[FoRK] [cryptome] Thank You, Edward Snowden

Eugen Leitl eugen at leitl.org
Sat Oct 19 02:27:26 PDT 2013

----- Forwarded message from coderman <coderman at gmail.com> -----

Date: Fri, 18 Oct 2013 12:11:43 -0700
From: coderman <coderman at gmail.com>
To: cpunks <cypherpunks at cpunks.org>, cryptome at freelists.org
Subject: [cryptome] Thank You, Edward Snowden
Message-ID: <CAJVRA1RYc8kUZAUqpmUw=+17CznWYhHE5grdx_xdTGk+W0CHFA at mail.gmail.com>
Reply-To: cryptome at freelists.org

Ron Wyden++



Ronald Bailey | Oct. 18, 2013 1:30 pm

Last week the Cato Institute put on a terrific conference about
unconstitutional domestic spying. The Cato conference took place after
a summer of alarming revelations of just how deep and extensive the
feds’ secret surveillance of our everyday communications had become.
The conference, held at the institute’s downtown D.C. headquarters,
brought some of the most knowledgeable Internet luminaries together
with some of the fiercest fighters for Americans’ Fourth Amendment

Watchdog organizations such as the Electronic Frontier Foundation
(EFF) and the American Civil Liberties Union (ACLU) had sought for
years to expose the extent and depth of federal surveillance, but
their efforts were largely stymied by the very walls of secrecy they
were trying to breach. In the 2006 case Hepting v. AT&T, for example,
the EFF sued the giant telco for the privacy violations incurred by
allowing the National Security Agency (NSA) to wiretap and data-mine
all of the company’s customers’ communications. To forestall this
case, Congress in 2008 passed the FISA Amendments Act, conferring
retroactive immunity on the telephone companies and government
agencies for engaging in warrantless wiretapping. Earlier this year,
the U.S. Supreme Court rejected a challenge to the FISA Amendments Act
by the ACLU and other groups, on the grounds that they had no standing
to sue because they could not actually prove that the NSA was spying
on them. This is Catch-22 logic: The ACLU needs to sue the NSA to get
the evidence that the agency spied on it and its clients, but they
can’t sue because they have no evidence that the agency spied on them.

The walls of surveillance secrecy were finally cracked by the June
revelations of whistleblower Edward Snowden. Snowden’s files
conclusively show that the federal government has been operating a
vast spying program that violates the Fourth Amendment rights of tens
of millions of ordinary Americans. To justify this surveillance, the
government offers tortured legal interpretations of Section 702 of the
Foreign Intelligence Surveillance Act and Section 215 of the PATRIOT

Section 702 authorizes warrantless surveillance of the communications
of foreigners outside of the United States. As Snowden’s documents
reveal, the NSA has interpreted Section 702 as a backdoor loophole
allowing the agency to retain and comb through the call data and
emails of Americans whose communications are “about” a terror suspect
or have been “inadvertently” intercepted by the NSA’s PRISM monitoring
program. The even more egregious violations of our constitutional
rights, Snowden revealed, occurred under Section 215 of the PATRIOT
Act, which the NSA has used to justify the dragnet collection and
retention of the call metadata of essentially all Americans. (Metadata
includes the numbers called and the location, date, time, and duration
of each call.)

The first keynote at the Cato conference was delivered by Sen. Ron
Wyden (D-Ore.), who cited the “revelations of June” numerous times.
Several speakers used such circumlocutions during the conference,
clearly as a way to avoid actually speaking the name of the man who
finally broke the news that our government has been unconstitutionally
spying on us for years. Despite his reticence with regard to Snowden,
Wyden has been at the lonely forefront of the fight to rein in
America’s growing surveillance state. It was Wyden who asked Director
of National Intelligence James Clapper in a March hearing whether the
agency collected any sort of data on hundreds of millions of
Americans. “No, sir,” lied Clapper. “Not wittingly.”

After Snowden’s revelations proved that Clapper was a liar, Clapper
attempted to justify himself in a June television interview by
suggesting that “collect” doesn’t mean the same thing to him that it
means to ordinary Americans. “Collect,” Clapper claimed, doesn’t mean
intercepting and storing data about telephone calls; the data are only
“collected” when the agency goes searching through its vast databases
looking for specific calls. At the Cato conference, New York Times
national security reporter Charlie Savage pointed out that “Congress
doesn’t know that there is a secret lexicon at the NSA in which words
mean something else at the NSA.” He recommended that people might want
to look up the Electronic Frontier Foundation’s helpful NSA glossary,
which shows how the agency reinterprets normal words in ways that
ordinary people would say amount to “lies.” Another speaker, Rep.
Justin Amash (R-Mich.), said that Clapper should step down and be
prosecuted for lying to Congress.

During his morning keynote, Wyden outlined the main provisions of a
new bill he introduced with Sens. Mark Udall (D-Utah), Richard
Blumenthal (D-Conn.), and Rand Paul (R-Ky.) two weeks earlier. The
bill would end the mass collection of American’s communication data,
close the backdoor search loophole under FISA Section 702, provide an
advocate to argue against government abuses before the Foreign
Intelligence Surveillance Court, and enable citizens to be heard in
federal courts when they believe that the surveillance agencies have
violated their Fourth Amendment right to privacy. In addition,
telecommunications companies would be enabled to disclose more
information about their cooperation with government surveillance

Wyden warned that the agency heads and their enablers in the Congress,
such as Senate Intelligence Committee Chair Dianne Feinstein
(D-Calif.), would be striking back against proposals for increased
transparency. “Their objective is to fog up the surveillance debate,”
he explained, “and convince Congress and the public that the real
problem is not unconstitutional surveillance, the real problem is
sensationalistic reporting.” Wyden is encouraged, however, by the
broader reaction to the “revelations of June.” Referring to the Amash
amendment, a July measure that sought to cut funding to the NSA’s bulk
collection of Americans’ phone records, Wyden said, “If you’d told me
that you could get 200 votes on the floor of the House of
Representative, I would have said you’re dreaming.” The amendment
failed, but the vote was surprisingly close.

Of course, that vote was only possible because of Snowden’s
disclosures. Yet in July, when Wyden was asked whether Snowden is a
hero or a villain, he replied that “when there is an individual who’s
been charged criminally and he has been charged with espionage, I
don’t get into commenting beyond that.” Wyden should comment, and his
comment should be: “Thank you, Edward Snowden.”

Next up at the conference was a panel of national security reporters
moderated by Cato’s Julian Sanchez. The panelists were Bart Gellman of
the Washington Post, Spencer Ackerman of The Guardian, Siobhan Gorman
of The Wall Street Journal, and Charlie Savage of The New York Times.
Gellman was the first speaker to say the word “Snowden,” noting that
the whistleblower’s greatest fear was that the risks he took would be
all for nothing; that there would be no debate over the extent and
intrusiveness of domestic surveillance. In fact, Gellman declared,
“Snowden succeeded beyond his wildest dreams.”

Gellman also said that Clapper wasn’t the only administration official
to lie to Congress. NSA chief Keith Alexander wasn’t telling the truth
when he claimed a year ago that his agency does “not hold data on U.S.
citizens” at its gigantic new data facility in Bluffdale, Utah. And
the Justice Department had certainly been misleading, even if it
didn’t technically lie, when it said the Section 215 authorities had
been used only 20 to 30 times to collect data. Yes, but those 20 to 30
times allowed the NSA to collect trillions of records.

Gorman added that the Snowden revelations had “shaken the trees” and
prompted other reporting that has forced other government disclosures
about various domestic spying efforts. For example, the NSA has tapped
the Internet backbone through secret agreements with nine major (but
unnamed) U.S. telecommunications companies. This has given the agency
the capacity to monitor 75 percent of all U.S. Internet
communications. Once it was revealed that the big telecommunications
companies were cooperating with the NSA spying program, Gellman noted,
they started agitating to be allowed to disclose more about what they
are being asked and ordered to do.

The luncheon keynote was delivered by Rep. Amash, who described how
spy agencies try to limit congressional access to information about
their activities, making meaningful oversight all but impossible.
Agencies speak in generalities and then engage in a game of 20
questions with legislators who seek deeper knowledge. They might, for
example, answer a query with “No, our agency doesn’t do that” without
mentioning that another agency does.

Amash described one occasion in which he was seeking to review a
particular document and the agency promised to arrange for members of
Congress to do so. The agency did not send a message that the document
was available for scrutiny by emailing members’ offices directly;
instead it sent the notification through the more general and less
read Dear Colleague email system. Even then, the document was
available for review only between 9 a.m. and noon in a briefing room
on the day just before Congress was scheduled to leave for vacation.
Members who reviewed the document also had to sign a nondisclosure
agreement saying that they would not discuss it with other members who
had not seen it.

After lunch, the conference featured a panel of legal experts, many of
whom have tangled in court with the NSA and the Justice Department.
Georgetown law professor Laura Donohue argued that the Foreign
Intelligence Surveillance Court (FISC) was solely created to supervise
spying on foreign powers and their agents. Under statute, the FISC is
supposed to review and grant orders under Section 215 only when
agencies supply “a statement of fact showing that there are reasonable
grounds to believe that tangible things sought are relevant to an
authorized investigation.”

Donohue argues that the FISC and the NSA have now interpreted
“relevant” to include all data on all telephone calls, and possibly
other records, such as data on all emails, financial records, medical
records, and so forth. As such, Section 215 orders function as general
warrants allowing officials to rifle through the records of any
American without the need to show probable cause as delimited by the
Fourth Amendment.

The ACLU’s Jameel Jaffer agreed that the NSA’s dragnet collection of
phone records violates the relevance standard of Section 215. He also
argued that it violated Americans’ reasonable expectations of privacy
under the Fourth Amendment and, less obviously, our right of free
association under the First Amendment. If people think they are
watched by government agents, he explained, they may curtail innocuous
contacts with others out of fear that government functionaries will
misinterpret or abuse information about their relationships. David
Lieber, privacy counsel for Google, struck another First Amendment
note, expressing frustration over the government’s prior restraint of
speech when it forbade his company (and others) from disclosing even
summary statistics on how much information on its customers the feds
were requiring it to turn over.

Paul Rosenzweig, a former deputy assistant for policy at the
Department of Homeland Security, is much more sanguine about NSA
domestic surveillance. He offered a very nice demonstration, produced
by journalist Kieran Healy based on David Hackett Fischer’s biography
of Paul Revere, showing how metadata on various club memberships would
have identified Paul Revere to the British authorities as the center
of terrorist network in late-18th-century Boston. That may sound
alarming to you, but to Rosenzweig the NSA’s use of such relational
data-mining is “relevant” to an investigation.

The second afternoon panel focused on techniques to protect data from
federal surveillance. First, the good news: Jim Burrows of Silent
Circle, a new company offering various encryption services, observed
that TOR, the free open source software that protects users’
anonymity, generally stands up to NSA snooping. Less happily, David
Dahl of SpiderOak, a company that offers encrypted file backup,
decried the recent revelations that the NSA had succeeded in
introducing subtle vulnerabilities by influencing the development of
encryption standards. Matt Blaze, an Internet security guru at the
University of Pennsylvania, observed that maintaining vulnerabilities
in computer code doesn’t just make it easier for the NSA to spy; it
makes it easier for the Chinese, Russians, and Iranians to spy, and
for Internet criminals to steal data and cause other havoc.

Burrows discussed the case of Lavabit, an encrypted email service
apparently used by Snowden. The NSA ordered Ladar Levison, the owner
of the service, to hand over data that would enable the agency to spy
on his 350,000 customers. Levison instead shut down the service,
saying that he refused “to become complicit in crimes against the
American people.” Burrows noted that Silent Circle was also an
offering encrypted email service. Within 10 hours of learning what had
happened to Lavabit, Silent Circle shut down and purged its own
service without notice to subscribers. Burrows noted that had Silent
Circle informed its customers in advance the shutdown might have
become illegal. “We knew for sure that someday some law enforcement
agency would order us to give them a backdoor,” said Burrows.

Burrows noted that there is no email that is currently secure against
metadata collection, although users can securely encrypt the content
of their messages. The ACLU’s Chris Soghoian added that the laws of
physics make it impossible to shield the location data emitted by
mobile phones. SpiderOak’s Dahl speculated that some peer-to-peer
communications protocols with built-in cryptography might make secure
email possible.

The final panel considered what reforms are necessary to rein in
domestic surveillance. Cato Senior Fellow John Mueller demolished the
claim that the NSA’s domestic spying has done much to protect
Americans against terrorism. NSA chief Alexander claimed in June that
mass telephone surveillance program had thwarted 54 terrorist plots.
In October, Alexander admitted in a Senate hearing that the telephone
dragnet’s effect was much more modest: It may have helped in one or
maybe two cases.

“The Obama administration has doubled down on this program and doesn’t
believe that it has done anything wrong,” despaired Michelle
Richardson, legislative counsel for the ACLU. Center for Democracy and
Technology senior counsel Kevin Bankston remarked that it is “insane”
that Google’s privacy counselor David Lieber “had to dance around the
question of receiving requests from the NSA.” People are free to say
they haven’t received such requests, but they’re not allowed to tell
anyone when they have.

“The NSA has turned the Internet into a giant surveillance platform,”
declared renowned tech guru and Harvard Berkman Center fellow Bruce
Schneier. Metadata collection that tells spies where a person went,
who he spoke to, what he bought, and what he saw equals surveillance.
“When the president says, ‘It’s just metadata,’” he means, “Don’t
worry, you’re all under surveillance all of the time.” Schneier argued
that we need to make the Internet secure against all attackers. “A
secure Internet is in everyone’s interests,” said Schneier. “We are
all better off if no one can do this kind of bulk surveillance.
Fundamentally, security is more important than surveillance.” The
panel agreed that it is critical to pass legislation preventing the
government from mandating that companies build spy-friendly
insecurities into their systems.

The final keynote speaker, Rep. James Sensenbrenner (R–Wisc.),
outlined the contours of his Uniting and Strengthening America by
Fulfilling Rights and Ending Eavesdropping, Dragnet-Collection, and
Online Monitoring (USA FREEDOM) Act. His bill would limit the
collection of phone records to known terrorist suspects, force the
Foreign Intelligence Surveillance Courts to disclose surveillance
policies, establish a constitutional privacy advocate in that court’s
proceedings, and permit companies to disclose NSA information

At the end of conference, the one person whose efforts made it
possible to for new Congressional reform efforts aimed at reining in
the surveillance state went largely unacknowledged. And so, again:
Thank you, Edward Snowden.

Disclosure: I am still a card-carrying member of the ACLU.

----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5

More information about the FoRK mailing list