Irish public rather blasé about PRISM?

Cody Pomeray

press conference on US EU ministerial justice and home affairs meeting, where the agenda had been altered to allow a discussion of PRISM

http://ec.europa.eu/avservices/ebs/live.cfm?page=2

Scofflaw

Cody Pomeray wrote: »

press conference on US EU ministerial justice and home affairs meeting, where the agenda had been altered to allow a discussion of PRISM

http://ec.europa.eu/avservices/ebs/live.cfm?page=2

And Reding's statement from that:

PRISM scandal: The data protection rights of EU citizens are non-negotiable


EU Justice Commissioner Viviane Reding said at the Press Conference after the EU-U.S. Justice and Home Affairs Ministerial in Dublin today:

Ladies and Gentlemen,

As you know, earlier this week I sent a series of very detailed questions to Attorney General Holder about the media reports on the collection of data from Verizon and about the PRISM programme. How do these affect EU citizens right? Are they aimed at EU citizens? What is the volume of the data collected? Do the programmes involve bulk collection of data or is the collection targeted? Do the programmes operate under proper oversight of the judiciary? Is the collection of EU citizens' data authorised by a court? And how are European citizens protected, as compared to American citizens?

These questions matter very much for the EU and for our citizens.

The concept of national security does not mean that “anything goes”: States do not enjoy an unlimited right of secret surveillance. In Europe, also in cases involving national security, every individual – irrespective of their nationality – can go to a Court, national or European, if they believe that their right to data protection has been infringed. Effective judicial redress is available for Europeans and non-Europeans alike. This is a basic principle of European law.

I have been asking since a long time already and I continue to ask for full equal treatment of EU and U.S. citizens: Not more not less.

I have asked these very precise questions in the letter and I have asked them again today directly to my colleague. And I have been given answers and assurances. For me this is the beginning of a dialogue.

First, on the Verizon question, the information I received today is that it is a U.S. project, directed mainly towards U.S. citizens. It is about metadata, not about content. It is about bulk, not about individuals. And it is based on court orders and congressional oversight.

Having heard this, I consider that this is mainly an American question – if Eric Holder confirms this.

Considering PRISM, the U.S. answers to the questions I have raised were the following: It is about foreign intelligence threats.

PRISM is targeted at non-U.S. citizens under investigation on suspicion of terrorism and cybercrimes. So it is not about bulk data mining, but specific individuals or targeted groups. It is on the basis of a court order, of an American court, and of congressional oversight.

I hope that Eric Holder can confirm again to you what has been explained during our meeting. Because our assessment will depend on this confirmation on the basis of concrete facts.

For us Europeans, it is very essential that even if it is a national security issue it cannot be at the expense of EU citizens.

I have heard the explanations and reassurances and I made it clear that the basic rights of citizens are not negotiable. But that of course security is something governments have to take care of.

I welcome Attorney General Holder's proposal to convene, in the short-term, a meeting of security experts from the U.S. and from the EU in order to clarify together the remaining matters – and I think there are remaining matters.

There are still questions to be answered, but this was a good first step – to speak eye to eye on questions which concern many European citizens.

The PRISM leaks have provoked, as you know, a wave of protest against surveillance and denial of privacy. President Obama has indicated that he is open to the debate. I agree. It is more necessary than ever.

Fundamentally, this is a question of trust. Trust of citizens towards their governments and to the governments of partner nations.

This is why I believe that the conclusion of the negotiations on the "Umbrella Agreement" on the exchange of data in the law enforcement sector is of fundamental importance, and it is urgent to make concrete progress. We have been negotiating – Eric Holder and myself – since 2011. There have been 15 negotiating rounds. But the fundamental issue has not yet been resolved.

A meaningful agreement has to ensure the full equal treatment of EU and U.S. citizens. A meaningful agreement has to give European citizens concrete and effective rights like access to justice. And a meaningful agreement has to ensure that law enforcement authorities access data through lawful channels of cooperation which do exist between the EU and the U.S.

Today, I call on the Attorney General to commit to finding solutions on these points, and to do this swiftly.

We need to conclude these negotiations soon, to give citizens' confidence – confidence that their rights are protected.

This will contribute to restoring trust. It is the basis of both our cooperation in the field of law enforcement and essential to the stability and growth of the digital economy.

And it will also be essential when we negotiate on a trade agreement, that we have trust at the basis of our discussions.

cordially,
Scofflaw

Scofflaw

karma_ wrote: »

This illustrates the pointlessness of the whole thing. They throw millions of dollars at spying on everyone and the truth is that anyone worth spying on will be using these back doors anyway.

Having gone along to the Science Gallery panel meeting yesterday, I heard this point come up several times. In general, the security experts agreed that from the point of view of 'bomb in the street' terrorism, such surveillance is only of general value - what it is useful for is cyber-attacks and 'cyber-terrorism'. The terrorism angle is part of the "theatre of security" (which includes most airport security), although the surveillance may have value in looking at "radicalisation".

The reassurances being put out by the US are not, to my mind, particularly reassuring either. If we look at what's actually said, I can perhaps point out why. This is the assurance given by the US to Reding:

PRISM is targeted at non-U.S. citizens under investigation on suspicion of terrorism and cybercrimes. So it is not about bulk data mining, but specific individuals or targeted groups. It is on the basis of a court order, of an American court, and of congressional oversight.

And this is the summary of that protection:

The Government cannot target anyone under the court-approved procedures for Section 702 collection unless there is an appropriate, and documented, foreign intelligence purpose for the acquisition (such as for the prevention of terrorism, hostile cyber activities, or nuclear proliferation) and the foreign target is reasonably believed to be outside the United States. We cannot target even foreign persons overseas without a valid foreign intelligence purpose.

OK...but the court orders can be given on the basis of a "valid foreign intelligence purpose", which is not the same thing as only under suspicion of an actual crime. Finding out which French groups are opposed to US actions in Syria is a "valid foreign intelligence purpose" - it's still spying on French people, though. It's not "suspicion of terrorism or cybercrime" but something very much broader.

Further, the data has to be there for the US intelligence people to dip into. That assurance, then, is not that your data is not being gathered in bulk, although it sounds as though that's what they're saying. It has to be gathered in bulk for it to be there in the first place - what they're saying is that it's only looked at in detail on foot of a FISA order, which, as has been pointed out, includes any "valid foreign intelligence purpose", something which, in turn, is determined solely by US foreign policy needs, or perceived needs.

cordially,
Scofflaw

jmcc

Scofflaw wrote: »

Having gone along to the Science Gallery panel meeting yesterday, I heard this point come up several times. In general, the security experts agreed that from the point of view of 'bomb in the street' terrorism, such surveillance is only of general value - what it is useful for is cyber-attacks and 'cyber-terrorism'. The terrorism angle is part of the "theatre of security" (which includes most airport security), although the surveillance may have value in looking at "radicalisation".

So were these people just tourists? There's been a hell of a lot of spoofing about this in the media by people who are clueless ("technology journalists" and assorted lifestyle journalists). There's been relatively little comment from people who understand the issues.

The reassurances being put out by the US are not, to my mind, particularly reassuring either.

As I said above - most people commenting on this issue in the media are quite clueless. They don't differentiate between a software tool used to access data and the collection of data.

If we look at what's actually said, I can perhaps point out why. This is the assurance given by the US to Reding:

Well they would be diplomatic about things, wouldn't they? And since they are dealing with politicians, the reassurances don't have to be based on any reality. They just have to sound good. After all - consider the end user of the assurances.

Regards...jmcc

Scofflaw

jmcc wrote: »

So were these people just tourists? There's been a hell of a lot of spoofing about this in the media by people who are clueless ("technology journalists" and assorted lifestyle journalists). There's been relatively little comment from people who understand the issues.

No, they weren't tech journalists, any of them bar the presenter. They were the "leader of Ireland's would-be Pirate Party", the Data Protection Commissioner, a cyber-security consultant, Microsoft's ex privacy head, Alexander Klimberg, Sadhbh McCarthy (irector of the Centre for Irish and European Security in Brussels), and a TCD researcher whose name I forget.

jmcc wrote: »

As I said above - most people commenting on this issue in the media are quite clueless. They don't differentiate between a software tool used to access data and the collection of data.

Well they would be diplomatic about things, wouldn't they? And since they are dealing with politicians, the reassurances don't have to be based on any reality. They just have to sound good. After all - consider the end user of the assurances.

Regards...jmcc

There seems to be a good deal of confusion, not just on the part of tech journalists, as to what PRISM actually is, but as I said, it seems to me that the ability to look into the data in detail presupposes the collection of the data in bulk. Sure, theoretically they could wait until they want to look at someone and have been granted a court order to do so to even collect the data...but that would assume the ability to track that data in particular on the net, which is not practical. Which, in turn, means that people's concern over PRISM, that it involves bulk collection of everyone's data, is almost certainly correct even if PRISM itself, as a specific tool, is used for targeted retrieval and analysis.

cordially,
Scofflaw

jmcc

Scofflaw wrote: »

No, they weren't tech journalists, any of them bar the presenter. They were the "leader of Ireland's would-be Pirate Party", the Data Protection Commissioner, a cyber-security consultant, Microsoft's ex privacy head, Alexander Klimberg, Sadhbh McCarthy (irector of the Centre for Irish and European Security in Brussels), and a TCD researcher whose name I forget.

Sounds like a bunch of tourists rather than active professionals in the datamining/comms/intelligence businesses. As you know, I don't have a high opinion of most Irish "technology journalists" and there's a good reason for this - most of them have no real understanding of technology or the business of technology. And this really is a technology driven story that's been coopted by "issues" (privacy/politics etc) driven people.

There seems to be a good deal of confusion, not just on the part of tech journalists, as to what PRISM actually is, but as I said, it seems to me that the ability to look into the data in detail presupposes the collection of the data in bulk.

Well it is to be expected. Most people just don't understand Big Data and datamining or what it can reveal. This is just another example of people (journalists) of limited knowledge trying to understand complex technological issues and failing. Most Irish "technology journalists" aren't technologists and this propagates the confusion. The PRISM slides seem to be an introduction to a software tool for management and analysts. The internet connectivity chart, showing the potential internet bandwidth for regions and countries, led people to think that this was a slide of NSA's data collection.

Sure, theoretically they could wait until they want to look at someone and have been granted a court order to do so to even collect the data...

Which is what may be happening. I think that William Binney said that there was a reframing of the legal position of searches.

but that would assume the ability to track that data in particular on the net, which is not practical.

Again, that's a rather iffy assumption given that according to one article (Bloomberg, I think), approximately 2 petabytes per hour were/are being collected. The true capabilities of NSA's data collection programme are not known so considering something was not practical may very well be wrong.

Which, in turn, means that people's concern over PRISM, that it involves bulk collection of everyone's data, is almost certainly correct even if PRISM itself, as a specific tool, is used for targeted retrieval and analysis.

But people might also consider that Google, Facebook et al also collect data in bulk. Even the adverts on Boards.ie are, to an extent, a product of datamining and bulk data collection. I don't think that most people are too concerned about PRISM.

Regards...jmcc

Scofflaw

jmcc wrote: »

Sounds like a bunch of tourists rather than active professionals in the datamining/comms/intelligence businesses. As you know, I don't have a high opinion of most Irish "technology journalists" and there's a good reason for this - most of them have no real understanding of technology or the business of technology. And this really is a technology driven story that's been coopted by "issues" (privacy/politics etc) driven people.

I'm going to respectfully disagree with that assessment, and also with the final point. First, tech issues aren't simply tech issues, they don't get "co-opted" when people start looking at the social implications of them. Second, this is first and foremost a rights issue, not a technology story. On the tech front there's actually little if anything of interest.

jmcc wrote: »

Well it is to be expected. Most people just don't understand Big Data and datamining or what it can reveal. This is just another example of people (journalists) of limited knowledge trying to understand complex technological issues and failing. Most Irish "technology journalists" aren't technologists and this propagates the confusion. The PRISM slides seem to be an introduction to a software tool for management and analysts. The internet connectivity chart, showing the potential internet bandwidth for regions and countries, led people to think that this was a slide of NSA's data collection.

Which is what may be happening. I think that William Binney said that there was a reframing of the legal position of searches.

Again, that's a rather iffy assumption given that according to one article (Bloomberg, I think), approximately 2 petabytes per hour were/are being collected. The true capabilities of NSA's data collection programme are not known so considering something was not practical may very well be wrong.

Possibly I wasn't entirely clear. It's practical to pick what you want out of the stream if you're already piping the stream into a collection pond, it's not practical to pick it out of the stream itself on a live basis. The point is that the data may be looked at discriminately, but it is being collected, almost certainly, indiscriminately - which the 2PB/hour figure also suggests is the case.

jmcc wrote: »

But people might also consider that Google, Facebook et al also collect data in bulk. Even the adverts on Boards.ie are, to an extent, a product of datamining and bulk data collection. I don't think that most people are too concerned about PRISM.

Regards...jmcc

I don't think they're surprised, and I think they're resigned, but that's not the same as not being concerned.Facebook et al collect the data we specifically give them (even if we don't always know we're giving it to them), and use it to let people try and sell us things we can choose whether or not to buy. That is somewhat different from a foreign power collecting your data without your knowledge in case you or your friends might at some point be of interest in their foreign policy goals.

cordially,
Scofflaw

jmcc

Scofflaw wrote: »

I'm going to respectfully disagree with that assessment, and also with the final point. First, tech issues aren't simply tech issues, they don't get "co-opted" when people start looking at the social implications of them.

Hard to think that these issues were being discussed almost twenty years ago on the CypherPunks mailing list. None of the Irish "technology journalists" where there at the time as they hadn't discovered the internet. The point you seem to be missing is that this story is being blown out of context and used by some of these issues driven people to push a big bad NSA/USA line. Analysing the situation and ramifications with accurate details and facts is one thing but facts are scarce in this story and it has become an emotionally driven story.

Second, this is first and foremost a rights issue, not a technology story. On the tech front there's actually little if anything of interest.

Technology has completely changed the interpretation of some rights and the legal system (in some jurisdictions) is being dragged kicking and screaming from the eighteenth century. As for the pure technological aspects of the story, to a technologist they are absolutely amazing. To techies who have some idea of what 2 petabytes of data per hour means, the technology, systems and programming required to make use of even a fraction of that data is interesting.

Possibly I wasn't entirely clear. It's practical to pick what you want out of the stream if you're already piping the stream into a collection pond, it's not practical to pick it out of the stream itself on a live basis.

You seem to be thinking in the classic non-technologist approach to the problem. It isn't a single collection pond or database but potentially thousands (or more). And depending on the collection method, it may be possible to pick out data in near real-time.

The point is that the data may be looked at discriminately, but it is being collected, almost certainly, indiscriminately - which the 2PB/hour figure also suggests is the case.

Without knowing precisely what data is being collected, it is not possible to be sure about that.

I don't think they're surprised, and I think they're resigned, but that's not the same as not being concerned.

But are they even aware? Or are they more concerned with Coronation Street or Tallafornia?

Regards...jmcc

A Primal Nut

I'm curious why it's only the USA we hear making legal requests of Facebook, Google, Twitter, etc.

These companies operate around the world. What happens if the Irish government request information from these companies? Or Russia, China; or what about Iran.

Then there is the defence the US authorities use; that they only spy on non-US citizens. So again, what if Iran ask for information from Google about US citizens, given that Google operate in Iran?

Is there any international law governing this? Or do US have the advantage because these companies are all American?

Scofflaw

A Primal Nut wrote: »

I'm curious why it's only the USA we hear making legal requests of Facebook, Google, Twitter, etc.

These companies operate around the world. What happens if the Irish government request information from these companies? Or Russia, China; or what about Iran.

Then there is the defence the US authorities use; that they only spy on non-US citizens. So again, what if Iran ask for information from Google about US citizens, given that Google operate in Iran?

Is there any international law governing this? Or do US have the advantage because these companies are all American?

You may find these useful: http://www.google.com/transparencyreport/removals/government/IE/

http://www.google.com/transparencyreport/userdatarequests/IE/

cordially,
Scofflaw

Scofflaw

jmcc wrote: »

Hard to think that these issues were being discussed almost twenty years ago on the CypherPunks mailing list. None of the Irish "technology journalists" where there at the time as they hadn't discovered the internet. The point you seem to be missing is that this story is being blown out of context and used by some of these issues driven people to push a big bad NSA/USA line. Analysing the situation and ramifications with accurate details and facts is one thing but facts are scarce in this story and it has become an emotionally driven story.

Technology has completely changed the interpretation of some rights and the legal system (in some jurisdictions) is being dragged kicking and screaming from the eighteenth century. As for the pure technological aspects of the story, to a technologist they are absolutely amazing. To techies who have some idea of what 2 petabytes of data per hour means, the technology, systems and programming required to make use of even a fraction of that data is interesting.

Not really, given they're undisclosed.

jmcc wrote: »

You seem to be thinking in the classic non-technologist approach to the problem. It isn't a single collection pond or database but potentially thousands (or more). And depending on the collection method, it may be possible to pick out data in near real-time.

I would be surprised if I had a non-technologist's perspective, although my analogies are deliberately non-technical.

jmcc wrote: »

Without knowing precisely what data is being collected, it is not possible to be sure about that.

Knowing the purpose of the data collection tells you rather a lot. Only starting to collect data after you've identified the need and obtained authorisation is of limited value.

jmcc wrote: »

But are they even aware? Or are they more concerned with Coronation Street or Tallafornia?

Regards...jmcc

That's an argument that can equally be applied to virtually anything from endemic corruption to loss of civil liberties to torture, wrongful imprisonment, and even genocide.

cordially,
Scofflaw

jmcc

Scofflaw wrote: »

Not really, given they're undisclosed.

Some of the technical aspects are known and have been written about in the past (Bamford et al). However there are some aspects that are still classified.

I would be surprised if I had a non-technologist's perspective, although my analogies are deliberately non-technical.

A more accessible analogy would be that Boundless Informant is like a cross between a Sky or UPC box guide combined with Google and Wikipedia. Or for the slightly more technical, a kind of Google Analytics interface on steroids with drill down to multiple databases and sources. Big Data and datamining is almost a different world when compared to ordinary databases. The technology churnalists barely understand what is possible with Big Data and most of their stories are just recycled press releases complete with happy-clappy quotes. The reality is far more scary, especially when put to vaguely regulated and potentially nefarious uses. But that's the problem, isn't it? The average person doesn't understand the uses and as long as the technology churnalists keep recycling those press releases, they never will. There will be the odd outraged issues type articles about the excesses of monitoring and the erosion of privacy but this will continue to go on under the radar. (I was almost going to paraphrase Higgins from 'Day Of The Condor').

Knowing the purpose of the data collection tells you rather a lot. Only starting to collect data after you've identified the need and obtained authorisation is of limited value.

Arguing for NSA's position? In intelligence work, as with business, there are two approaches to collection.
1. Collect everything and hope that algorithms will make sense of it all later.
2. Collect specified, clearly defined data and drop the rest.

The 9/11 event changed a lot of things and one of the major changes was the way that it encouraged various agencies to stop stovepiping data and to start sharing. Some of these programmes may have had their genesis in that. A simple analogy would be that these programs create a database of hostile intentions.

That's an argument that can equally be applied to virtually anything from endemic corruption to loss of civil liberties to torture, wrongful imprisonment, and even genocide.

It is a very useful and convenient argument.

Regards...jmcc

KyussBishop

Cody Pomeray wrote: »

No, the potential for any harm is curbed by the constitutional authority affirmed by and amongst US citizens - "we the people...", as they assert in their fundamental law - is the bedrock of their constitution. The Irish Constitution makes the very same affirmation.

It isn't, because the US government increasingly pays no attention whatsoever to the constitution (and are shielding themselves from accountability); the whole problem is that they are gradually eroding rights set down in the constitution.

You don't give government (or any other organization) extreme powers with massive potential for abuse, based on the trust that they will follow or be held accountable by the law (Glenn Greenwalds own book 'With Liberty and Justice for Some', show how this is just not credible, both for government and powerful private interests); the US government has managed to put itself above the law and constitutional limits, in many ways.

As Scofflaw put better, the mere existence of laws doesn't prevent abuse, and doesn't automatically compel prosecution/accountability for breaches of the law.

KyussBishop

Another worthwhile thing to note: Since the data is stored for years, this makes encryption far less effective as it can be cracked over time, because it is becoming increasingly possible to crack more and more encryption algorithms, and as cracking capabilities are upgraded (the NSA even have some form of quantum computers, probably like the D-Wave stuff, that can speed this up for certain things).

Still, encryption is worthwhile for making the job more difficult, and is good for general use; it won't (short of using something like one-time-pads) end the privacy threat though, especially since (as William Binney did good talks on) mapping your communication networks (who you contact and where you go on the net), can be a lot more valuable even than the content. Binney speculated you can even map peoples Tor connections, if the surveillance is wide ranging enough.

It is very difficult to encourage wider use of encryption as well, since there is a learning curve to it, and most people would not be aware of the need for it.

Cody Pomeray

KyussBishop wrote: »

It isn't, because the US government increasingly pays no attention whatsoever to the constitution

Well I would say "decreasingly", the situation has improved since the Obama Presidency. I presume the above is a reference to Guantanamo? If so, the biggest problem of the Bush era was the lack of Federal Jurisdiction of the US Courts over foreign detainees in Guantanamo, and so we cannot really criticise the US courts for that.
There was a renegade Executive operating without any judicial 'check' on their behaviour.

And when the Federal Courts got limited jurisdiction in 2008, they used it admirably to bring Guantanamo into line with habeas corpus.

On the other hand, in relation to PRISM, there has always been that judicial checkpoint that didn't exist for Guantanamo. Edward Snowdon has not raised a criticism with this element of the process, nor with the Federal judges who are mandated to make independent decisions. I don't think anybody is really questioning the judicial oversight - or at least, not with any justification.

And if somebody is suggesting that judicial oversight represents a prima facie cause for concern, I'd question their motivations. Why the sudden opposition to the judiciary we usually expect to remain independent in every other walk of our lives?

You don't give government (or any other organization) extreme powers with massive potential for abuse, based on the trust that they will follow or be held accountable by the law

I haven't read the Glenn Greenwalds book, but clearly we do give our Government extensive powers with massive scope for abuse. We do that right here in Ireland all the time. I mean, just look at the range of powers open to the Gardaí. The Gardaí don't even need a judge to tell them it's acceptable to storm in and search your house, subject you to a strip search and remove you, albeit temporarily, of your human rights. And yet nobody is complaining about this - partially because it's a necessary element of a lawful society.

As Scofflaw put better, the mere existence of laws doesn't prevent abuse, and doesn't automatically compel prosecution/accountability for breaches of the law.

And that's a terrible misunderstanding of what I said, despite my clarifications.

In bringing up the law in relation to search warrants, and in raising the independence of the judiciary in other walks of life, I am trying to demonstrate context, not justification.

The context is that analogous powers exist elsewhere, and for some reason they are not 'sexy' enough, or whatever, to get a look in. Fine - maybe they should be all done away with - but at least we might show some consistency here.

KyussBishop

Since things seem to be getting more obfuscatory/directionless, rather than break the post down, I'm going to tackle one thing:
The analogies you are using are wrong, you are comparing potential police abuses that affect individual people only, to massive government abuses that affect people on a (inter-)national scale; trying to force such a comparison, is creating a straw-man.

There is no possible double standard involved in opposing these new spying capabilities, because the scale of the actions taken and the scale of the potential domestic harm, is far greater than any other powers bestowed on government.

Scofflaw

The issues are proportionality and democratic control. The majority of people accept certain curtailments of privacy or other rights as proportional to the dangers they combat, but only where they do consider them proportional - they do not, for example, allow the Gardai to "storm in and search your house, subject you to a strip search and remove you, albeit temporarily, of your human rights", and I'm not sure why Cody thinks they can.

The majority of people support such powers on the basis that they are democratically controlled and overseen, rather than arbitrary either in design or implementation.

Whether PRISM is proportional and under democratic control is a debate some Irish people seem to be having without apparently taking any notice of the fact that it is very certainly not intended to prevent crimes that affect them, and is not in any sense under their democratic control. PRISM allows US agents to search information obtained about Irish people for reasons relating solely to US interests, as judged by a US court. It is not the case that FISA only allows searches where terrorism or cybercrime is involved, but for any 'valid foreign policy reason'.

From the perspective of anyone outside the US, which is who PRISM affects, there is neither proportionality nor democratic control. People who are not US citizens have no rights under the system, no control over the system, and the system is not there for their benefit. It's frankly bizarre to see it being discussed as if the internal procedures of a foreign power were of any relevance to our control over the process - we have none whatsoever, and a government that doesn't even feel it has to try to get us some.

cordially,
Scofflaw

hatrickpatrick

Well this is a first. Looks like we're in absolute agreement for once, Scoffy

One depressing thing I'd add is that it's not just the Irish public. Look at the polls in America and depending on which one you look at, somewhere between a sizable minority or an actual majority of people seem to be ok with this. Either they've swallowed the paranoia mongering that without living in a police state you'd be in danger of being blown up every time you left your house, or they've swallowed the "if you have nothing to hide..." line.

That thing they're building in the desert in Utah potentially has enough capacity to break into every single password protected database in the world and extract its contents. There's enough storage capacity there to store everything transmitted over the entire internet for one year. That should scare the crap out of people.

To the "nothing to hide, nothing to fear" brigade, of course everyone has something to hide. If not, how about you select the "sent to" column in your email outbox and cut and paste it here for all of us to have a look at? No? Well then the Verizon phone records revelation should scare you. Would you like the government to be able to look into all the Facebook mails you've ever sent, without a warrant? No? Then Prism should scare the pants off you. And according to Greenwald, this is only the tip of the iceberg and he has more explosive NSA documents lined up to publish - a claim which has been backed up by a US senator who was at the classified NSA briefing and emerged from it saying that she was "astounded" by the sheer scale of their dragnetting.

Look at what happened here with Shatter and Wallace. Do you honestly believe that these powers will not be abused? Seriously? Whenever you hear the phrase "endangering national security", your brain should automatically substitute the words "embarrassing government officials" or else "endangering the government's ability to lie to the public". They have become completely synonymous since around the start of the Iraq War. The Abu Ghraib revelations, remember, were said to "potentially do grave damage to national security" - ever since then I don't believe a single word of that BS.

One final thought: To all the people who are saying "sure Google uses your emails to show you ads" and "You trust Facebook with your information" etc etc etc, are there really this many people who don't see the difference between commercial use of private data and political use of it? Honestly I couldn't care less if Facebook wants to use keywords from my mails to show me targeted ads, but as an activist I sure as f*ck don't want the government to be able to look through my private mails for potential blackmail. Is the difference between the two not blindingly obvious?

Scofflaw

hatrickpatrick wrote:

One depressing thing I'd add is that it's not just the Irish public. Look at the polls in America and depending on which one you look at, somewhere between a sizable minority or an actual majority of people seem to be ok with this. Either they've swallowed the paranoia mongering that without living in a police state you'd be in danger of being blown up every time you left your house, or they've swallowed the "if you have nothing to hide..." line.

To be fair, the political calculus on PRISM is very different if you're a US citizen. While there may be some question over how well controlled and overseen it is, you do have the power to vote for change, and, well, at the end of the day, it's your government carrying out espionage on foreigners to protect your country and advance your country's interests - you can see how that might be acceptable or even appealing.

But we are not US citizens. We are the foreigners being spied on.

cordially,
Scofflaw

hatrickpatrick

Scofflaw wrote: »

To be fair, the political calculus on PRISM is very different if you're a US citizen. While there may be some question over how well controlled and overseen it is, you do have the power to vote for change, and, well, at the end of the day, it's your government carrying out espionage on foreigners to protect your country and advance your country's interests - you can see how that might be acceptable or even appealing.

But we are not US citizens. We are the foreigners being spied on.

cordially,
Scofflaw

Sure, and also there's the fact that many Americans seem to believe the "we don't spy on Americans" line despite the fact that the Verizon court order has now blown that allegation out of the water.

Have you ever heard of this, incidentally?
http://en.wikipedia.org/wiki/Room_641A

Room 641A


Room 641A is located in the SBC Communications building at 611 Folsom Street, San Francisco, three floors of which were occupied by AT&T before SBC purchased AT&T.[1] The room was referred to in internal AT&T documents as the SG3 [Study Group 3] Secure Room. It is fed by fiber optic lines from beam splitters installed in fiber optic trunks carrying Internet backbone traffic[3] and, as analyzed by J. Scott Marcus, a former CTO for GTE and a former adviser to the FCC, who has access to all Internet traffic that passes through the building, and therefore "the capability to enable surveillance and analysis of internet content on a massive scale, including both overseas and purely domestic traffic."[4] Former director of the NSA’s World Geopolitical and Military Analysis Reporting Group, William Binney, has estimated that 10 to 20 such facilities have been installed throughout the United States.[2]
The room measures about 24 by 48 feet (7.3 by 15 m) and contains several racks of equipment, including a Narus STA 6400, a device designed to intercept and analyze Internet communications at very high speeds.[1]

Size and capacity of the Utah Data Centre starting to make more sense yet? :eek:

Cody Pomeray

KyussBishop wrote: »

Since things seem to be getting more obfuscatory/directionless, rather than break the post down, I'm going to tackle one thing:
The analogies you are using are wrong, you are comparing potential police abuses that affect individual people only, to massive government abuses that affect people on a (inter-)national scale;

No you're confusing two elements of PRISM.

This is the essence of the problem.

The first element is the nature of "blind" observation, or the reporting of suspicious activities. The second element is what they call "targeting".

According to Snowdon, and as apparently confirmed by Eric Holder, the first element involves data bring brought directly to the authorities' attention by the likes of Google and Facebook (reporting), OR else it involves data being brought up by machines that identify any 'pool of baddies' demographic, using identifier words or sequences ("blind" observations).

That first element is not the same part as I am suggesting is analogous to a search warrant. However, it is the element that is analogous to everyday policing.

The police, in the normal course of their duties, respond to reporting, and also make substantively similar "blind" observations. They indiscriminately investigate suspicions patterns of behaviour that emerges from the chaff of human interaction.

I have already said two things I want to clarify. Firstly, I completely agree that the identifiers should be made clear - identifying for nuclear secrets is acceptable, identifying for the purposes of infringing human rights without a lawful excuse is not. Secondly, because there has already been some confusion, that these points only relate to placing the matter in the context of regular policing, not that these points are in themselves intended as a justification.

However, it may be that if these undertakings are generally analogous to normal policing, that those who are proposing an abuse of process might be the ones who need to show some reasonable grounds for believing in abuse of process. The fact that the mere potential for an abuse of process exists is undoubted - but this exists in all forms of policing. It is interesting that Snowdon himself is not proposing that there is active abuse.

Scofflaw

Cody Pomeray wrote:

However, it may be that if these undertakings are generally analogous to normal policing, that those who are proposing an abuse of process might be the ones who need to show some reasonable grounds for believing in abuse of process. The fact that the mere potential for an abuse of process exists is undoubted - but this exists in all forms of policing. It is interesting that Snowdon himself is not proposing that there is active abuse.

This is exactly the kind of thing I meant with respect to the discussion. It's totally irrelevant to an Irish citizen whether there's "abuse of process" - that's a discussion for US citizens. Nothing that PRISM does is for the benefit of non-US citizens, and it is not an abuse of the known process for them to spy on non-US citizens in order to advance any US foreign policy goal.

Arguing about it as if it were in any sense equivalent to domestic policing misses the point by positively astronomical distances. It is espionage by a foreign power from which no benefits are intended to Irish citizens, and under which Irish citizens have no rights whatsoever.

cordially,
Scofflaw

KyussBishop

Cody Pomeray wrote: »

No you're confusing two elements of PRISM.

This is the essence of the problem.

The first element is the nature of "blind" observation, or the reporting of suspicious activities. The second element is what they call "targeting".

According to Snowdon, and as apparently confirmed by Eric Holder, the first element involves data bring brought directly to the authorities' attention by the likes of Google and Facebook (reporting), OR else it involves data being brought up by machines that identify any 'pool of baddies' demographic, using identifier words or sequences ("blind" observations).

That first element is not the same part as I am suggesting is analogous to a search warrant. However, it is the element that is analogous to everyday policing.

The police, in the normal course of their duties, respond to reporting, and also make substantively similar "blind" observations. They indiscriminately investigate suspicions patterns of behaviour that emerges from the chaff of human interaction.

I have already said two things I want to clarify. Firstly, I completely agree that the identifiers should be made clear - identifying for nuclear secrets is acceptable, identifying for the purposes of infringing human rights without a lawful excuse is not. Secondly, because there has already been some confusion, that these points only relate to placing the matter in the context of regular policing, not that these points are in themselves intended as a justification.

However, it may be that if these undertakings are generally analogous to normal policing, that those who are proposing an abuse of process might be the ones who need to show some reasonable grounds for believing in abuse of process. The fact that the mere potential for an abuse of process exists is undoubted - but this exists in all forms of policing. It is interesting that Snowdon himself is not proposing that there is active abuse.

This is devolving into ever more of a nitpicking/semantic/obfuscatory discussion. The analogy you're trying to make, which your entire argument depends on, is wrong (and you're totally misrepresenting how PRISM works, in order to try and make the analogy fit); restating it in an obfuscatory way, in different words, doesn't make it less so.

I'm not going to continue rebutting repeated variations of the same basic fallacious analogy; especially when (as Scofflaw pointed out), the program is unjustifiable from the perspective of non-US citizens, regardless of how it can be viewed domestically.

Permabear

This post has been deleted.

Cody Pomeray

KyussBishop wrote: »

This is devolving into ever more of a nitpicking/semantic/obfuscatory discussion. The analogy you're trying to make, which your entire argument depends on, is wrong (and you're totally misrepresenting how PRISM works, in order to try and make the analogy fit); restating it in an obfuscatory way, in different words, doesn't make it less so.

I'm not going to continue rebutting repeated variations of the same basic fallacious analogy; especially when (as Scofflaw pointed out), the program is unjustifiable from the perspective of non-US citizens, regardless of how it can be viewed domestically.

The point of the analogies is simply to illustrate the extent to which great powers are already available to law enforcement agencies both here in Ireland and in the USA, and to place PRISM in its proper context.

You suggest we have a particular cause for concern, who are outside of US territory or who are not US citizens. On a related point, similar powers exist - and have been employed - in Ireland, and require considerably less oversight. Where PRISM is overseen by eleven Federal Judges, our own telecommunications interceptions (if any) are only overseen by one High Court Judge who writes to the Dáil every year with his 'review'. Our single designated Judge is not requested to authorize individual targeting such as happens with PRISM. Irish interceptions are the grant of the Minister for Justice.

The media of all people are aware of the Irish interceptions set-up. Nobody is remotely interested in it. Why? Because it's not a headline grabber, it doesn't sound like a Hollywood movie.

Again, I find it necessary to point out that the above is not a justification for PRISM.

On the other hand, it does seem to undermine the integrity of the 'concerns' about the 'potential for abuse' in respect of PRISM. I find it a little hard to take seriously.

Permabear

This post has been deleted.

Cody Pomeray

Permabear wrote: »

This post had been deleted.

I am relating the context from an Irish citizen's perspective, not from a citizen of the world's perspective.

Permabear

This post has been deleted.

Cody Pomeray

Permabear wrote: »

This post had been deleted.

Yes, I have heard of this thing called The Internet, I am not suggesting international telecommunications 'surveillance' does not apply to Irish people.

This particular point is that it's a little odd to get outraged at the "potential for abuse" argument in a US context, when the system of Irish interceptions - with considerably less oversight - have been common knowledge to Irish people for 20 years and more, and nobody in Ireland has been remotely interested in it.

People are very susceptible to media sensationalism. If they would take a step back and examine this issue by balancing it against other police and Executive powers, they might be considerably less incensed. It might also lead on to a more healthy debate about balancing the needs of the individual and the State, rather than this short term reactionaryism which will have blown over next week.

Scofflaw

Cody Pomeray wrote: »

Yes, I have heard of this thing called The Internet, I am not suggesting international telecommunications 'surveillance' does not apply to Irish people.

This particular point is that it's a little odd to get outraged at the "potential for abuse" argument in a US context, when the system of Irish interceptions - with considerably less oversight - have been common knowledge to Irish people for 20 years and more, and nobody in Ireland has been remotely interested in it.

People are very susceptible to media sensationalism. If they would take a step back and examine this issue by balancing it against other police and Executive powers, they might be considerably less incensed. It might also lead on to a more healthy debate about balancing the needs of the individual and the State, rather than this short term reactionaryism which will have blown over next week.

Your contention is that people who are concerned are concerned only because it's "a story"? Really? We're only finding it exciting because it's the US, and not for any of the reasons we've actually cited?

Do you honestly believe that?

cordially,
Scofflaw