Around San Francisco this week, some were seen sporting Electronic Frontier Foundation T-shirts featuring a retooled N.S.A. logo with an eagle using its talons to plug into the American telecom network, symbolized by AT&T. Asked about the T-shirts, one AT&T executive, who asked not to be named, said they had a chilling effect.
“There are many of us at AT&T who are disturbed by what we’ve been hearing about the N.S.A.,” this person said. “But when you see that,” he said, pointing to the T-shirts, “a conversation becomes impossible.”
----
The conversation became impossible when your company decided to willingly give up everything and anything about its customers for a fee. Were it not for customer apathy, I'd like to think your entire shitty company would have been fucked out of existence by now for what they continue to do. But not really, because your company probably would have just been given a bailout for failing at everything but sucking government dick.
Fuck you nameless executive. I wish I could request anonymity as easily as you can. Your shitty company brought this upon itself and there is nothing to discuss until it stops being the NSA's bitch.
“But when you see that,” he said, pointing to the T-shirts, “a conversation becomes impossible.”
This is the attitude of someone that has already decided to perpetuate the status quo, being reminded of the fact his position does not stand up well under public scrutiny. The conversation is impossible now because it always was. Or rather, it was highly unlikely to happen, even less likely to change anything, and only possible at all for the most hair-splitting of reasons.
I see this kind of rationalization up close so often I'm uncomfortable with how little it makes my blood boil anymore. A public revelation puts egg on someone's face, they bellyache that if the problem was brought to them properly they could have fixed it. It relies on two assumptions that for any instance of this at least one of is blatantly false. A) The exec wasn't aware of the issue already, and happy to keep it going so long as public doesn't find out and B) that the person who just went public not only could have somehow gotten a conversation with him in private, but would have been able to change his position.
We were TOTALLY planning on having a fair and balanced conversation with you, and listening to everything you had to say, and telling you the truth. But those darn T-shirts have ruined everything, by hurting our feelings. Now there can be no conversation, because our feelings are hurt, and we are totally disappointed that you've forced us to refuse to have the conversation we were really looking forward to having! And it's all the fault of the mean people wearing those conversation stopping T-shirts.
Yes. A conversation was possible for the decade before Snowden leaked. Those who could have initiated it, from the government to these companies, did not do so. Bemoaning the inability to have a conversation -now- is really just bemoaning the inability to sweep everything under the rug as people demand substantive change.
Hell, those criminals were even granted immunity for their crimes. Forward immunity by letter 2511, and retrospective by the FISA Amendments Act of 2008.
And just because the DOJ and the gov say it's legal does not mean it's legal per se.
This is the first thing that crossed my mind. Ten years ago we could have had a conversation. AT&T and NSA decided we shouldn't. What exactly is it to talk about now?
Also, no matter how much we dislike such arguments, there's no such thing as "many of us at AT&T were disturbed by what we've been hearing about the NSA". The people who work for AT&T are AT&T. They all share the burden of what AT&T did.
This isn't some insensitive, extremist whining. I know, from personal experience, how hard it is to reflect on the ethics of the bigger picture you fit in. I'm not insinuating we should now start lynching AT&T employees, since we can't get at the bigger fish. However, a lot of employees who are disgruntled at the social and ethical behaviour of their company actually have an option to leave; this would be a correct approach, not complaining about not being able to talk to bystanders.
"Collective" responsibility is, by no means, absolving of personal responsibility. Even AT&T imply it on their careers page:
> At AT&T, we’re connecting the world like never before. Ready to get in on the action? Together we’ll do great things.
An AT&T staffer giving me a data center tour circa 2006 told me only one of the VPs knew who the client was for one of the areas in the room. What is a staffer going to do to influence that kind of situation?
Switch jobs. AT&T wouldn't be a top partner for the NSA without competent people.
This isn't an option for a lot of people; the folks doing tech support or working in the shops and barely get along on minimum wage don't have that option. The decision makers and tech leads do.
I'm not talking out of my ass. I have resigned from a very well-paid position because of ethical reasons, and there was far, far less at stake than general privacy matters.
Say that they should know who they're doing business with? Ask why they're hiding something important from their colleagues? Switch jobs to a company that actually trusts their employees?
About the t-shirts, perhaps that is how Snowden got away with it. He was wearing one of those t-shirts at work, so they were unable to ask him what he was doing due to the impossibility of having a conversation.
good point. I think this also highlights a possible solution to the privacy debate. Let's all wear these tshirts, maybe they'll be unable to listen to us.
Right, everything was possible until some goon made a t-shirt and wore it on the street. That was what killed our chances of recovering from this thing. What a piece of shit.
The object lesson of another RBOC's CEO, Joseph Nacchio, gives me a lot more sympathy for AT&T and company. Was it wise to fight this way back then if the cost was a Federal felony conviction and prison?
Now things have changed, and it's starting to be appropriate to pressure AT&T and company to Do The Right Thing.
I think the stakes of speaking out have been raised. Five, six years ago you risked felony and prison. Today, you risk being labeled an enemy combatant, or even worse, a traitor to the nation (facing execution). The US government has sent a very clear message - if you have direct knowledge of the way the surveillance is being expanded, and speak out, you're a traitor to the country.
In my opinion THAT'S what the general public needs to recognize. The stakes for whistleblowers have been raised to the absolute limit.
I'd hold off on the Internet rage for a bit and realize that Att has been required by law for many years now to assist in telecom surveillance. CALEA. Look it up.
What is the name of the law that requires them to cancel having conversations they were otherwise looking forward to having, if people wear t-shirts that hurt their feelings?
Probably because they will sound like the comment above? Blind Internet nerd rage uninformed of actual facts doesn't lead to a discussion worth spending your time on.
I think your raging accusations that the nerds protesting against RSA are uninformed of the actual facts is totally off base. Maybe there are some facts that RSA is holding back and refusing to officially inform us of, but I think we already have a pretty good idea of what they are.
And how does your answer "Probably because..." address my question "What is the name of the law...". I am asking you for an actual objective fact, the name of the law, not for you to take a wild guess about "Why" anybody is doing anything.
Are you even replying to the right posting, or just constructing a coatrack on which to hang your off-base raging accusations? Care to try again and cite the name of the law that I asked for?
CALEA spells out LI requirements. Anything CALEA covers, at least for investigations that have been closed, can be openly discussed. Intercepts using LI in the infrastructure are routinely introduced as evidence in trials. The spec docs might be FOUO, but LI capabilities are not a state secret.
Dragnet surveillance in cooperation with the NSA is a whole other thing. It might use some LI facilities, but, in many cases, LI specs for telecom equipment would not cut it for NSA purposes. Hence all the switches having LI capability and the NSA having their own cable taps and backhaul.
> The organizers of a rival conference, called TrustyCon, which was organized following revelations that RSA had been paid by the N.S.A., said they had spent much of the past weekend persuading executives from the Metreon — another big, downtown center next to the Moscone — not to kick them out of their conference space. The Metreon was set to house the TrustyCon conference on Thursday but Metreon’s management began to grow concerned after they received calls from RSA’s conference organizers.
> The RSA organizers warned the Metreon that TrustyCon attendees were arranging a huge boycott on their premises. In the end, the TrustyCon conference was able to proceed Thursday without a hitch.
So RSA tried to suppress free speech (which is what TrustyCon amounts to) by planting FUD to kill a business deal (the contract with TrustyCon's venue).
Restore the Fourth SF participated in the protests with several other organizations.
We don't know who the other participants in BULLRUN are. We don't know if companies or standards bodies are compromised from the top down like RSA or the bottom up through subverted employees.
It was important to protest RSA because imposing a cost on RSA provides an incentive to companies to resist BULLRUN through stronger internal security and extracting a higher price for C-Level cooperation.
Exactly. And that's the potential effectiveness of boycotting US businesses, and infrastructure like undersea cables. Of course the NSA can get at data almost anywhere in the world. You can't stop their technical ability.
But you can hurt US business by not using them. If that loses US business serious money, then the "heavily lobbied" Congress will change the NSA. Harumphs will be heard throughout the halls of Congress.
Simply raising awareness and suspicion of the American government's attempt to subvert the security features of US products is step in the right direction.
> Representative Mike Rogers, Republican of Michigan and the chairman of the House Intelligence Committee, said in an interview that he would spend much of the week meeting with venture capitalists and young entrepreneurs to try to rebuild Silicon Valley’s trust in the intelligence community.
How? By lying to them some more? I haven't seen one truth spoken by Mike Rogers about NSA so far. And they thought he's the perfect guy to rebuild trust with Silicon Valley? Do they imagine that if he's the guy that lies the most about NSA, that also means Silicon Valley will buy it?
> Thursday but Metreon’s management began to grow concerned after they received calls from RSA’s conference organizers.
I don't get it. Why would they care what RSA thinks? Unless they got some calls from some Congressmen/NSA, too?
> As one put it, “If you’re not here, you’re shutting yourself out of the conversation, which helps nobody.”
To backdoor or not to backdoor. Yeah, that's some conversation. So from all the people who said that, and went to RSA, did they actually "have that conversation"? Or did they just sit quietly in their chairs and waited to be spoonfed some more lies? Something tells me most of those didn't even care if they put a backdoor. They're just there to get more business.
From what I hear, RSA didn't even bother to alleviate concerns about their backdoor. Probably because trying to do that would mean admitting to it, and that's rather keep people confused. This way they may get to keep some fans.
> “There are many of us at AT&T who are disturbed by what we’ve been hearing about the N.S.A.,” this person said. “But when you see that,” he said, pointing to the T-shirts, “a conversation becomes impossible.”
Poor AT&T. People are so unfair to them. I mean so what they let NSA tap into their cables and gave them whatever data they wanted? That doesn't mean people should be mean to them by wearing T-shirts describing exactly what they did. It reminds me of GEMA complaining about Youtube telling its viewers that the videos were taken down by GEMA.
Both of those quotations refer to "conversation", apparently in an attempt to frame the public discussion in terms of being shut out by the privacy advocates. Where was this "conversation" when the backdoors and exploits were being developed? A victim of a privacy violation doesn't want a "conversation" with the perpetrator -- they want the violation to stop and the perpetrator prosecuted.
The market will solve the problem as it always does. Customers the world over will cease relying on American software and data services, which will cause enough pain in the U.S. that pressure will finally be brought to bear on Congress to act, and the surveillance will be reined in, albeit probably too little too late to lure back much of the business.
Ultimately, we'll have a more dispersed and diversified industry with more infrastructure and offices in places that are beyond the reach of government spies. New cryptographic techniques will help protect data, and there will be a new transparency among companies that guarantee data privacy: they'll need to prove it to increasingly skeptical customers.
The internet will map around this problem as it always has.
People have made fun of the first steps: the undersea cable that avoids the US, for example. Yeah, yeah, we have multi-billion-dollar titanium submarines to tap that. It's not the first such cable that's significant. It's when the cables to the US don't get replaced it will start to sting.
But the real break with the US will happen when you can buy telecom infrastructure and enterprise gear that runs buildable open source software, and when Internet portals start offering secure-by-default communications products like Tox for their customers (or customers adopt such products with or without support from their service providers).
An economist would like this answer, but I would like to think a little document called the Constitution could also -- eventually -- put a stop to things.
The US government and people seem to be capable of deluding themselves that they are world-class in a wide range of endeavors where they actually rank below relatively poor, relatively new republics like Lithuania.
The technology industry, despite being far larger, has been led by the nose by a corrupt old-school rent-seeking content publishing industry. What chance do you give it against the Security State and the revenue gravy train behind it. Nobody fought back. Are there any YC startups making secure services for end-users?
As for the Constitution? That's been sidelined. Only the naive think it still offers any protection. There will be no meaningful change until collapse and/or insurrection break the current system. At best we might swerve at the brink.
That's because the Supremes finally got past the post-Civil War keep guns from blacks and other official undesirables (like your non-Anglo-Saxon immigrant parents, although that burst of gun control was back around the turn of the previous century vs. none I know of post-WWII till the '60s), took the 2nd Amendment seriously (e.g. 9-0 an individual right), and then applied the 14th Amendment to it. And then a 7th Circuit Court panel led by a judge who dislikes the Right to Keep and Bear Arms, but who's honest, enforced shall issue on the whole state.
Same thing's happening right now in California (https://en.wikipedia.org/wiki/Peruta_v._San_Diego), and San Diego and Orange Counties have surrendered. No doubt San Francisco and other counties will engage in Massive Resistance, but the Supremes seem to be supremely disinterested in the subject, or at least they've denied cert in 2 of the 4 possible Circuits that went the other way, with the New Jersey and Massachusetts cases still in progress. We'll see.
"There will be no meaningful change until collapse and/or insurrection break the current system. At best we might swerve at the brink."
I'm certainly hoping for the latter, but in the meanwhile, we're getting really well armed for the former two, as you note not mutually exclusive, options. Hard to see how things won't get ugly when the Feds can no longer borrow money at negative real interest rates or thereabouts or debase the dollar so much it doesn't matter.
Don't underestimate the possibility, and the horror, of just muddling through. The US is in an oil boom, which would feel like an actual boom if it wasn't propping up an economy that was really very badly damaged by the 2008 bust. That means we can pay down the wars without learning that we're on track to get dragged down by a bloated security state. Heck, we managed to spend ten years in the Graveyard of Empires and all we learned were some cheesy anecdotes in a fraudulent book about tea drinking. And that generals shouldn't date their hagiographers.
"Don't underestimate the possibility, and the horror, of just muddling through."
Indeed, and I don't, for that's the worst case I'm likely to survive for medical reasons. I label it "Argentina".
I do think you obsess a bit too much on the costs of our 21st Century foreign adventures. To take FY 2007 as an example,simply because Wikipedia provides some details and the Iraq war was hot, that was famously the year of the "surge": https://en.wikipedia.org/wiki/2007_United_States_federal_bud..., the total Defense and Iraq and Iran war costs were less than Social Security + Medicare ... which can't get "turned off" like these, and which are going to rise dramatically as the Baby Boomers continue to retire.
Near the end of that fiscal year the CBO "estimated that "war-related defense activities" in 2007 were "roughly $115 billion." (Or call it 230 Solyndras.) You have more than a passing familiarly with WWII and the Cold War, and their costs. We aren't talking about Maximum Efforts like the former where, I just randomly looked up yesterday, we peaked at building a B-24 Liberator heavy bomber every hour, 650 per month (curiously close the total number of all airplanes Imperial Japan could make in a month), and 18,482 total units ("it still holds the distinction as the most-produced American military aircraft.")
The "surge" itself wasn't that big in historical terms (although this is more expensive volunteer army), 18,400 troops in 5 Army brigades, 4,000 Marines had their stays extended, etc., evidently 28,000 "additional troops" (https://en.wikipedia.org/wiki/Iraq_War_troop_surge_of_2007#O...).
Unless the CBO was smoking something powerful, this wasn't a budget buster; not a small cost, but I can't see how you can reasonably claim it's a proportionally bankrupting cost, unless everything I've heard from secondary or worse sources is wrong, plus what I just looked up.
"I'm sure that under enhanced liberty you can have all the privacy that you want, just like under enhanced interrogation you can breathe all the water you want."
“When or if the N.S.A. blurs the lines between its defensive and intelligence-gathering roles, and exploits its position of trust within the security community, then that’s a problem.”
That's Arthur W. Coviello Jr, RSA's Executive Chairman, who is not doing himself or his company any favors. Seriously, "IF"?! Who does he think he's trying to fool?
Does anyone else see the irony in a politician saying “If you have two different agencies, it becomes a bureaucracy,” Mr. Rogers added. “I think that would be a mistake.”?
I think he needs to understand a few things from the constituent's perspective:
1) The government is already too much of a bureaucracy.
2) The NSA is also a bureaucracy ... and doesn't have enough oversight/transparency as it is.
3) He's not really in a position to say what's right since he's part of the problem.
It's over, isn't it? Let's just be honest with ourselves for a moment - privacy is dead. The steps one would have to take in order to remain anonymous today are on the level of complete and utter self-ostracization. Not even hyperbolically, not even metaphorically, literally every significant thing a person does each and every day is determinable through the analysis of data that gets generated by said act.
It's too late, we can't unwind this clock. So what now? I feel like everyone's trying to unbreak the glass, unring the bell, whatever metaphor you'd like, but no one's trying to think of how to live in this world.
What does a person do, when everything there is to do leaves a trace, and the rules for what is and isn't acceptable behavior are constantly in wild flux?
We fight at the only ground it ever mattered: Politics!!!
We put privacy on the forefront of the agendas of our MPs. We become more active in the democratic process than before.
Fighting organizations with larger amount of money that we will ever have, was always a dead end. You can't fight fire with fire. If you create a new powerful encryption tool, you're starting an decryption race from Americans, Chinese, Russians and who-ever-has the power to pursuit it. If they can't break it, they will try to bend it, etc.
So the only thing that was ever going to work, is to held them accountable. Make Keith Alexander and the others who made unwarranted mass surveillance possible, accountable. Press towards that direction.
Snowden gave a huge leap towards that direction to the masses. He managed to stir discussion to topics that were never discussed before.
All we need to do is let our MPs know that privacy matters, for our own good.
And by "we" I mean the entire technology community. Fighting for privacy on the front of politics is the only meaningful way.
And once again, only through education people can reach enlightenment.
It boggles my mind that Americans haven't put Keith Alexander behind bars. Lying to Congress is supposed to be a felony. I feel like the rule of law is dead along with privacy.
Rule of law is an ideal. It's not something we've reached. You just didn't know that it wasn't there until something woke you up and made you pay attention, because it was missing for Someone Else all this time.
Politics is the answer I expected and the answer I fully, completely, and entirely reject.
The EFF, IDL, and other technology advocacy groups are terrible at getting legislation passed in the US. Just plain awful. The only thing they can do effectively is say no.
This is exactly the kind of response I'm talking about when I say, "unring the bell". Our lives are out there, already. You, me, anyone with a Facebook account, an email address, a cell phone - we're exposed, and the options before us are to either eschew all technology entirely, or to figure out how to live without privacy.
The ability to track the movements and activities of everyone in the world is the kind of tool that sits on the same level as nuclear weapons, as jet engines, as automatic weapons. We're never going to experience a world where systemic and universal surveillance is not happening again.
The question I think we should start asking ourselves is, how do we live in this world?
EFF and IDL are terrible because they don't have money to lobby, neither do you (I assume) and the industry that does, want's possibly even less privacy (Faceboo, Google, Twitter, FourSquare, etc).
The thing is that I don't want to erase or use a fake name in my StackOverflow or Twitter account. I know perfectly well that at any time my data could be exploited by a third party.
That's why I'm saying that the only way to get over this, is to make large part of the population aware of the issue.
And the more people use the internet the easier will become.
You can reject it, but in a democratic country that's the way things work: Politicians want (and sell themselves easily) for more votes. Exchange your vote for privacy, the administration might want to control our lives using espionage, but if MPs don't get votes they can't support the administration and I believe they will turn their back to the administration way more easily if they know that they will gain more votes (more raw power).
So all you have to do, is put the issue high on the agenda, nothing more. I'm not saying it's easy, but it's not impossible either.
Once an NSA executive goes in jail for mis-conduction will have set a precedent. Same thing will happen in Germany, etc. Then you can say that you are relatively safer because everyone who is going to exploit our data, could face prison. And that's not an entertaining thought, especially for politicians and executives.
Although I agree completely with your recommended course of action, and indeed your sentiment, I find it frightening to see our reliance on the emergent properties of democratic process so bluntly demonstrated.
We don't really know how to live in this society yet! No one has a definite solution, but greater public awareness will definitely accelerate the outcome, whether it be a solution for the general populous, or a "solution" for those in power.
> "... and the options before us are to either eschew all technology entirely, or to figure out how to live without privacy."
A completely false and thoroughly unhelpful dichotomy. It's comments like this which lead to defeatist attitudes and a lack of push-back (which, unsurprisingly, becomes self-fulfiling).
Options include:
- Engaging in the political process. What's the point of democracy if people are unwilling to use it? There are so many fringe interest groups that have managed to get their way because they've figured the system out and how to play it. It's fucking irritating when smart technical people simply write off this piece of the process. If you want to 'hack some (non-computer) system to your advantage', let it be this one.
- Advocate for and try to use secure technologies. Security on the internet is a farce and ordinary people are constantly misinformed or poorly educated on the issue. Even developers don't get it right. It's in this state because the hard work of coming up with secure crypto is only a third of the problem. Another third is making it useable by normal people/devs and the final third is actually working on getting adoption of products and services that incorporate it. Of course, this directly conflicts with any business model based on advertising so it's time for new models too. Anything that gets decent crypto usable and widely deployed is a good thing for everyone.
- Understand that 'privacy' is a multi-faceted thing (and help others understand). It's completely ridiculous and unhelpful to talk about it in binary terms and it's made worse when people confuse privacy with anonymity. There's a scale on which people treat these things which is obvious when you consider behaviour rather what people say about it.
Change doesn't occur overnight, it takes schlep and conviction.
The political answer is pretty clear: elect enough non-establishment politicians, President and VP, both houses of the Congress, and we can get this fixed.
As for who, I don't watch the Democratic party at this level (but note the ones already elected in the Congress who are fighting this), but on the Republican side perhaps Ted Cruz, not Rand Paul, who's stances on drones showed he is poser, in general "Tea Party", we want to be left alone types. The latter aren't Republicans per se, in fact they're an existential threat to the establishment GOP, which is why the latter has been complicit in their suppression.
Implicit in the above advice, and observation of that first vote, if this is really one of your most important issues, forget about parties and PC, vote for and donate money to individuals who share these values.
If, on the other hand, voting for or donating money to a "Republican" is unthinkable, then you've demonstrated this is not actually a very important issue for you.
> Fighting organizations with larger amount of money that we will ever have, was always a dead end. You can't fight fire with fire.
I'm not sure how you define "more money tha[n] we will ever have" -- but that certainly includes most companies and political parties -- and I can't accept that -- those are exactly the kind of organizations we must fight?
And, yes, you can absolutely fight fire with fire. In terms of politics, I'd say wide general strikes is one way to do so -- when one party tries to control the means and output of production, one way to "fight fire with fire" is to shut down production. While not getting as much media attention as it deserved, this was a major factor in the first stages of the Egyptian uprising (not that what has happened there lately is very encouraging).
Sorry that phrase was suppose to be: "Fighting organizations with larger amounts of money [at the technology front] ...".
IMHO you fight fire with fire if you don't mind getting burned. But speaking of privacy we don't want transparency for all, we want our privacy back without having to hide every digital step we take.
Now, you mention Egypt. I understand that both US and UK are leaning towards a digital pseudo-democracy but surely the situation is not as bad as it was in Egypt. You still get to vote, you (and me) might not like the results, but ultimately that's what democracy is all about: accepting the results of the (voting) majority and having to make even uncomfortable decisions.
Simply because something is technically possible doesn't mean that it must happen.
Simply because a thing does happen doesn't mean it must be allowed.
Legal protections can be created. Governments and corporations can be legally obliged to turn over or destroy records. Failure to do so can be subject to audits. The operating presumption is that the surveillance is happening, which should oblige a tremendous benefit of the doubt to anyone challenging or refusing such surveillance.
At another level: surveillance countermeasures will become more prevalent and effective. Small-scale tools such as data fuzzers (running a constant set of quasi-random Internet searches and traffic from your IP, generating white noise to frustrate microphones, laser-blinding cameras, whatever). If you've read Neal Stephenson's Diamond Age, the nanobot wars he describes are likely to become a reality -- your own personal defense devices seeking out and destroying surveillance bots. People realizing that a principle of least privilege and of least capability should apply to technologies: "smart paper" may be nifty and keen, but one of the advantages of plain old dumb paper is that it's not electronic, and doesn't have arbitrary programmatic capabilities. When we've got a record of microprocessor bugs being placed in electric teakettles and irons, the benefits of solid cast-iron cookware or other dumb-as-rocks tools are clear.
At the government level, pushing back against elected officials (hey, California, when are you going to dump DiFi?). Massive lawsuits against corporate spies can have similar chilling effects on them, as well as loss-of-business. There remains considerable power in collective action, so long as people are willing to use it.
I asked about and then proposed what you call a data fuzzer about 3 years ago. Instead of not using Facebook, get your computer to use it when you're not and muddy the data collected on you. Friends would know the relevant period to ignore. Same with other sites where user content is allowed.
I haven't actually seen a "consumer" data fuzzer though outside of Twitter and Twitch bots.
Large and widespread bug dispersal is different from traffic cams. And there are countermeasures (e.g., an in-car camera laser which would target surveillance cameras within line-of-site) which could nondestructively counter surveillance equipment.
Similarly, I was suggesting defenses which might simply emit signals or project a cone of silence where bots are detected.
I'm also not aware of any case being made for destruction of government property, say, where tracking devices have been found on vehicles (there are a few news stories concerning this), though I recall at least one in which the US government agency involved (the FBI) wanted its tracker back.
"I've heard quite a lot of people that talk about post-privacy, and they talk about it in terms of feeling like, you know, it's too late, we're done for, there's just no possibility for privacy left anymore and we just have to get used to it. And this is a pretty fascinating thing, because it seems to me that you never hear a feminist say that we're post-consent because there is rape. And why is that? The reason is that it's bullshit."
We can change that through technology. I believe Lessig was right when he said "code is law" [1]. That goes for NSA, too -meaning they can do whatever they want as long as they can do it through code. If you read that slowly, you realize that:
1) NSA can do a whole lot right now, regardless of the law, because Internet security is so broken
2) If we do fix Internet security, then they will be very limited - again, regardless of the law.
Like take end to end security for example. A judge can request a company to give up the key even to all of their users data - like they did with Lavabit. But if it was true end to end security, with the key on the client's side, there's nothing they could've requested from the company, making FBI and NSA much more limited in the data they can gather. They would basically have to try and tap only the important targets - you know, like they used to.
We will fix Internet security, and I'm starting to see a trend already of high quality secure apps that the public could use (compared to before when most were just unusable by normal people), and we're going to see more of it.
Privacy is impossible for me to implement alone, because I'm just one guy in a room, not able to resist a nation state.
But it doesn't have to be that way. What if there was an organisation - let's call them "the NSA" or "GCHQ," whose mission was to ensure the privacy of its citizens?
Then we'd get better encryption, stronger tools and we'd have a nation-state on our side fighting all the others.
I don't think that's what he was trying to say. He meant your message is "just give up". I didn't see anything in your post about "what do we do now that privacy was defeated". You just said "give up everyone. Stop trying to make privacy happen". There's a difference there.
How many options are there, once you de-facto exclude getting it back?
Well ... you live without it.
Ordinary people have been living under the whims of capricious deities from thousands of years. It doesn't really matter if you believe in deities directly, it may as well be natural disasters, cruel landlords, plagues of locusts, drought/weather, mob bosses, as the whims of the spirits, so what you do is just carry on living.
> It's over, isn't it? Let's just be honest with ourselves for a moment - privacy is dead
Yes. If not now, it will be. I say this for two reasons.
1. The commercial value in killing privacy is too high. Nearly every company you deal with (and nearly every individual you deal with in matters that concern money) is much better off the more private information they can find out about you.
We've grown reliant on email and text messaging, and on social networking, and on internet search, and on internet shopping, so that nearly everything we do is a potential leak of information to some entity that can profit from that information.
Almost no one is willing to disentangle themselves from that to the extent that would be necessary to maintain privacy. Some might leave Facebook, or switch from Google to Duck Duck Go, but there are so many ways your privacy gets compromise that plugging one or two holes doesn't really save you.
2. I think that physical threats are going to increase, largely due to technology. Things that currently would take a well organized and well funded terrorist organization are going to eventually be in the reach of your random crazy person. People that nowadays are limited to crude bombs that take out a few people will be able to readily build large bombs that kill dozens or hundreds. I expect home-made biological weapons to become relatively easy at some point, adding a whole new level of destructive capability.
I think we'll reach a point where disgruntled ex-employees, disgruntled ex-boyfriends or ex-girlfriends, members of religious and political cults, and the like are killing more people a year than all the major terrorist groups combined can do.
Since these attacks will be coming from within, often from people who seem pretty ordinary until they go off the deep end, my guess is that there will be no way to prevent them other than extensive surveillance.
Since the above two factors make loss of privacy inevitable in my opinion, I think the focus should be on making sure our information is not misused, rather than trying to stop it from being gathered at all.
Take surveillance. I think we need to automate it. Get humans out of the loop. I don't care if AI spies on me, as long as it only alerts humans when it sees me doing something bad (or if it sees that I need aid), and we have sufficient public auditing to ensure this.
Totally nitpicking for fun here, but literally every significant thing a person does each and every day is determinable through the analysis of data that gets generated by said act. has always been true, just never possible.
Criminals always left DNA at crimescenes, even before people knew it existed.
In the past if someone dodged work to go to a protest there would be witnesses all along the way - phonecall to work, boss recording them as ill, train passengers seeing them, DNA left on the train, dogs smelling their scent, mud from their home area dropped on the street, coffee shop worker in the city serving them, other protesters seeing them, all sorts of historic record that this happened, and nothing else happened, just no way for humans to pull that together.
History only happened one way. The uncertainty about what happened somewhere/somewhen has always been in our understanding, not in the world itself.
If culturally we can get to a point where the world denounces privacy breeches and technologically we advance tools to easily expose these breeches, can't we establish some privacy standards and keep them in check? We don't need perfection, we just need to make the cost of privacy breeches high enough and risky enough to create a meaningfull disincentive.
That world isn't any better in this one, because the data is still there. It's not a breach of privacy if Facebook or Google just knows everything you've done, and you've agreed to it.
I think, if given the choice between convenience and privacy, people will pick convenience, and this will never change. That's where we're at, and it's about time we start accepting that fact.
My partner won't look at ads on the internet for shoes they like because the ads will follow them a month at least.
That's learned behaviour, they aren't particularly tech literate.
When people learn how technology works, they work it to their advantage. People are learning their communications and movements are logged permanently. People will learn how to use technology is a way so that this will not happen.
Before this thinking was the realm of tin foil hatters - people are paying attention to it now, and are looking around - telegram/textsecure vs whatsapp. I suspect from your defenseless reaction you didn't see the snowden revelations coming.
Two years ago nobody would have given three moments notice to facebook acquiring whatsapp. People around me are reacting like so: "I need to stop using whatsapp immediately".
This guide is a good place to get started - social technology that doesn't have to leave you completely isolated. (If enough of your friends care about yours and their privacy).
http://freedombone.uk.to/
I deleted my Facebook account 3 years ago and up until a few months ago I was able to spin up anonymous google accounts when I needed them. Fortunately I have the skills to create Facebook and Google equivalents for both myself and my family.
We just need to get more options out there and fragment the industry to the point where data collection becomes difficult again. Plus we need to lower the hurdles to get alternatives up and running.
So let's remove the barriers, remove the sign offs and make it really easy for people to find alternatives.
> American officials were quick to rebut the idea that foreign data would be more secure outside American borders. “There’s a big call for data localization,” said Richard A. Clarke, the former United States counterterrorism czar. He pointed to the announcement this week between the European Union and Brazil that they would run a new undersea fiber-optic cable between Brazil and Portugal to thwart American spying.
> “First of all, who doesn’t think the U.S. can’t listen in?” Mr. Clarke said. “Could it possibly be that these countries are trying to take business away from U.S. carriers?”
Anyone want to try and parse the double-negatives here? "who doesn’t think the U.S. can’t listen in?"
So he's saying, "It's not worth building your own networks, because we'll just tap those too?" Is that the official US government position now?
I guess that would technically mean "Who thinks the US can listen in?", which would mean that he's attempting to downplay the possibility that the US tapping things is a relevant concern, and all these international competitors are just using the NSA as a convenient scapegoat, to drum up business.
Which actually makes sense when you consider that he's part of the machine, and just toeing the party line.
It seems like the conversation on HN in general oscillates back and forth about fighting fire with fire and not acknowledging there can be many ways to put out a fire...
People upset about the corporate-governmental surveillance state ever-present globally want those in power to change without changing their own collective behaviors seems to crowd out any discussion about other ideas that probably would be eaiser/more effective to implement by taking advantage of such realities and less focus on imposing crypto fantasies that go against the flow of current collective human behavior...
Here's an idea seldom mentioned here: have you thought about removing the oxygen that enables the fire to burn?
> Around San Francisco this week, some were seen sporting Electronic Frontier Foundation T-shirts featuring a retooled N.S.A. logo with an eagle using its talons to plug into the American telecom network, symbolized by AT&T. Asked about the T-shirts, one AT&T executive, who asked not to be named, said they had a chilling effect.
> “There are many of us at AT&T who are disturbed by what we’ve been hearing about the N.S.A.,” this person said. “But when you see that,” he said, pointing to the T-shirts, “a conversation becomes impossible.”
When you see Person C over there wearing a Tshirt, it makes an easy excuse not to have a conversation with Person B who has nothing to do with the Tshirt.
>German executives and intelligence officials called Mr. Snowden a hero and said his disclosures had been a boon for business, as N.S.A. suspicions prompted global companies to look for alternatives to American products and services.
I found this tidbit interesting -- the idea that setting aside legalities and popular opinion, NSA policies are having a real (negative) effect on american tech companies.
“There are many of us at AT&T who are disturbed by what we’ve been hearing about the N.S.A.,” this person said. “But when you see that,” he said, pointing to the T-shirts, “a conversation becomes impossible.”
----
The conversation became impossible when your company decided to willingly give up everything and anything about its customers for a fee. Were it not for customer apathy, I'd like to think your entire shitty company would have been fucked out of existence by now for what they continue to do. But not really, because your company probably would have just been given a bailout for failing at everything but sucking government dick.
Fuck you nameless executive. I wish I could request anonymity as easily as you can. Your shitty company brought this upon itself and there is nothing to discuss until it stops being the NSA's bitch.