Schneier on Security
A blog covering security and security technology.
« Chinese Cyber Attacks |
| Unbreakable Fighting Umbrellas »
July 14, 2008
Daniel Solove on the New FISA Law
From his blog:
Future presidents can learn a lot from all this -- do exactly what the Bush Administration did! If the law holds you back, don't first go to Congress and try to work something out. Secretly violate that law, and then when you get caught, staunchly demand that Congress change the law to your liking and then immunize any company that might have illegally cooperated with you. That's the lesson. You spit in Congress's face, and they'll give you what you want.
The past eight years have witnessed a dramatic expansion of Executive Branch power, with a rather anemic push-back from the Legislative and Judicial Branches. We have extensive surveillance on a mass scale by agencies with hardly any public scrutiny, operating mostly in secret, with very limited judicial oversight, and also with very minimal legislative oversight. Most citizens know little about what is going on, and it will be difficult for them to find out, since everything is kept so secret. Secrecy and accountability rarely go well together. The telecomm lawsuits were at least one way that citizens could demand some information and accountability, but now that avenue appears to be shut down significantly with the retroactive immunity grant. There appear to be fewer ways for the individual citizen or citizen advocacy groups to ensure accountability of the government in the context of national security.
That's the direction we're heading in -- more surveillance, more systemic government monitoring and data mining, and minimal oversight and accountability -- with most of the oversight being very general, not particularly rigorous, and nearly always secret -- and with the public being almost completely shut out of the process. But don't worry, you shouldn't get too upset about all this. You probably won't know much about it. They'll keep the dirty details from you, because what you don't know can't hurt you.
Posted on July 14, 2008 at 12:08 PM
• 30 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
But at least Barack Obama will be president!!!!!
Yay for us*!!!!
*I am not one of us.
Sorry to hijack your blog with this rather large comment, Bruce. However, I hope other readers do likewise.
My letter to the Honorable Mike Rogers of the 8th District of Michigan:
I noted in the roll call log http://clerk.house.gov/evs/2008/roll437.xml) that you voted in favor of passage of HR 6304, FISA Amendments Act of 2008. I was deeply disappointed to find that my representative voted for a bill that would do the opposite of supporting the Constitution and our rights as citizens. When you took your oath of office, you swore to uphold and defend the Constitution of The United States. How can you do this and in good conscious keep your oath? I understand it's something the Democratic leadership "compromised" on. How can you, regardless of party, compromise on our civil liberties and our constitution? Your honor, I promise you, this is one vote I will not forget come time to elect my House Representative.
I was encouraged; however, that both of this Great State's Senators consistently voted to defeat this bill in their chamber.
I also noticed on this page, in the drop down list for topics of emails, Civil Liberties is not listed. Animal Rights are listed, but civil liberties aren't even important enough to make them an option in the drop down list on your email page? In the future, your honor, I pray thee give more heed to matters of OUR civil liberties.
An active voter of the 8th Congressional District of Michigan.
we just need to have millions of computers and cell phones to start sending emails/text messages full of keywords that will ping the govt's spy software(or computers or how ever the heck they are doing this lovely spy stuff.) You know millions of emails with the word "bomb" or "gas" -or even fake pre-recorded phone conversations. Cant do much spying on the public when trying to sort though that kind of data volume. Almost a DOS.
As a former telecom IT guy, I'm upset at the constant assumption that the telecoms could have done something different. I'm also a little amused at the idea that a lawsuit against the companies will accomplish anything.
The Justice department has spent the last twenty years putting the fear of themselves into the telcos. They set up high level coordination, but it quickly moves down to the lower level - where there's someone at each telco who's responsible for responding to Justice requests as soon as possible. These requests usually involve starting work on something the second you're asked, then giving status hourly and explaining why it's not done yet. That contact isn't usually a lawyer, and if they do anything other than working 24x7 until the information request is answered, they're probably looking for another job. Justice has taught the telcos that if they don't act this way, they'll end up suffering for it in some other way. Sure, the telcos shouldn't roll over, and customers shouldn't board planes when their gel shoe inserts are confiscated, etc. It's always really nice if someone else is willing to stand up for you.
Meanwhile, if a series of lawsuits hit each of the major carriers, what do people think will happen? One, they'll have a sudden cost - which will either reduce their profits (so they pay less taxes), or they'll pass it on to customers. Two, they'll fire the people who made the decisions, but for the most part, they're already gone. The last few years haven't been kind to telcos.
Sure, "let's sue them" sounds like a good rallying cry, but it's just as likely to be helpful as "take off your shoes!"
The crisis of the political system is not primarily one of the president. The constitution was designed to deal with bad apples in office. The fundamental failure is congress. They have to oversee the executive branch and in that they failed in a vastly more spectacular way than the president failed in his job to protect the country and further the interest of the people.
The Honorable Mike Rogers is working in a corrupted congress. Representatives are financed by the very industry they immunized. (http://www.maplight.org/FISA_June08).
Mr. Rogers himself doesn't seem to be on that list.
I'm not sure if his bribe-less attack on the constitution makes him better or worse than the bought-and-paid-for guys.
Thanks for the template. I changed "conscious" to "conscience" and sent it almost verbatim to my Representative. Both of Washington's Senators voted to defeat this as well, so I was able to leave that portion intact. :)
> I'm upset at the constant assumption
> that the telecoms could have done
> something different.
Then Qwest's actions must really tick you off. (http://www.nytimes.com/2006/05/12/washington/12cnd-phone.html)
The point of suing the telcos is to force them to give up any documentation that was traded between the executive branch and themselves.
It won't change anything, but the discovery might help as far as adding to the list of crimes the executive branch has been involved in.
As it is, we are being told, once again, "trust us, we know what we are doing."
"Privacy on the Line" by Whitfield Diffie and Susan Landau addresses some of the behind-the-scenes issues - like the FBI's Carnivore program ... which was drawing public criticism and Congressional skepticism ... then *bam* 9/11 hits, and PATRIOT clears the way for packet sniffing.
"Cant do much spying on the public when trying to sort though that kind of data volume. Almost a DOS."
You're right about the DOS.
But this would seem to be less about efficiency and more about an infrastructure of control and fear.
Hey, Hey Danial someone got it right!
Congress has not done anything in the same time frame either, with the exception of noise, they still vote the same way.
Say what you want, the Executive Branch is taking full advantage of the opportunity. They knew it was warrentless, but like the rest of us waiting on a governmental office is not part of the plan. FISA Court? Where did that branch of court even come from?
""Privacy on the Line" by Whitfield Diffie and Susan Landau addresses some of the behind-the-scenes issues - like the FBI's Carnivore program ... which was drawing public criticism and Congressional skepticism ... then *bam* 9/11 hits, and PATRIOT clears the way for packet sniffing."
From Wikipedia - "Carnivore was implemented during the Clinton administration with the approval of Attorney General Janet Reno. U.S. government officials have neither confirmed nor denied much about the physical or logical workings of Carnivore, but there are some facts that are generally agreed upon...."
Maybe a President Obama will reinstate an updated Carnivore-like program in the name of discovering "hate crimes" or something like that.
Phillip, you have the right idea. If enough people complain, they'll have to take notice even if the individual letters don't have large checks attached.
Unfortunately, this approach won't work for me. I live in a gerrymandered district where the Republican incumbent faces only pro-forma opposition every two years. His staffers are probably under orders to submit any letters critical of the Bush administration to the appropriate agencies for inclusion on warrentless wiretapping and no-fly lists.
It's naive to think the government didn't spy on people illegally before all this. They did. They would just get their cases thrown out of court if they were caught in the old days.
It's also naive to think a Democrat administration isn't going to do the same thing. A lot of these egregious anti-terrorist laws started under Clinton.
As a telecomm type myself, I must disagree with Gawaine. When news of the records releases started coming out, I and other telecomm people of my acquaintance, with various companies, all reacted pretty much the same way: "WTF?! You can't do that without a warrant!"
While working at a Mid-West telco, I was one of the people that a records request would first reach. We were specifically trained to never release so much as a single CDR until a valid warrant was confirmed. Improperly releasing any records would (and in one case of stupidity, _did_) result in immediate termination.
My, how times change. I guess I'm going to be fired now when I demand to see a warrant.
I've heard the idea of the DHS/FBI/CIA/etc. DOS campaign on numerous blogs, and I think it is a good one. Firefox managed to reach at least 8 million people in little over a month with social networking alone, so I think this would be the perfect way to advertise the campaign.
So, who is going to head it up? Are you up for it, Mr. Schneier?
We have such a culture of expediency, and nobody looks at the long term.
Punishment is almost always worthwhile, even when it doesn't correct the wrong. It's worthwhile because it gives an example for the future. If you show that such egregious lawbreaking will be punished, then you'll discourage it from happening in the future. Conversely, if you show that it will be overlooked and pardoned, then you just guarantee that the next time a company is presented with an illegal request from the executive, they'll just roll over.
"That's the lesson. You spit in Congress's face, and they'll give you what you want."
Not just one lesson;
you have summed up, it seems,
the life of W.
That idea is one of the foundations of Cory Doctorow's excellent book, Little Brother. It's aimed at teenagers but its quite readable and enjoyable for adults too. It's a "cautionary tale" in the vein of 1984, and I highly recommend it.
It's available under Creative Commons license so that you can read it online for free here:
Might be a good time to bring up the old Bush "crony capitalism" story again.
The perspective of these folks (doing the spitting) is that they are shrewd businessmen and others' should look up to them; they believe everyone will somehow benefit when they hack the system for fun and profit.
"The point in President Bush's business career where he took outrageous shortcuts was not at Harken Energy, but rather when he was grabbing land for a new baseball stadium in Arlington for his Texas Rangers baseball team.
Mr. Bush broke no laws. Neither do the overwhelming majority of corporate executives. The cloud over the business world comes not so much from law-breaking as from avaricious bruising of the public interest.
The challenge is not catching criminals but injecting public scrutiny into a culture of cronyism in which executives, accountants, regulators and 'independent' board members all ooze empathy for each other."
The new FISA law was a predictable disaster, as explained here in 2006:
"[A presidential historian and professor emeritus at Dartmouth University] has spent years studying presidents like Johnson and Nixon, who were reviled in office and revered in retrospect, but when he looks at the trajectory of Bush's agenda, he sees little hope that the 43rd President of the United States will ever be redeemed. 'We are now deep into the wadi, and the majority of his term has been put in place, and what great achievements can he point to?' he asks. 'He's alienated so many peoples around the world. The war in Iraq is turning out to be something of a nightmare, perhaps the biggest foreign policy blunder since Vietnam. Historians will point to imperial overreach in terms of domestic spying. They will complain about him being anti-intellectual and far too evangelical. But ultimately it all comes back to Iraq. And if it continues to go as badly as it's going, he's in serious trouble.'"
Or as the NYT opinion piece predicted, Bush presented the American public "...a sordid tale of cronyism, of misuse of power, of cozy backroom money-grubbing -- a more pressing threat to American business than outright criminality."
First I hear that Doctorow wrote "I, Robot", as though we needed an update to Asimov's original "I, Robot" and now you say "Little Brother" was "in the vein" of "Big Brother" from Orwell's 1984?
Are these supposed to be replacements or like Cliff's Notes to the classics? I mean has Doctorow also written a book called "Lord of the Flies" or maybe even "The Tale of Two Cities" that not only share a title/term but also are ironically "in the vein" of the original author's intent?
"There appear to be fewer ways for the individual citizen or citizen advocacy groups to ensure accountability of the government in the context of national security."
Try this: Uses the Freedom of Information Act to acquire data and trends information on the enforcement activities of the federal government including the FBI, IRS, ...
Besides the Executive branch, the FBI has used the court system to change the law. In the late 90's, the FBI developed a key logger to capture passwords on a computer. Their test case was mob boss Nicodemo Scarfo, Jr. in New Jersey. The FBI collected data of wrong doing on the encrypted disks with the keylogger. Then, in a court case, the jury was presented with two scenarios:
a.) convict the mob boss thus approving keylogging for future cases.
b.) let the mob boss go free and disallowing keyloggers.
Many people without technical or privacy concerns would not allow a mobster to go free and convict him.
Thus the law is written by the courts.
Here are citations:
in google "fbi keylogger scarfo"
Federal Bureau of Investigation
The FBI used a keystroke logger to obtain the PGP passphrase of Nicodemo Scarfo, Jr., son of mob boss Nicodemo Scarfo. Scarfo Jr. pleaded guilty to running an illegal gambling operation in 2002. The FBI has also reportedly developed a trojan-horse-delivered keylogger program known as Magic Lantern.
F.B.I. Use of New Technology to Gather Evidence Challenged
By JOHN SCHWARTZ
Published: July 30, 2001
Nicodemo S. Scarfo Jr. might seem an unlikely champion of civil liberties in the high-tech age. Mr. Scarfo, the son of the jailed mob boss ''Little Nicky'' Scarfo, has been awaiting trial on charges of running gambling and loan sharking operations for the Gambino crime family.
But like so many businessmen today, Mr. Scarfo kept his data on his personal computer; and like many other businessmen, he encrypted the sensitive stuff to protect it from prying eyes.
Today, a federal judge in Newark will hear defense motions to throw out evidence gathered by a controversial new law enforcement technology: a system that recorded every keystroke typed on Mr. Scarfo's computer, including the password that investigators used to unscramble Mr. Scarfo's files. That wrinkle in the case makes the United States v. Scarfo the latest battleground in a growing struggle to determine the proper balance between the government's ability to conduct surveillance and a citizen's right to privacy.
The Scarfo case comes at a time of rising concern about the government's power to snoop. In other cases, the Federal Bureau of Investigation's use of an Internet wiretap system initially known as Carnivore ignited opposition from privacy advocates and a number of Republican lawmakers, who said the technology sampled the communications of many customers of an Internet provider, not just the suspects. Similarly, public uproar accompanied the announcement that Tampa had installed surveillance cameras with facial recognition technology to spot criminal suspects in the city's Ybor entertainment district.
May be they should learn a different lesson.
Get the country bombed/attacked citizen's killed and economy destroyed.
Once that happens; create large prison camps and throw all the "foreigners" there.
I am sick of these political wise-assess . .. actually asses and Bruce's indulgence on the wrong side of arguments.
Pray tell what the F*****K is the solution to nut jobs who want to kill you .. there is none. This kind of argumentation and analysis has ZERO value.,
"the solution to nut jobs who want to kill you .. there is none"
Wow, you almost understood it. And the likelihood that it will hit you personally is essentially zero. But you are willing to give up your freedom for an only perceived security, how courageous and awe-inspiring. "Land of the free and the home of the brave". You can't have one without the other.
The U.S. managed to kill considerably more people than were killed during 9/11. Do you really think that this increased the security of Americans? Everyday you accept much higher risks by just going about your daily business (for example driving) without even thinking about it. But once the magic word 'terrorism' is uttered, all principles go out the window, torture, no problem, illegal spying on Americans, well, if it needs to be done, the rule of law, such a nuisance! Either one has principles or one has not, and you, Sir, clearly have none.
You might want to think about what James Madison, one of the founding fathers of the U.S., once said:
"If Tyranny and Oppression come to this land, it will be in the guise of fighting a foreign enemy. "
Ops! Sorry for the double post.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..