The interview he's talking about [1] was posted here [2] and it really is extraordinary. I highly recommend watching all the videos—unfortunately, they carved it into pieces and you have to scroll down the page to get at them. But it's worth it. The transcript doesn't convey how dramatic the discussion was, or capture William Binney's muttered asides ("including content! including content!") or show the meaningful expressions on their faces, or how the others react as each one is talking. I found the whole thing riveting and I'm still surprised that USA Today put it together. Having all four of them around a table created something entirely more compelling than one-on-one interviews.
Edit: also, the transcript is incomplete and leaves out some of the best parts, such as Binney's story of how he called "Tom" (i.e. Drake, whose phone he knew was being tapped) to let the government know that he had evidence of malicious prosecution. Plus the endearing smile on his face as he points out that his prosecution was dropped after that.
USA Today should put up the whole unbroken discussion. Apart from the obviously important content and the obvious authoritativeness of the speakers, it's just a great piece of television—and it's not even television. It puts actual news TV to shame.
Binney's comment on the serial number of the Verizon order was great. I never caught the number when studying the doc. By his logic there were as many as 79 other orders to other companies this year.
It is the second video down on your link and about 4 min in.
Actually, today I learned Thomas Drake essentially got screwed out of his federal pension from his whistleblowing, and currently works in an Apple retail store in the DC suburbs. He has 4 sons who are approaching college age. Both Binney and Wiebe are retired (and presumably got their full pensions).
So, the ideal thing would be some kind of prize or other financial reward (or higher paying job) for Drake, or scholarships for his children.
Interesting that no one seems to be talking about what a treasure-trove such a storage system would be for organized crime and foreign intelligence services (such as China). Imagine if someone could compromise it and get to the same data. Doesn't seem all that far-fetched.
In fact, the Operation Aurora attacker were said to have accessed surveillance databases. But note that the root cause of this extraordinary vulnerability is the existence of the surveillance backdoors, rather than its public exposure.
Foreign intelligence services certainly have a far better picture of US intelligence capabilities than the American public. It is really of no help to them when NSA whistleblowers tell Americans "hey our government is illegally listening to your phone calls and reading your emails".
While the recent IRS disclosures of targeting Tea Party activists is deplorable, I'm still optimistic that it's the exception and not the rule in the US.
Criminals gaining this access is definitely plausible.
Foreign governments using it for oppression/retaliation is also very plausible.
I think the parent is slightly "better" in the followings senses. First, I think "surveillance state can be used to oppress citizens" is less novel a thought (though maybe I'm optimistic?). Second, yours presumes a corrupt government eager to secure its power, while parent presumes a corrupt individual eager to make money. While the former is not exactly remote, the latter is (I think) even more common.
What would it matter? Does the extra lead time make it somehow easier to crush a protest (since we are assuming a tyrannical government). I am pretty sure you could get drones airborne and shooting missiles at protesters pretty quickly with or without NSA wiretapping.
No that's not what you do. If you have enough time, first you insert some fool like Sarah Palin or Newt Gingrich into the movement, and slowly dismantle it from the inside (the Tea Party). If you need something quick, you insert a provocateur into the group that instigates some kind of violence that makes the whole group look stupid.
Or to predict elections. I'd recommend anyone running an election against a sitting president to encrypt all their email, probably with an encryption scheme not endorsed by NIST/NSA... or at a sufficiently high encryption level. Imagine preparing for a televised debate when you can access the competition's correspondence?
Why does NSA endorsement of an encryption scheme mean anything, after hundreds of thousands of man-hours have been spent auditing and attempting to break those systems?
Auditing is more important than origins. See also, Tor.
The days of DES S-boxes are behind us, and in fact, the NSA's meddling helped the security of that scheme, though that fact wasn't known until decades later.
I'm not an encryption expert. I didn't mean to start that argument, sorry. But personally, I would rather use encryption now that didn't originate in an NSA lab than one that did. But I believe Snowden that the NSA probably doesn't try to crack much good encryption, and they have a good time finding easier vectors to read encrypted data.
Anyhow, my main reason for making my comment above was just that if politicians really stopped to think how the surveillance can hurt them personally, instead of scoffing at us commoners who are under surveillance, they might start to change their tune. My first thought when hearing all this news was just a thought of Bush/Obama reading politicians' emails about senate/house bills before going around bargaining with them (or more realistically, some mid-level staffer getting at that info and then summarizing it so the top-level politicians' hands never get dirty).
That's what makes me surprised that both political parties are on board with this. It has the potential to make the Watergate burglaries look positively small time.
What, exactly, stops one political party from using this system against the other one? They're all up in arms about the IRS thing, but either party could very easily adapt a system like this into the most powerful opposition research tool ever known.
Even more interesting is that, with loose controls like these, we have to assume that enemy spies are able to see everything. So every other country with half-decent spies can just tap the whole country's communications and blackmail any and everyone in power with whatever they find using the systems we set up on our own.
"So every other country with half-decent spies can just tap the whole country's communications and blackmail any and everyone in power with whatever they find using the systems we set up on our own."
I'd imagine the spy world has already realized this, and we're already at a level of mutually assured blackmail. :)
I was about to say the same thing, but you said it much better.
In fact, I think this state of affairs by and large predates the digital age, which is why there are so many "gentleman's agreements" and semi-informal reciprocal codes of honour among intelligence organisations. They have their roots in the Cold War.
For instance, Russia's FSB recently received some opprobrium for revealing the identity of a CIA operative in Russia. It's not because the FSB doesn't know who they are; the FSB knows who they are, and the CIA knows that the FSB knows who they are, and they both know far more about each other's intelligence operations than we realise. It's just not the custom to come out and publicise this information.
"The idea that we have robust checks and balances is a myth."
Albeit to be taken with a grain of salt, this is what I was supposing: you cannot have such a huge organization working "properly" on a day-to-day threat-response basis without some "elastic" access control. Even less if you are a contractor like B-A-H.
This, in a private entity, is less dangerous. You can have a lot of sysadmins with some access to Google's data because the data is properly partitioned and especially because there are no "targets". When each individual is a target, it is too hard to get proper partitioning.
Also, Google's employees have little to no incentives to make those data "public." And I guess direct access to the real emails is pretty hard: Google's money is not there but in the analytics. So internal anonymization may be not only performed but even easy to do. And this is good for Google & its clients.
The biggest phrase that I see missing from the private vs government discussion is "monopoly on force".
The Federal government has the authority to create regulations, create laws, collect taxes, send people to your house to enforce those laws, remove/restrict your rights, sentence you to a prison term, send in armed officers to take down civilians groups viewed as dangerous, etc etc all the way to declaring full scale war. And, perhaps most importantly, the government has the authority to coherence third parties to cooperate in information sharing. Google will never be able to force Facebook to hand over their data, but the Federal government can force both of these parties to hand over their data to them.
The catch with having a monopoly on force is that your hands are supposed to be tied by the will of the people. There is a tremendous and intentional asymmetry in power. This necessitates an equally tremendous system of transparency, accountability and oversight.
I think once a day I hear "people willingly give all there data to facebook, why do they care if the NSA is listening", people need to understand what "monopoly on force" truly means.
I wouldn't be so sure about Google vs. Facebook. All they need to do is hire away the right person (or simply conduct corporate espionage themselves).
But as you mention, that monopoly on force is tied to the will of the people.
If the government were to use force in a way other than approved by the laws setup by the peoples' representatives then you're already talking about something much worse on the totalitarian continuum than phone metadata.
And at that point, once the law has no limiting effect on the government anyways they could setup things hundreds of times worse. But they would hardly need to, as they could manufacture evidence of supposed "crimes" if need be and carry out sentences of their choosing for any reason at all.
They would only need things like Prism for dissidents, and dissidents would already assume that things hundreds of times worse were in place and take defensive measures accordingly.
So you're right that the monopoly on force is dangerous, but it has always been so. That's why it requires that tremendous system of transparency, accountability and oversight that you mention.
But given that we're able to provide those controls in the first place (controls which we cannot enforce on private companies, btw!) it makes sense again to ask the question of whether programs like these are both reasonable and effective, whether they can be properly supervised, and if so whether current systems are "proper supervision".
"Monopoly on force" is a warning about government, not the NSA. And especially not in the context of knowledge, where the government is mostly far out of its league compared with the private sector, and it's only getting worse.
I disagree. The impact of Facebook being discovered stealing data from Google systems is complete and utter destruction of the company, Enron-style.
The real danger of programs like PRISM, outside of abuse of power by the executive branch, is access to the data leaking from the national security realm to the normal law enforcement channels. The data collected by commercial entities is dangerous because unlike NSA stuff, its just a subpoena away from any police department.
Interesting video with Binney who says they would've stopped every terrorist attack, including 9/11 had they used a simple technique him and his team outlined which he referred to as a "two degree principle".
He said its a myth they need all the data to make the connections in order to catch terrorists.
It's been purported here that the media is coloring its reporting to paint Snowden in a bad light. But when the bias favors Snowden, everyone looks the other way. For instance, they conveniently left out any mention of this quote by Binney:
"But now he is starting to talk about things like the government hacking into China and all this kind of thing. He is going a little bit too far. I don't think he had access to that program. But somebody talked to him about it, and so he said, from what I have read, anyway, he said that somebody, a reliable source, told him that the U.S. government is hacking into all these countries. But that's not a public service, and now he is going a little beyond public service.
"So he is transitioning from whistle-blower to a traitor."
I read the transcript to this interview a few days ago, before Snowden did his recent Q&A session. In that session he seemed to directly address the charge of being a traitor, he said:
"Second, let's be clear: I did not reveal any US operations against legitimate military targets. I pointed out where the NSA has hacked civilian infrastructure such as universities, hospitals, and private businesses because it is dangerous. These nakedly, aggressively criminal acts are wrong no matter the target. Not only that, when NSA makes a technical mistake during an exploitation operation, critical systems crash. Congress hasn't declared war on the countries - the majority of them are our allies - but without asking for public permission, NSA is running network operations against them that affect millions of innocent people."
A traitor is someone who says "Hey China, we are hacking you and here is how." Someone who says "I have heard/read that the US is trying to hack China" is everyone on the internet. At worst that is libel.
Binney also said he should be prosecuted... 'after all the leaders of the previous administration...after the current administration.. and the leaders of the NSA, in order, then perhaps Snowden', so I don't think your quote above out of context really does his views justice.
Personally, I think Binney has a difficult time speaking and, if he had written out his response, would have chosen a different word than "traitor," just based on the way he stuttered and struggled to complete that sentence.
I think you're right, and I think grey-area's quote (https://news.ycombinator.com/item?id=5902353) is probably more indicative of Binney's view. But his tentative way of speaking is for me one of the things that makes him both charming and compelling. I may be naive, but he strikes me as a decent person. (Actually, all four of them did.) I also love how Binney can't help but blurt out what goes through his mind sometimes, and the geeky passion with which he launches into his plan for how to do things better, if anyone expresses the least interest.
The major problem with the IRS is that is handicapped by law and politics from doing it's job. There's an insane amount of capital sitting in offshore accounts that probably should have been taxed. Loopholes for the big players are crazy.
If the law prevents the capital from being taxed, such as loopholes, then those laws are not handicapping the IRS in any way as the practice is perfectly legal. The IRS has no standing to do anything pertaining to that capital in the first place. If the capital should have been taxed and hasn't, then that implies law-breaking that's a bit beyond what involves just the IRS.
But you are correct about the politics, as it is politics that creates the loopholes to begin with. But that's a matter of annoyance, not illegality.
Tax loopholes are usually used in the context of money that was intended to be taxed but cannot be due to technical reasons, such as language of the law or inability for the IRS to execute enforcement of the tax.
If the loophole exists because of the law then the practice is perfectly legal and therefore that money was not intended to be taxed in the first place. In that case there's nothing to prevent the IRS from doing something because there's no reason for them to do anything at all.
If the IRS is unable to execute enforcement of the law concerning taxation then that's not a loophole, it's likely a criminal act. That would imply that something could possibly change in the future that would no longer prevent the IRS from collecting the tax, with penalties.
I see these two as completely separate things.
People need to get out of this mindset that the big companies are using loopholes in the tax code to cheat the government out of tax revenue. If the loophole exists due to the law then there is no cheating, just bad law. Public companies are practically obligated to reduce their tax liabilities as much as possible and if the government gives them the abilities to do so, then why is that the company is considered the evil entity in the matter? They are simply doing exactly what the government and the law has told them they are obligated to do.
The IRS has been put in an impossible position by the current state of election laws, which allow the creation of a variety of different types of special political organizations, each of which has different disclosure, tax, and spending restrictions.
Maybe all right-thinking (as in clear headed, not right vs left politics) Americans should dispense with the corporate duopoly presented to us by both the GOP and the Democrats.
You're 100% right, but you can't win on 3rd party in the US and even if you did your options are people like Ron Paul (good with many policies but dangerous on others).
The best is to do exactly what the GP said: invade a popular existing party. Though, my choice would be the republicans because I anticipate backlash against the dems in the next election cycle.
Odd they referred to these other whistleblowers as "Former NSA Employees" in the headline. It seems disingenuous to leave that out of the headline, but then I suppose "Fellow NSA Whistleblowers Praise Newest Whistleblower..." probably doesn't sound as interesting.
It actually makes more sense to mention just "Former NSA Employees" as they were not whistleblowers per se. They went by the book and never went public the way Snowden did.
I would find it really interesting if some employees at companies like Google, Microsoft, etc would come forward and corroborate Snowden's claims as well. At some point, SOME engineering work was involved on their side to make it happen, and there is likely documentation. I would love to see design documentation on how the collection systems work so we can confirm exactly the government has automated access to.
In another thread some Google employees were saying that it's unlikely that Google has a secret backdoor system, since keeping products of any size online requires a lot of collaboration amongst the different teams, and the infrastructure changes so often anything that was at one point installed would be broken by now.
Yeah, my point is, we don't really know what the scope is -- we have Snowden's word and some slides that mention direct access to servers. But the engineers who worked at the companies and performed the integrations know and probably have evidence if it was just standing up a box they scp'd data to manually upon request, or a more elaborate automated system. If some of those people would step forward with evidence, we could could confirm or refute Snowden's claims.
But the minute some Google (or Facebook, etc) engineer mentions some slight detail about how that access works, you will have half the Internet trying to break it.
Although that would be kinda fun....
I've deployed a large Office 365 system. It has the capability built in to do ediscovery searches across any item in the system, and can do so without the knowledge of the end user. The organization I'm familiar with audits employee emails that meet certain criteria. Google has e same capability.
Providing a "back door" to those systems is a simple as defining a user role.
I'm not sure how large your "large" Office 365 system is, but I'd hazard a guess it's half a dozen orders of magnitude smaller in size and complexity than Google's systems.
Also, for criminal matters law enforcement has been able to obtain search history from Google with a search warrant. So they have the ability to search search history, which is a dataset several orders of magnitude larger in size & scope than GMail.
If you seriously believe that Google doesn't have the capability to perform discovery on the public facing GMail, that's fine, but the capabilities that Google has in production today suggest that your belief is not quite correct.
I think the lack of photos is intentional. If I were him, I'd make sure everyone thinks I look a certain way and not give evidence of a variety of ways I could look.
He's also said repeatedly he wants the focus to be on his disclosures and the wrongdoing; NOT on him, how his girlfriend looks, etc. Using the same boring picture over-and-over is probably what he wants and appreciates.
On facial recognition: my understanding is that in addition to using data points that are relatively easy to change with makeup or surgery (cheekbone height, nose, etc), they use some that are not such as eyeball distance. However, could the eyeball based datapoints be tricked with specially crafted lenses in glasses frames?
But they could pass a law prohibiting the covering of your face like in France. "The French ban on face covering (...) is an act of parliament passed by the Senate of France on 14 September 2010, resulting in the ban on the wearing of face-covering headgear, including masks, helmets, balaclava, niqābs and other veils covering the face in public places, except under specified circumstances.
Edit: also, the transcript is incomplete and leaves out some of the best parts, such as Binney's story of how he called "Tom" (i.e. Drake, whose phone he knew was being tapped) to let the government know that he had evidence of malicious prosecution. Plus the endearing smile on his face as he points out that his prosecution was dropped after that.
USA Today should put up the whole unbroken discussion. Apart from the obviously important content and the obvious authoritativeness of the speakers, it's just a great piece of television—and it's not even television. It puts actual news TV to shame.
1. http://www.usatoday.com/story/news/politics/2013/06/16/snowd...
2. https://news.ycombinator.com/item?id=5891101