Yahoo Scanned Everyone's E-mails for the NSA

News here and here.

Other companies have been quick to deny that they did the same thing, but I generally don't believe those carefully worded statements about what they have and haven't done. We do know that the NSA uses bribery, coercion, threat, legal compulsion, and outright theft to get what they want. We just don't know which one they use in which case.

EDITED TO ADD (10/7): More news. This and this, too.

EDITED TO ADD (10/17): A related story.

Posted on October 6, 2016 at 1:58 PM • 72 Comments

Comments

DanielOctober 6, 2016 2:15 PM

An interesting aspect to this case is that Yahoo! adapted the infrastructure they had already built in order to "voluntarily" scan email for child pornography. This is definitely a case where if the tech company builds it for one purpose, they don't have any meaningful argument against using it for an altogether different purpose when the federal government comes calling. I wonder to what extent this will cause tech companies to reflect more carefully on the systems they build before they build them. Maybe not. But it could be a case of the NSA winning a battle but losing the war.

I. M. DoubtfulOctober 6, 2016 3:42 PM

Yahoo strong arms users for personal data, soon afterwards they get hacked up the kazoo (2014), then NSA/FBI opens a secret tap (2015) then Verizon which is practically a government agency itself decides to buy Yahoo (2016) for a seemingly overly high price.

I sincerely doubt these are coincidental events. I figure it's all part of the perennial "war on (blank)" and thus a secret which will never be revealed in full.

Would our own government steal a database justified by the permanent war mission?

PubliusOctober 6, 2016 3:49 PM

Coupla things:

1) Up till that time it may be that Yahoo was not live monitoring emails and that the surveillance people weren't either. It's possible that Yahoo email was less watched than others.

2) If they did this for Yahoo it's pretty safe to assume that they did it for the others, unless they already had it. The denials can probably be safely ignored BUT it is interesting to analyse what form of lying is being used.

3) There are calls to kill Yahoo email accounts. The people saying this may have missed the point. All "free" email is paid for in some way and some providers admit that they look at every email sent AND received. It's entirely possible that by killing your Yahoo account you fall back on a more highly surveilled account!

Just Passin' ThruOctober 6, 2016 4:14 PM

The implication is that the target(s) were using encryption, which was too difficult to crack (on the assumedly massive quantity of encrypted emails that yahoo receives everyday) by just monitoring the trunk lines going into yahoo servers.

Alternatively, if the NSA can do such massive decryptions, they're not sharing with the FBI, DIA, or whomever.

I think the 1st option is more likely.

Rolf WeberOctober 6, 2016 4:25 PM

The media reports so far are contradictory and faulty (just like the Snowden reporting). So we just have to wait for some reliable and plausible informations. Currently everything is pure speculation.

rOctober 6, 2016 4:59 PM

@Rolf,

Would it be speculation to say that you have an RSS feed under the scutiny of a python bot and push notification?

rOctober 6, 2016 5:06 PM

@Rolf,

There's, and this is actually quite funny: there is actually a solution to the media getting all their information wrong do you know what it is?

Transparency.

If all one has is half truths there is plenty of room for conclusions and smeared paint.

Clive RobinsonOctober 6, 2016 5:09 PM

@ Bruce,

We do know that the NSA uses bribery, coercion, threat, legal compulsion, and outright theft to get what they want.

Nice to see you characterize their limitations ;-)

@ Sancho_P,

@Grauhut: Rolf Weber!

Many a word spoken in jest, can become 20-20 foresight ;-)

And just like "speaking the devils name" is reckoned to bring you the devil's attention Rolf duly appeared when you mentioned his name B-)

Can anyone remember the banishment incantations usually reserved for Poltergeist? :-D

TodesspiraleOctober 6, 2016 5:41 PM

Suborning Yahoo is one more sign of NSA's insider-threat panic, which just scared up a new witch to hunt in Hal Martin. The suffocating paranoia will drive more talent away until NSA can't steam an envelope open. Poor Hal is the Richard Jewell of this episode of mass hysteria.

Sancho_POctober 6, 2016 5:54 PM

When I read Mr. Rogers interview I think I trust this guy.
He really strives to understand, but simply can’t.
Certainly someone close to him has tried to explain, but to no avail.
Then Mr. R starts to confuse several items and is completely off the track.
He’s still trying to work his way through but won’t find back to reality.
- It needs someone else to discuss.

JRROctober 6, 2016 8:59 PM

Meh, Yahoo is absolutely the worst large email provider. Anyone still using them is I assume technologically challenged.
I'm not surprised at anything to do with their email system.

Rolf WeberOctober 7, 2016 1:26 AM

@r

I agree with you on transparency and hope the USG will soon explain what actually happened and what the legal authorities are.

But until then, everything is pure speculation. It is absolutely possible that the media reports are largely wrong. At least since the terrible Snowden reporting you can't rule out a complete media failure.

65535October 7, 2016 1:39 AM

I agree with Bruce and Clive. If you are located in US Jurisdiction you are a target of surveillance.

As Clive accurately notes:

"@ Bruce,

“We do know that the NSA uses bribery, coercion, threat, legal compulsion, and outright theft to get what they want.

‘Nice to see you characterize their limitations ;-)’”

The extent of NSA arm twisting goes beyond our boarder to the Five Eyes Countries and probably most of South America. Bribery, coercion, threat, legal compulsion and theft certainly extend the NSA/CIA/FBI/DEA grip on people.

The long term effect could be quite negative. People may finally wake to find there USA head quartered, phone, email, chat, banking and medical records have been thoroughly searched. This could cause a flight to other digital service providers that are out of reach of the NSA.

The only thing going for USA based companies is some western’s still view the USA as the lesser of multiple evils.

But, should the USA prove to have moved up in the chain of corrupt evil countries one could certainly expect to see a huge flight of business capital to less or non-surveillance focused countries and their digital communication providers. The financial impact could be enormous.

Worse, the NSA/CIA/FBI/DEA seem to be raking its own citizen over the hot surveillance coals while providing no real help to battle credit card skimming, DDoS attacks on Americans and other financial crimes - not to mention losing millions of American's secret clearance documents.

Lastly, the USA is in desperate banking situation where US interest rates are effectively negative. The US customers are paying money to keep money in US banks. This "pay to keep your money" in US banks situation maybe the straw that breaks the camels back should things in the US become worse.

Rolf WeberOctober 7, 2016 2:04 AM

@65535

I agree with Bruce and Clive. If you are located in US Jurisdiction you are a target of surveillance.

At least Bruce didn't say such a nonsende.

You should not confuse bias with fact. Because of your bias, you blindly believed in every absurd Snowden "revelation". And now you blindly believe in inconsistent media reports.

ab praeceptisOctober 7, 2016 2:18 AM

Rolf Weber

Astonishing as it may seem I actually agree with you - albeit not in the way you'd like.

65535 is indeed wrong when he says

I agree with Bruce and Clive. If you are located in US Jurisdiction you are a target of surveillance.

Actually it's not limited to us jurisdiction. Example: germany. Well noted, that has been examined and proven in a very official way.

You should not confuse bias with fact.

Well, then show us your facts.

Btw. Snowden is but one piece of the puzzle. You are mistaken when you link surveillance and Snowden as if Snowden were the only basis to indicate diverse nsa and other surveillance and other questionable operations.

Being at that: What exactly is it that you can produce for your claim to know better than our host, Bruce Schneier, and many of his guests here? And if it were only for politeness, you shouldn't call our host an idiot, no matter how "subtle" you do that.

MatteoOctober 7, 2016 2:29 AM

I'm from Italy and i find nsa&others surveillance IMMORAL, not illegal because they are the law and when it has been found illegal they just changed the law -_-

regarding the emails alternative exist:
-posteo.de (i'm using it now)
-runbox.com
-riseup.net

you might argue that:
-they can be hacked
-they can lie
-if you have "secure" email, people who receive your mail hasn't
true!
but at least they are trying and they say "your mail is your, we do the best to protect it".
not like google and others who give "free" email where free means that you are the product being sold; they also hide privacy policy in 1000 links until you get lost without finding all what you need.

and since email is the "root of trust" for every online service (password resets) i want a decent email.
i want to avoid what is happening with sms:
mitm to intercept password reset sms

Use_Tor_TodayOctober 7, 2016 4:33 AM

And people still use Google, Facebook and Twitter which is hilarious.
The more people use the internet, the more goverment can collect metadata and spying on people.

Clive RobinsonOctober 7, 2016 4:36 AM

@ Rolf Weber,

Because of your bias, you blindly believed...

That's rich comming from you.

Remind me what is that bible quote about "casting the first stone"?

stevenOctober 7, 2016 5:07 AM

The Google spokesman is a bit over-enthusiastic: "No way" would they do that in response to a government demand. But it's not that they don't already do it for their own business purposes. As you've already agreed to in their terms of service, they scan the content of your incoming and outgoing GMail messages. I think they just prefer to keep that knowledge, that power, to themselves.

Rolf WeberOctober 7, 2016 5:10 AM

@ab praeceptis

Actually it's not limited to us jurisdiction. Example: germany. Well noted, that has been examined and proven in a very official way.

Nonsense. Neither in the U.S. nor in Germany everybody is a target of surveillance.

Being at that: What exactly is it that you can produce for your claim to know better than our host, Bruce Schneier, and many of his guests here?

What exactly do you mean? Which topic?

And if it were only for politeness, you shouldn't call our host an idiot, no matter how "subtle" you do that.

Bullshit. Neither did I call Bruce Schneier an idiot, even not "subtle", nor do I think so.

Moreover, I agree with what @Bruce said, and what @65535 quoted: "We do know that the NSA uses bribery, coercion, threat, legal compulsion, and outright theft to get what they want".
That's simply their job. All I would add to this sentence is "as long as it fits into their legal constraints".

And that's why I'm skeptical about the Reuters and NYT stories. Admiral Rogers quite clearly denied it would fit into NSA's legal constraints what was claimed there.

RememberingOctober 7, 2016 5:11 AM

Not surprised at all. And remember the NSA was getting into Yahoo's e-mail surreptitiously prior to Snowden:

https://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html

We know Microsoft didn't have such a program because they were willing partners (and presumably still are since they never said they stopped) with the NSA to provide unlimited pre-encryption access to all their customers hotmail.com, Outlook.com and Skype communications:

https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data

Then of course we knew that the NSA was tapping Google's network between data centers where the data was unencrypted. Google turned that option off.

But since Yahoo blocked out the unauthorized NSA access and was then served with a secret FISA warrant for access - this begs the question what secret orders (with accompanying gag orders) has Google (the biggest e-mail honeypot out there) been served with since encrypting their internal networks? Somehow I doubt the Obama Administration was just going to accept not having access to (Google's customers) and their own citizens communications at Google.

DavidOctober 7, 2016 5:15 AM

My Government makes me hate my government. They want to take my guns and healthcare away, then spy on me all day. We need to put a stop to this.

ab praeceptisOctober 7, 2016 5:24 AM

Rolf Weber

"Admiral Rogers quite clearly denied it would fit into NSA's legal constraints what was claimed there."

"Don Calabrese quite clearly denied it would fit into his clubs ethics what was claimed there."

Sancho_POctober 7, 2016 7:49 AM

Re-reading my post from above re Mr. Rogers I find it a bit misleading.
I did not want to insult him, I apologize, I really find him trying to be honest.
Of course he has outstanding capabilities, otherwise he wouldn’t be where he is.
I do not admire him because I don’t know him, but I’d respect him.

The problem is he doesn’t seem to have an antenna for for the core of the issue
(or what the other side may see as the core).
And I assume the “Yes, Sir” mentality prevents others to openly discuss their inner thoughts with him.

So this is the reason why he should not talk in public about things he can’t understand. Instead he should send someone else, a mediator.

But I also think “the other side” hasn’t clearly made their point, say in a one page document, exactly to the confusion Mr. Rogers is lost in.
At least I don’t know about such a statement (@Bruce?).

SteveOctober 7, 2016 8:59 AM

Oh, no! My dozen throwaway fake named accounts and long since abandoned at Yahoo! are compromised. Whatever will I do?

ShazOctober 7, 2016 9:52 AM

This is why no one trust a damn thing the .gov says.

And Yahoo, once the almost-AOL, is now evil as well as incompetent and kitschy. Bye bye Yahoo.

MartinOctober 7, 2016 9:54 AM

Yahoo! mail is free. It is a commercial site. There was no privacy agreement or promise of privacy when the account was established. How could anyone expect privacy?

What free email service is private?

Freezing_in_BrazilOctober 7, 2016 10:34 AM

@ Mateo

The best email provider is paid, and should be always yourid@yourdomain.whatever.yourcountry

TedOctober 7, 2016 11:04 AM

@Michael Aquino

Solutions.

It looks like a lot continues to be in the works for the international community.

The NATO Cooperative Cyber Defence Centre of Excellence will be hosting their CyCon 'International Conference on Cyber Conflict' later this month (Oct 21-23).

“The issues to be covered include the future of international cooperation, imminent technical challenges and requirements, forthcoming conflicts in cyberspace, and the potential for new legal frameworks, standards, and regulations.”

They are also hosting a law course in November ‘International Law of Cyber Operations’ that covers both peacetime international law for cyber operations as well as international humanitarian law that applies during armed conflict.

https://ccdcoe.org/international-law-cyber-operations-november.html

PhobOctober 7, 2016 11:26 AM

"We do know that the NSA uses bribery, coercion, threat, legal compulsion, and outright theft to get what they want."
Bullshit.
You are full of it, Schneier and know nothing about the NSA and how it really functions. You are just vomiting more populist bile like all the other know-nothings.
I worked in SIGINT for 15 years, ten of which were at the NSA primarily in SIGDEV.
As you have no idea what that means I will spell it out for you - I was one of the people tasked with acquiring, developing and managing new information sources for the core NSA intelligence programs. We did not ever in that time use coercion, threat or outright theft - you are a liar and your accusations defame me and the many other hardworking and law-abiding people who worked and continue to work in the best interests of all of us.
Your arrogance is exceeded only by your ignorance.

rOctober 7, 2016 12:28 PM

@Fob,

If my head wasn't surrounded by 4 walls of aluminum I would've thought you read my mind on the name.

Listen, people are pissed - you can't expect members of the public to not lash out at some shadowy figure they mis-identify as the enemy. Your problem, lies at the feet of the media and your prior superiors not with the public. I feel for you, I do - but so what if the NSA didn't grant ISP's direct immunity post-911 - we can concede that fact. Just don't, don't try to paint it as some mechanism both above and below the NSA didn't tell the DoJ to grant immunity to SAID ISPs.

Have a nice day stuggling with what you know, what we know and with what neither one of us know about those dark... shadowy... crevase'.

To deny coersion, is to deny HUMINT. The FBI uses implants (live-ones, think undercover) so the NSA doesn't? Is it the CIA? Is the umbrella too big? Are you the victim of compartmentalization? Is the public the victim of malice perpetrated on the floor of congress? (think lies and half-truths). Or, maybe it's just the civilian contractors and that gives you deniability.

nobodyOctober 7, 2016 12:35 PM

Hey, anybody remember the name of that small email business that shut down rather than yield to the threats, legal compulsions, and coercions a few years back when they were tracking Snowden? Was it Lavabit?

Or does anybody know just how much Google spent on hard crypto between their data centers after the revelation of how much of that data was being intercepted (stolen)? I heard upper management was pretty pissed when they found out about Prism...

TovaritchOctober 7, 2016 1:21 PM

@Phob:

"your accusations defame me and the many other hardworking and law-abiding people who worked and continue to work in the best interests of all of us."

Let's clarify who "all of us" is: Some subset of roughly 300 million Americans in whose name you and your unelected superiors claim to speak, having decided it is OK to attempt to continually intercept/store/decrypt all digital communications of the remaining roughly 7 billion subhumans on this planet--the entire human race--just because it is technically possible. That alone is so fucking monstrous that it does not matter whether or not you are using coercion/blackmail/murder/whatever to reach that goal. Those are just minor incremental monstrosities, and being able to ignore the big one, just because you and everyone you met during your time at the NSA perhaps never engaged in them, is the fundamental problem here. Does your compartmentalized conscience have anything to say about that?

@nobody:

Yes, Lavabit. A small business run by an honorable man, as opposed to the big business run by disgusting snitches discussed here.

Regarding Google crypto between data centers: Unless I missed something, they only announced they are now encrypting all _email_ that is moved between data centers, but there was no mention of non-email data. Anyone know more?


TimOctober 7, 2016 3:29 PM

The NSA or anyone with enough money can get whatever they want whenever they want.

gordoOctober 7, 2016 5:41 PM

Why Verizon­-Yahoo Deal Is Raising Privacy Concerns
Law360, New York (August 11, 2016, 10:30 AM EDT)
—By Randy Gordon, Gardere Wynne Sewell LLP

Mobile technology makes life easier in myriad ways and targeted advertising carries with it the allure of efficiency. But as McLuhan presciently and darkly warned half a century ago, “Once we have surrendered our senses and nervous systems to the private manipulation of those who would try to benefit from taking a lease on our eyes and ears and nerves, we don't really have any rights left. Leasing our eyes and ears and nerves to commercial interests is like handing over the common speech to a private corporation, or like giving the earth's atmosphere to a company as a monopoly.” (last par.)

Behind free-trial/registration wall:

http://www.law360.com/articles/827141/why-verizon-yahoo-deal-is-raising-privacy-concerns

Nick POctober 7, 2016 6:56 PM

@ Phob

I doubt you worked at NSA. You would've known about things like TAREX teams, partnership with CIA/ISA, and relationship with FBI after Patriot Act. These collectively do all kinds of things to targets on NSA's behalf. Further, the Core Secrets leaks specifically said at ECI level that they apply our operatives to foreign targets while using FBI to "compel" U.S. companies to assist in "SIGINT-enabling." They also get to do all this in secret with criminal immunity despite lying to Congress and courts on video.

So, you're not going to get anywhere pushing that bullshit here.

WhiskersOctober 7, 2016 10:26 PM

@Nick P

It's very possible he doesn't know about that stuff. Much of what the NSA does is compartmentalized (and shut away from domestic news media) to the point where some compartments don't realize the NSA actually does any hacking.

Nick POctober 7, 2016 11:08 PM

@ Whiskers

I know. My comment assumes commenter did some research on what's public before posting. If not, then compartmentalization isnt the problem. ;)

CallMeLateForSupperOctober 8, 2016 9:25 AM

@nobody

Lavabit and Google are precisely the examples of "legal compulsion" and "theft" that I was winding up to volley to @Phob. I and my bursitis thank you. :-)

My old brain is still percolating on an example of "threat" that is distinct from - i.e. not intertwined with - "legal conpulsion".

GrauhutOctober 8, 2016 9:59 AM

@Sancho_P: "But I also think “the other side” hasn’t clearly made their point"

I think the red line is clear. If a judge orders surveillance of a defined person after reviewing a potential case its ok. Mass surveillance is not ok.

soothsayerOctober 8, 2016 11:00 AM

"..... We just don't know which one they use in which case "

I think they just told Marissa Mayer that they will inform the world that she is a bonafide stupid .. and she complied instantly :-)

rOctober 8, 2016 11:01 AM

What does 'theft' imply?

Traditionally theft was a denial of access, a denial of service.

Modernly, in the context of having one's fingers in pii... It implies duplication and exfiltration, but of which being unaccompanied by permission qualifies them as theft.

Just uncoupled from the traditional disappearing hact of magicians.

Sancho_POctober 8, 2016 4:26 PM

@Grauhut (re “surveillance”)

”I think the red line is clear. If a judge orders surveillance of a defined person after reviewing a potential case its ok. Mass surveillance is not ok.”

That would be too simple. There is a gut feeling in nearly everybody, expert or layman, a lot of singular arguments, often not vetted / accepted by others, and everyone vents their (singular) thoughts.
But we do not have a structured vision about the public’s concern in contrast to (exactly which?) official demands.

Starting by your “... judge orders surveillance ...” we are deep in Mr. Rogers’ confusion, who clearly knows the law, how it worked in the past, but doesn’t realize the difference between metadata, phone call content (real time) and email / chat (already recorded dialog).
And do you believe there are enough judges to seriously review each potential case brought up by that intelligence beast + LEOs?
Including [classified] judges for classified cases?
Plus oversight / control / reporting?

Surveillance, however, is only one aspect in the confusion.

The other issue Mr. Rogers struggles with starts here:
”… where, as a nation, we had previously accepted the fundamental premise that nothing is beyond the reach of the government with appropriate protection and appropriate use of the court, a legal framework, the legislative branch.” (Admiral Rogers)

The “nothing is beyond reach of the gov …” would make me grab my gun, if I had one, and clearly shows that Mr. Rogers isn’t aware of the difference between “tangible” and “intangible”, e.g. evidence they could find in my safe in contrast to my brain using drugs or legalized torture (sorry, called enhanced interrogation in civilized countries like the U.S.).
Now let me think about the content of my iPhone’s memory …

To search my basement they have to present me the warrant, so I know they do, but my electronic documents are off limits, they don’t need to tell me what they are reading, altering or even publishing in my name?
And what they grab from fibers / backbone, not intentionally, only because they can’t immediately sort out my data from the evil’s?

Again, I’d love to see “our” arguments listed in contrast to “their” view,
but I’m afraid nowadays no one of importance can stand up anymore for “us” (see the Tim Cook / Apple shitstorm).

GrauhutOctober 8, 2016 6:37 PM

@Sancho_P: "And do you believe there are enough judges"

It doesn't matter. If they need more judges for their plans they have to educate more of them. Or they need to make better plans. :)

The basics are crystal clear, see Article 12 of the Universal Declaration of Human Rights: "No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence..."

Its simply not allowed to make innocent people subject of arbitrary interference with their privacy and correspondence by mass surveillance.

65535October 8, 2016 9:08 PM

@ Phob

If you have a “Top Secret” clearance then why are you spewing four letter words about Bruce and bragging about your SIGDEV work at the NSA on this board which is monitored by various TLA’s? I believe you are breaking the rules and putting your NSA job at risk.

Could it be that you don’t have an NSA job to put at risk? Could it be you are a paid K street shill with long line drivel? We have seen your type before.

Sancho_POctober 9, 2016 7:56 AM

@Grauhut

Nope, the UDHR is at least as fuzzy (and controversial) as the term “surveillance”, it doesn’t help to clarify details.

GrauhutOctober 9, 2016 9:47 AM

@Rocinante: "There's nothing fuzzy about human rights law as the treaty parties understand it... The law is controversial only because the US Stasi doesn't want to hear it."

Oh Dear, this sounds so rude, shouldn't Bruce's blog be more like a safe-space for all those sensible snoopers reading it? :D

RocinanteOctober 9, 2016 2:39 PM

I apologize. Henceforth I shall include trigger warnings for Kemp Ensor's slavering butt frotteurs.

My InfoOctober 9, 2016 3:11 PM

I'm all for privacy, but unfortunately in this day and age, e-mail is not private. Forget the NSA. I can't send or receive any e-mail without the neighborhood drug dealer reading it.

Organized crime has reached 1920s proportions, when Doctors fraudulently prescribed alcoholic "cures" to evade "Prohibition" as well as various other dangerous patent medicines and remedies.

Amendment XVIII, Section 2. The Congress and the several States shall have concurrent power to enforce this article by appropriate legislation.

No one really wanted Prohibition, so they intentionally crippled it with an ambiguous jurisdiction incompatible with the rest of the Constitution.

Drug dealers have so much power now, that they have no need for privacy themselves to carry out their deeds: Date rape drugs slipped into your food before they push crack and heroin. Marijuana so potent that one whiff of second-hand smoke from it leaves you reeling and vomiting. That nauseating smell of methamphetamine manufacturing that wafts over the neighborhood. The wannabe lynch mob of frustrated addicts that forms every time a spooked dealer gets busted or skips town. Crooked shrinks that fraudulently prescribe their drugs, and deprive us of our right to say no to drugs, along with our right to enforce that "No!"

F'ing dealers are so paranoid that they commit suicide rather than face the remotest chance of going to prison where they belong, but they have identity transference disorder so they "diagnose" anyone who does say no to drugs as "paranoid" schizophrenic, which is really nothing but that same old Freudian delusion of dementia praecox that was forced on the Jews during the Holocaust.

The government paper-pushers' paranoid delusions of terrorism hiding in everyday Americans' e-mail is the real problem that has to be addressed if you do not want them reading over your shoulder everything you read or write. Please, get a dog at the post office, sniff some of those odd packages, leave my damn e-mail alone, and you'd better not be doing drugs if you work for the federal government.

Privacy is the new Prohibition. No one really wants Privacy, so it is intentionally crippled in every way, shape, and form.

meta.x.gdbOctober 9, 2016 4:04 PM

From NSA new employee orientation:


Perhaps one of the first security practices with which new NSA personnel should
become acquainted is the practice of anonymity. In an open society such as ours,
this practice is necessary because information which is generally available to
the public is available also to hostile intelligence. Therefore, the Agency
mission is best accomplished apart from public attention. Basically, anonymity
means that NSA personnel are encouraged not to draw attention to themselves nor
to their association with this Agency. NSA personnel are also cautioned neither
to confirm nor deny any specific questions about NSA activities directed to them
by individuals not affiliated with the Agency.


The ramifications of the practice of anonymity are rather far reaching, and its
success depends on the cooperation of all Agency personnel. Described below you
will find some examples of situations that you may encounter concerning your
employment and how you should cope with them. Beyond the situations cited, your
judgement and discretion will become the deciding factors in how you respond to
questions about your employment.


Answering Questions About Your Employment


Certainly, you may tell your family and friends that you are employed at or
assigned to the National Security Agency. There is no valid reason to deny them
this information. However, you may not disclose to them any information
concerning specific aspects of the Agency's mission, activities, and
organization. You should also ask them not to publicize your association with
NSA.

Sancho_POctober 9, 2016 5:29 PM

@Rocinante

”The law is controversial only because the US Stasi doesn't want to hear it.”

You call it “law” and IANAL, could you please point me to that law, e.g. in the U.S.?
I don’t call the UDHR controversial only because some countries sing but ignore them.

I’ve said that before, I think we (humans) are not in the position to grant any rights because we are all equal (OK, read: “in case we are all equal”).
A right could be granted from someone above us, but there is no one to do so.
I’m not atheist, however my “God” has nothing to do with what we call religion.
But in religion we find the reason why the UHDR is controversial (if not laughable) from the beginning:
We (the western colonialists) generously tried to grant rights by ignoring rights of others, e.g. “granted” by their man made (admittedly absurd) religion.

So the only thing we have is the law, which is, country by country, made by the ruling class (the lawmakers), conveniently to their advantage.

rOctober 9, 2016 7:01 PM

@meta.x.gdb,

Are you proposing that the NSA take lessons from the CIA?

Hopefully, I'm not the only one not-ok with that... but maybe it's needed?

RocinanteOctober 9, 2016 8:17 PM

@Sancho, in the US, under the Supreme Court's decision The Paquete Habana, treaties like the ICCPR are supreme law equivalent to federal statute, and customary international law like the UDHR is state and federal common law.

The UDHR doesn't bother with a grant of rights from anything to anybody. The reasoning is purely pragmatic: if you don't give humans their rights, they will have recourse to rebellion. Civil and Political rights are binding as conventional international law under the peremptory norm pacta sunt servanda, agreements should be kept. Economic, social, and cultural rights (the ICESCR) are a requisite for state sovereignty under the doctrine of Responsibility to Protect (though the US has distorted R2P for domestic propaganda to mean carte blanche to blow shit up, that's a pretense they can't maintain in the outside world.)

The US certainly fights human rights law tooth and nail, but it's designed like flypaper to hamper state repression with mounting international and public pressure over time. It's the world standard, ready to roll out when the US regime goes the way of the USSR. Seen it fix up piss-poor basket-case regimes a couple times. Works good. You'll see, when this piss-poor basket case USA crumbles all to shit.

Sancho_POctober 10, 2016 5:16 PM

@Rocinante

All I see crumbling are cities like Aleppo with inhabitants eager to learn about the UDHR.
And I guess there are billions of people interested if only “someone” could give them rights. To count them let's start in southeast Cuba.

RocinanteOctober 10, 2016 6:23 PM

A quarter of a century ago Tak Zhit Nel’zya came out and it was over.

One presumes you are not American, Sancho. You might not appreciate the hysteria when brainwashing gives way:

"How do you deal with people’s cognitive dissonance? I do a lot of public speaking. There’s invariably one or two people in the room who I can see becoming traumatized and they’re losing control of themselves. They’re becoming very, very angry at me and they do want to kill the messenger because you see, we live very good lives here in America"

"Here in America," a cop can kill or torture you anytime he wants and get away with it. The government tells you to watch what you say, and you're scared that Tor or hidden services or i2p will get you in trouble. No matter how you vote you still get screwed. JFK was the last president who didn't know he was a puppet ruler. CIA took over, then did 9/11 and OKC to you. Your constitution's gone. It got replaced by secret law.

But people are so desperate to believe they're free, they live in a democracy, that facts can cause this panicky dissociative state. People's identities are hopelessly wrapped up in statist doctrine. When you come at people from any conflicting perspective, for instance, human rights, it's like you're talking Greek, you get freezing, blank looks, cognitive TILT.

Then finally it lets go all at once and everyone admits it to themselves: Tak Zhit Nel’zya.

Sancho_POctober 11, 2016 6:01 PM

@Rocinante

Gorbi. I’ve been there (for work) before ’89, never since.

You may smile, but last year at LAX I was reminded to the fact that I, as a stranger, in more than 40 years of intensive traveling never felt unsafe in any place of the world - simply because I was a stranger.
I had the luck of a second screening (“We are the face of our nation”):
After 2:20 of waiting I was told by a 200 pound female officer not to worry about my connecting flight because I still haven’t arrived in the US.
What goes up must come down.

I wonder how western sanctions now improve their stability, self-confidence and independence.

GrauhutOctober 12, 2016 4:53 AM

@Sancho_P: "All I see crumbling are cities like Aleppo with inhabitants eager to learn about the UDHR."

If we don't live it, how should we sell it to others?

everyoneOctober 13, 2016 6:46 AM

If it makes you feel any better, it's the same everywhere else. Nearly everyone is sick of the corruption, self interest and the increasing attitude of the "leading" parties rubbing off on "management" hired by business. It seems if you are completely unqualified and always governed by self interest then you are "right" for the job.These kind of people came up with the idea of wasting intelligence resources on the large majority of the public who aren't obsessed with crime and violence.

The rest of us who take a bit of pride in the effort we put into our work and how we treat others are "mugs" and expected to go above and beyond, and always fill in or make up for those who expect a bonus on top of their salary for making the minimal possible effort, especially if a customer or client requires some service.

No wonder the economy is taking a hit. The people expecting to charge every frivolous desire to the company they work for, are selling themselves as the best, then costing more in tax write-offs than they themselves will ever generate.

I would argue that is the greatest security threat we are facing and is having a far greater cost than every idiot with a death wish combined. Maybe instead of scanning junk mail on yahoo, the NSA could be looking for people jamming the photocopier, cultivating buttock boils and using photos of their children on their desk as some kind of very ineffective work ethic camouflage. The same people blame migrants for increasing taxes, although they themselves are largest burden on society there has ever been and aren't interested being part of the glue holding it together. Their computers are also riddled with malware from wasting time looking at puke.

Rodney DangerfieldOctober 13, 2016 7:51 PM

Yesterday, was tomorrow.

Why stop at email when you can virtualize whole identities?

We should investigate the various Union Bugs involved in year to year book printing to see how far and why'd they ship them.

OscarPhilipsOctober 18, 2016 12:25 PM

You would think with all this scanning, someone might have a few copies of a Hillary e-mail.

DerpQuakeNovember 18, 2016 6:17 PM

Nothing will change until we redefine third party doctrine for the digital age. Email between two individuals does not make the email hosting provider a legitimate third party. Yahoo is no more a legitimate third party to email conversation than the postman is to delivering a letter. The postman is free to read the address on the envelope so the letter can be delivered, but it would be a crime if the postman opened your mail and read it. Email should be no different.

It's a joke to say that the behavior of corporations and government isn't impinging on free speech. Editing myself and my activities online has become part of daily life.

We could use some new teeth behind HIPAA. How can anyone have a private conversation about medical concerns if all online communication is subject to third party doctrine even if the sender has every expectation of a two party conversation, like say when they email their doctor?

Additionally third party doctrine should be applied only in criminal investigations, it should not give license to corporate spying, or NSA drift nets collecting and aggregating intelligence.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.