Schneier on Security
A blog covering security and security technology.
« Microsoft Calls for National Privacy Law |
| Howard Schmidt on Software Vulnerabilities »
November 7, 2005
The FBI is Spying on Us
The Washington Post reports that the FBI has been obtaining and reviewing records of ordinary Americans in the name of the war on terror through the use of national security letters that gag the recipients.
Merritt's entire post is worth reading.
The ACLU has been actively litigating the legality of the National Security Letters. Their latest press release is here.
Also, the ACLU is less critical than I am of activity taking place in Congress now where conferees of the Senate and House are working out a compromise version of Patriot Act extension legislation that will resolve differences in versions passed by each in the last Congress. The ACLU reports that the Senate version contains some modest improvements respecting your privacy rights while the House version contains further intrusions. There is still time to contact the conferees. The ACLU provides more information and a sample letter here.
History shows that once new power is granted to the government, it rarely gives it back. Even if you wouldn't recognize a terrorist if he were standing in front of you, let alone consort with one, now is the time to raise your voice.
EDITED TO ADD: Here's a good personal story of someone's FBI file.
EDITED TO ADD: Several people have written to tell me that the CapitolHillBlue website, above, is not reliable. I don't know one way or the other, but consider yourself warned.
Posted on November 7, 2005 at 3:13 PM
• 22 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
"now is the time to raise your voice"
to ensure the person behind the voice is included in whatever documentation?
Wow, great idea! :P
Some quotes for you:-
"All that is necessary for the triumph of evil is that good men do nothing." - Edmund Burke
"The people can always be brought to the bidding of the leaders. That is easy. All you have to do is tell them they are being attacked and denounce the pacifists for lack of patriotism and exposing the country to danger. It works the same way in any country." - Herrman Goering
"To those who scare peace-loving people with phantoms of lost liberty, my message is this: Your tactics only aid terrorists, for they erode our national unity and diminish our resolve." - John Ashcroft
Must I? I must...
So I'll say it again.
"Those who would give up liberty for a little temporary safety deserve neither liberty nor safety, and will lose both." -
"The Washington Post reports..."
Consider the source. Then discard at will.
The issue of surveillance itself is troubling, but it just gets worse when you factor in how the data is managed.
From the top ten list of police database abuses (http://www.g4tv.com/techtvvault/features/38190/Top_10_List_of_Police_Database_Abuses.html):
+ Rookie Cop Checks on 'Potential Girlfriends': 6,900 Database Searches in Only Two Months
+ FBI Files Sold to Mob and International Criminals by Nevada Attorney General's Office Employee and Former FBI Agent
+ Political Candidates Probed by Police Chief
And so on...
From another perspective, data integrity checks do not always happen even for people the state is supposed to be keeping a watchful eye on, like prisoners:
"A flaw in computer programming caused State jails to release 8 prisoners anywhere from 39-161 days early, prisoners who were doing time for everything from embezzlement and drugs to bad check writing…A followup study by the Department of Corrections found 15 more prisoners who were either let out early or late."
@ James B. Duke
"Consider the source."
Always a good idea. In this case, the source seems to have impressive credentials:
Barton "Gellman graduated summa cum laude from the Woodrow Wilson School at Princeton University and earned a masters degree in politics at University College, Oxford, as a Rhodes Scholar. He is author of Contending with Kennan: Toward a Philosophy of American Power, a study of the post-World War II 'containment' doctrine and its architect, George F. Kennan"
I also noticed "He shared the Pulitzer Prize for national reporting in 2002 and has been a jury-nominated finalist (for individual and team entries) three times."
Can you clarify on your suggestion to "discard at will"?
Here's an ethical dilemma -> electronic data here at (insert university name) is owned by the school. I'm not an agent of the school, I can't sign contracts or engage in any other legal activity on behalf of the school.
Let's say two guys in suits present me with one of these letters (not outside the realm of possibility, given the number of foreign students here) and ask me to turn over files such as browser caches, etc.
Assuming I open the envelope without first insisting to speak to the legal department, do I have the legal right to provide this information? I have access to it, certainly, but it's clear by policy that the information belongs to the school, and I'm not an authorized agent.
I imagine I could certainly be fired for passing anything along without discussing it with the legal department, which would be disallowed by the non disclosure premise of the document. Could I be sued for violating the school's intellectual property?
"In this case, the source seems to have impressive credentials"
Well, actually I think a news story is in pretty poor shape if you have to judge it solely on your impressions of the author's credibility. Having said that, I don't know how Gellman is considered by his journalistic peers (not a group I hold in very high regard these days), but I seem to recall that in IT security he is mainly remembered as the fellow who helped publicise Clarke's "Digital Pearl Harbor" stuff with some massively over-hyped and poorly researched stories on "cyber-terrorism".
The text of the post seems to be missing a </blockquote> tag, which is disturbing the layout of the following posts on the front page.
A blockquote tag in the post needs closing.
Please fix the broken BLOCKQUOTE tag
Or can I call you Rogerd? :)
"I think a news story is in pretty poor shape if you have to judge it solely on your impressions of the author's credibility"
Agreed, and vice versa.
"I seem to recall that in IT security he is mainly remembered as the fellow who helped publicise Clarke's 'Digital Pearl Harbor'"
Ta, hadn't realized the connection. I was just reading some of his articles on politics and they seem quite good to me. Perhaps you're right and it's a stretch for him to delve into the murky risk map of cyber-security, but the politics of surveillance definitely seems right up his alley of expertise. His Pulitzer was for post-9/11 coverage, and his nominations were for covering the hunt for WMD in Iraq. I also noted an interesting story he subtitled "Inexperienced Personnel Cited As a Risk to Espionage Work":
Overall, I agree with Bruce that the TalkLeft entry is a good read, and I was just curious what evidence there was to dismiss the message outright.
talkleft? why not just go for the gusto and post links from zmag, dailykos, or moveon.org.
with your due process gone now, to protect your privacy you must learn to think like a terrorist. use cash whenever possible, keep a low profile, make sensitive calls on a prepaid (with cash) cellphone, et cetera. going to las vegas, consider camping outside the city instead of a hotel room. driving is still way more private than flying. the most disturbing part of the washington post feature for me was the executive order bush recently signed allowing info gathered under nsl's to be distributed to "appropriate private sector entities." the corporate oligarchy has effectively negated the crucial distinction between public and private.
talkleft or talkright,or even talkrepublican. It doesn't matter!
What matters is our liberty.
Sorry, but I am glad I don't live in United states. Really.
@ Chris W
Interesting link. I found another article on the same site that seems relevant:
"...the Bush Administration has compiled dossiers on more than 10,000 Americans it considers political enemies and uses those files to wage war on those who disagree with its policies. [...] Rove started the list while Bush served as governor of Texas, compiling information on various political enemies in the state and leaking damaging information on opponents to friends in the press. The list grew during Bush's first run for President in 2000 but the names multiplied rapidly after the terrorist attacks of 2001 and passage of the USA Patriot Act. Using the powers under the act, Rove expanded the list to more than 10,000 names, utilizing the FBI's 'national security letters' to gather private and intimate details on American citizens. [...] 'We're talking about Big Brother at its most extreme,' says one White House staffer. 'We know things about people that their spouses don't know and, if it becomes politically expedient, we will make sure the rest of the world knows.'"
Prepaid cell phones aren't going to help much unless you are very careful how you use them. If you call just a few people you know, it will probably provide enough information for the FBI to figure out who you are.
You would probably need to have a separate prepaid phone for each person you wanted to call. You would want to have them totally turned off when not making calls. And you probably wouldn't want to use two of them from the same location, especially close in time.
Back in ancient times, when Nixon's 'Enemies List' came to light, the nation was ashamed.
Now the people are proud to have institutionalized that phenomenon, along with dirty wars, torture, 'rendition' to American gulags, and contempt for the Bill of Rights.
The country I was born in is among 'los desaparecidos'.
Hey everyone, look on the bright side. We are all probably in the database now because we read this site and post our views. Of which, most of us have “written and promoted opinions that are contrary to the government of the United States of America.��?
Have a good day!
"Or can I call you Rogerd? :)"
I first I thought you meant Roger daemon 8^). But no, I'm not rogerd.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.