspects of civilization can be legislated. IMHO, our efforts are probably better directed at identifying specific harmful acts we want the government to refrain from, rather than a blanket ban on domestic surveillance.
The problem with the trade-off analysis is that it trivializes the issues of privacy somewhat. If we're OK with sharing private information as part of an exchange for services, but disapprove of that information being acquired without our consent, that implies that what the NSA is doing is equivalent of taxation without representation (or inadequate representation).
That's an important issue for sure -- one important enough to have started the American Revolution -- but I don't think that's the harm people are thinking of when the NSA spies on them. For example, the CIA spends all sorts of taxpayer money on secret gadgets, many of which probably have questionable benefits for national security. But that doesn't invite the same type of outrage that Snowden's revelations did.
This actually makes sense if you accept the basic premise of the NSA's argument re privacy -- there is nothing wrong with collecting information so long as we don't act on it in an inappropriate manner. By way of analogy, Google's collection of Wi-Fi data via StreetView was incorrect, but ultimately harmless since it deleted the data collected without sharing or doing anything with it. The fact that it's happening 1000s of times is meaningless if you consider each violation unimportant (1000 times nothing is still nothing).
The more damning argument, IMHO, is the revelation that the NSA data is, in fact, not merely being improperly collected but improperly used against U.S. citizens. Specifically, there is no reason for NSA data to be shared with the IRS or the DEA, no matter how broad a definition of national security you throw out there. Full stop. But it is. And that's wrong even under the NSA's rules.
This reminds me of early Chinese filters where they would ban references to dates (June 4 -- the date of the Tiananmen Square protests), which only served to make otherwise non-subversive Chinese citizens curious why the censors were flagging invitations to get coffee on June 4.
The analogy to computer security isn't applicable here. Transparency works well for "defensive" security because everyone with an interest in maintaining that security can find and fix exploits.
The NSA's job is not (purely) defense. It is offense. Its objective is to exploit holes in the security of its targets to collect signal intelligence. Revealing those exploits ahead of time would be counter-productive.
That said, where the NSA is involved in less offensively oriented activities, it has been surprisingly open. See, e.g., the open source Accumulo database.
On the post: Head Of Computer Security Firm Says Anonymity Is The Enemy Of Privacy
Re:
On the post: Head Of Computer Security Firm Says Anonymity Is The Enemy Of Privacy
Re: A total fantasy.
By way of analogy, it's sort of like saying, "I want to be able to access my grandma's e-mail to make sure she didn't reply to some identity theft scam." The goal isn't to find real names, but to detect unusual behavior. Creepy and paternalistic? Yes. But not about real names per se.
On the post: Head Of Computer Security Firm Says Anonymity Is The Enemy Of Privacy
I don't entirely agree with him, but the point he's trying to make is pretty straight-forward actually: Anonymity decreases security. Without security, criminals (or the NSA) can break in and access your private information. That's bad for privacy.
On the post: Yelp Reviewers Launch Class Action Lawsuit Claiming They're 'Unpaid Employees'
On the post: NSA Urged US Officials To 'Share Their Rolodexes' So NSA Knew Phone Numbers Of World Leaders To Track
Snowden
In contrast, spying on the French or the Germans may be a bad idea, but it's not illegal or unconstitutional. It's part of the NSA's job to spy on foreign leaders (even our allies). It's one thing to whistleblow on illegal behavior. It's another to release classified information because you have a policy disagreement.
On the post: Former Federal Prosecutor Accuses DOJ Of Retaliatory Acts For His Refusal To OK An Illegal Search And Seizure
Re:
On the post: Ohio Zombie-Man Confirmed Dead By The Court He Personally Attended
Re: Re: Re: Who is really the zombie here?
Judges also decide what to do if you have two laws that are otherwise clear but contradict each other when presented with a particular test case (that wasn't anticipated at the time the law was drafted or "encoded").
On the post: Ohio Zombie-Man Confirmed Dead By The Court He Personally Attended
Re: Re: Re: Re: Re: Who is really the zombie here?
On the post: Why Healthcare.gov Sucks? Because They Hired Political Cronies, Not Internet Native Companies To Build It
Regulatory Capture
On the post: Privacy Is A Part Of Civilized Society: There's No Defense For Having It Taken By Force
Re: Re: Information Wants to Be Free
YOU (and I) personally don't want such information to be free, but it happens. Information wants to be free is not a normative statement about what should happen but what does happen.
A substantial amount of the information that triggers the Streisand effect is "personal", yet we see how well efforts to control that go.
On the post: Privacy Is A Part Of Civilized Society: There's No Defense For Having It Taken By Force
Re: Re: Information Wants to Be Free
Yes, but it didn't work. And there's no easy way to enforce it. Or know when it's being violated.
On the post: Privacy Is A Part Of Civilized Society: There's No Defense For Having It Taken By Force
Information Wants to Be Free
We usually use that phrase in the context of paywalls or DRM. But it's absolutely relevant here as well. Even if we didn't explicitly bargain for the NSA to see our private information (much as content holders don't bargain for their content to be shared outside of the original licensee), anything we put on the Internet can and will make its way out to them if they truly want to see it -- if not be the NSA, then surely by a foreign government which owes us even less accountability than the NSA (if such a thing is possible).
That doesn't me we have to condone domestic spying, much as we can recognize piracy happens without condoning it. But it does suggest that attempts to keep information private are a temporary stop-gap at best.
I'd argue that a better place to draw the line is not "what does the government know?" but rather "what can the government do with what it knows?". It's hard to control the flow of information, but it is (somewhat) easier to recognize and prevent certain conduct. I'm not sure what those conduct-based lines would be, but the DEA's prosecution of drug-based offenses based on NSA intel definitely fall on the wrong side. Privacy is a part of civilized society -- but not all aspects of civilization can be legislated. IMHO, our efforts are probably better directed at identifying specific harmful acts we want the government to refrain from, rather than a blanket ban on domestic surveillance.
On the post: Privacy Is A Part Of Civilized Society: There's No Defense For Having It Taken By Force
Trade Off = Taxation
That's an important issue for sure -- one important enough to have started the American Revolution -- but I don't think that's the harm people are thinking of when the NSA spies on them. For example, the CIA spends all sorts of taxpayer money on secret gadgets, many of which probably have questionable benefits for national security. But that doesn't invite the same type of outrage that Snowden's revelations did.
On the post: DailyDirt: Who Cares if You Went To A Good School?
Re: The 1% like Mike who went to the Ivy League care.
Sorry, couldn't help myself.
On the post: California College Tells Student He Can't Hand Out Copies Of The Constitution On Constitution Day
Re: Re: Re:
http://en.wikipedia.org/wiki/National_Socialist_Party_of_America_v._Village_of_Skokie (neo-Nazi march in a Jewish community protected)
http://en.wikipedia.org/wiki/R.A.V._v._City_of_St._Paul (law against cross burning unconstitutional)
http://en.wikipedia.org/wiki/Snyder_v._Phelps (Westboro's picketing a funeral protected)
On the post: Tech Companies Speak Out About NSA Encryption Breaks And They're Not Happy
Context
Also worth noting is that most, if not all, of the "breakthroughs" by the NSA can merely be described by exploitation of publicly known vulnerabilities in encryption. http://arstechnica.com/security/2013/09/of-course-nsa-can-crack-crypto-anyone-can-the-question-is-ho w-much/
On the post: NSA Defender Claims Thousands Of Abuses By NSA Shows 'The System Is Working Well'
Makes Sense
The more damning argument, IMHO, is the revelation that the NSA data is, in fact, not merely being improperly collected but improperly used against U.S. citizens. Specifically, there is no reason for NSA data to be shared with the IRS or the DEA, no matter how broad a definition of national security you throw out there. Full stop. But it is. And that's wrong even under the NSA's rules.
On the post: Prime Minister David Cameron: Google, Bing and Yahoo! 'Enable' Child Porn
Re:
On the post: Discovering Names Of Secret NSA Surveillance Programs Via LinkedIn
Re:
On the post: US Officials Realizing That Snowden May Have Copied Info On Almost Everything The NSA Does
Re: Re:
The NSA's job is not (purely) defense. It is offense. Its objective is to exploit holes in the security of its targets to collect signal intelligence. Revealing those exploits ahead of time would be counter-productive.
That said, where the NSA is involved in less offensively oriented activities, it has been surprisingly open. See, e.g., the open source Accumulo database.
Next >>