After Section 702 Reauthorization

For over a decade, civil libertarians have been fighting government mass surveillance of innocent Americans over the Internet. We've just lost an important battle. On January 18, President Trump signed the renewal of Section 702, domestic mass surveillance became effectively a permanent part of US law.

Section 702 was initially passed in 2008, as an amendment to the Foreign Intelligence Surveillance Act of 1978. As the title of that law says, it was billed as a way for the NSA to spy on non-Americans located outside the United States. It was supposed to be an efficiency and cost-saving measure: the NSA was already permitted to tap communications cables located outside the country, and it was already permitted to tap communications cables from one foreign country to another that passed through the United States. Section 702 allowed it to tap those cables from inside the United States, where it was easier. It also allowed the NSA to request surveillance data directly from Internet companies under a program called PRISM.

The problem is that this authority also gave the NSA the ability to collect foreign communications and data in a way that inherently and intentionally also swept up Americans' communications as well, without a warrant. Other law enforcement agencies are allowed to ask the NSA to search those communications, give their contents to the FBI and other agencies and then lie about their origins in court.

In 1978, after Watergate had revealed the Nixon administration's abuses of power, we erected a wall between intelligence and law enforcement that prevented precisely this kind of sharing of surveillance data under any authority less restrictive than the Fourth Amendment. Weakening that wall is incredibly dangerous, and the NSA should never have been given this authority in the first place.

Arguably, it never was. The NSA had been doing this type of surveillance illegally for years, something that was first made public in 2006. Section 702 was secretly used as a way to paper over that illegal collection, but nothing in the text of the later amendment gives the NSA this authority. We didn't know that the NSA was using this law as the statutory basis for this surveillance until Edward Snowden showed us in 2013.

Civil libertarians have been battling this law in both Congress and the courts ever since it was proposed, and the NSA's domestic surveillance activities even longer. What this most recent vote tells me is that we've lost that fight.

Section 702 was passed under George W. Bush in 2008, reauthorized under Barack Obama in 2012, and now reauthorized again under Trump. In all three cases, congressional support was bipartisan. It has survived multiple lawsuits by the Electronic Frontier Foundation, the ACLU, and others. It has survived the revelations by Snowden that it was being used far more extensively than Congress or the public believed, and numerous public reports of violations of the law. It has even survived Trump's belief that he was being personally spied on by the intelligence community, as well as any congressional fears that Trump could abuse the authority in the coming years. And though this extension lasts only six years, it's inconceivable to me that it will ever be repealed at this point.

So what do we do? If we can't fight this particular statutory authority, where's the new front on surveillance? There are, it turns out, reasonable modifications that target surveillance more generally, and not in terms of any particular statutory authority. We need to look at US surveillance law more generally.

First, we need to strengthen the minimization procedures to limit incidental collection. Since the Internet was developed, all the world's communications travel around in a single global network. It's impossible to collect only foreign communications, because they're invariably mixed in with domestic communications. This is called "incidental" collection, but that's a misleading name. It's collected knowingly, and searched regularly. The intelligence community needs much stronger restrictions on which American communications channels it can access without a court order, and rules that require they delete the data if they inadvertently collect it. More importantly, "collection" is defined as the point the NSA takes a copy of the communications, and not later when they search their databases.

Second, we need to limit how other law enforcement agencies can use incidentally collected information. Today, those agencies can query a database of incidental collection on Americans. The NSA can legally pass information to those other agencies. This has to stop. Data collected by the NSA under its foreign surveillance authority should not be used as a vehicle for domestic surveillance.

The most recent reauthorization modified this lightly, forcing the FBI to obtain a court order when querying the 702 data for a criminal investigation. There are still exceptions and loopholes, though.

Third, we need to end what's called "parallel construction." Today, when a law enforcement agency uses evidence found in this NSA database to arrest someone, it doesn't have to disclose that fact in court. It can reconstruct the evidence in some other manner once it knows about it, and then pretend it learned of it that way. This right to lie to the judge and the defense is corrosive to liberty, and it must end.

Pressure to reform the NSA will probably first come from Europe. Already, European Union courts have pointed to warrantless NSA surveillance as a reason to keep Europeans' data out of US hands. Right now, there is a fragile agreement between the EU and the United States ­-- called "Privacy Shield" -- ­that requires Americans to maintain certain safeguards for international data flows. NSA surveillance goes against that, and it's only a matter of time before EU courts start ruling this way. That'll have significant effects on both government and corporate surveillance of Europeans and, by extension, the entire world.

Further pressure will come from the increased surveillance coming from the Internet of Things. When your home, car, and body are awash in sensors, privacy from both governments and corporations will become increasingly important. Sooner or later, society will reach a tipping point where it's all too much. When that happens, we're going to see significant pushback against surveillance of all kinds. That's when we'll get new laws that revise all government authorities in this area: a clean sweep for a new world, one with new norms and new fears.

It's possible that a federal court will rule on Section 702. Although there have been many lawsuits challenging the legality of what the NSA is doing and the constitutionality of the 702 program, no court has ever ruled on those questions. The Bush and Obama administrations successfully argued that defendants don't have legal standing to sue. That is, they have no right to sue because they don't know they're being targeted. If any of the lawsuits can get past that, things might change dramatically.

Meanwhile, much of this is the responsibility of the tech sector. This problem exists primarily because Internet companies collect and retain so much personal data and allow it to be sent across the network with minimal security. Since the government has abdicated its responsibility to protect our privacy and security, these companies need to step up: Minimize data collection. Don't save data longer than absolutely necessary. Encrypt what has to be saved. Well-designed Internet services will safeguard users, regardless of government surveillance authority.

For the rest of us concerned about this, it's important not to give up hope. Everything we do to keep the issue in the public eye ­-- and not just when the authority comes up for reauthorization again in 2024 -- hastens the day when we will reaffirm our rights to privacy in the digital age.

This essay previously appeared in the Washington Post.

Posted on January 31, 2018 at 6:06 AM • 49 Comments

Comments

Bauke Jan DoumaJanuary 31, 2018 8:06 AM

"the responsibility of the tech sector"

As if the tech sector isn't enticed by power bestowed upon them.
See Facebook et al. vis a vis "fake news".
They like their wealth. With it comes power. It corrupts.

Andrew AppelJanuary 31, 2018 8:18 AM

Bruce, you wrote 'More importantly, "collection" is defined as the point the NSA takes a copy of the communications, and not later when they search their databases.'

Did you mean "must be defined" instead of "is defined"?

PaulJanuary 31, 2018 8:30 AM

As an EU citizen I am grateful for the ability of the EU to moderate the effects of America's extremism, at least in Europe. America helped save us from the worst of our own in the past. Maybe we can return the favour some day.

Bubba MustafaJanuary 31, 2018 8:56 AM


NSA: "US citizens and other adversaries"

When you consider citizens as adversaries, YOU have become the #1 enemy of the people.

meJanuary 31, 2018 9:23 AM

Thanks for your interest and your words, i really hope that this will end.
And i really hope that Europe will do something about it.

meJanuary 31, 2018 9:26 AM

i remember one your article of some time ago where you said "nsa morale is low because of shadow brokers".

i think that it might be true in part, but the most important reason that nsa morale is low is because they keep doing immoral stuff, they keep spying on innocent people for no reason.
i'm from Europe and hearing that i have no rights, and they can do what they want on me because i'm not us citizen is not nice. but is worse when they do the same on us citizen, their own citizen, the one that they should protect.

Petre PeterJanuary 31, 2018 9:49 AM

We are clearly not equal in front of the law. The idea of separation of power is fading away into the cloud. Good heavens! The right to lie will give us a cloudy judgment with no hope for hope. Equality in front of the law or equality has no meaning.

Sancho_PJanuary 31, 2018 10:18 AM

@Bruce:

Your repeated distinction between “American” and “foreign” humans is disgusting.
Are you racists or just arrogant? Or is it a nazzionalistic touch? Or …?

Am I the only one of the tainted when I read about “incidental” vs foreign collection?

AndersJanuary 31, 2018 10:34 AM

Europe/EU isn't homogeneous either.
There are some small countries - Estonia for example - under deep US influence. Remember the Skype backdoor? Scr*w the people privacy, our government will do anything to keep US gov't happy because they need US protection against Russia.

MikeJanuary 31, 2018 10:55 AM

"Sooner or later, society will reach a tipping point where it's all too much. When that happens, we're going to see significant pushback against surveillance of all kinds."

Unlikely.

The sheer scale of surveillance by the USA, the Five Eyes countries and by the private sector is already overwhelming. The fact that nearly everyone in nearly every country on the planet is having the smallest details of their lives stuffed into enormous data silos where it will persist forever will be used against society to prevent any serious pushback.

The fact that wholesale surveillance has been implemented on the Internet - a virtual country where nobody is a 'foreigner' - and justified through racist constructs like "it is only being used to target foreigners" is all about control. The UK and other countries have access to the NSA's Xkeyscore system and regularly use it to spy on their own citizens. The fact that the country doing so didn't collect the data themselves is used as a convenient excuse to avoid breaking local laws about spying on your own citizens.

If people try to organise pushback against this Orwellian machine, it will be used to identify them and target them so that they can be silenced. Nobody is safe from this. It is already far too late to stop the surveillance machine.

That average people have been brainwashed into a state of irrational fear by the increasingly untrustworthy mainstream media makes it easy for the politicians to justify stripping away privacy and the presumption of innocence "because terrorists". Thought crime is already here. Pre-crime detentions too.

Attempts to reverse government use of surveillance is likely to be met with state sanctioned violence, arbitrary detention and disappearances.

Bruce SchneierJanuary 31, 2018 12:03 PM

@Sancho_P • January 31, 2018 10:18 AM

"Your repeated distinction between 'American' and 'foreign humans is disgusting.
Are you racists or just arrogant? Or is it a nazzionalistic touch? Or …? Am I the only one of the tainted when I read about 'incidental' vs foreign collection?"

Agreed; it's pretty disgusting. But please don't confuse my descriptions of what the US law currently is with what I think it should be. Right now, non-US persons are pretty much thrown under the bus when it comes to basic civil rights. There are many of us working to change that, but honestly it's not going to happen any time soon. Most Americans are far too nationalistic to care to any great degree.

22519January 31, 2018 12:04 PM

"This has to stop. Data collected by the NSA under its foreign surveillance authority should not be used as a vehicle for domestic surveillance."

That's exactly right. America is now, and has been, a place where the government spies on its people, and this is wrong. The Constitution is under threat.

Make no mistake about it: the United States is going step by step downwards to a form of government that the Founding Fathers hoped we would never reach, tyranny.

Who?January 31, 2018 12:41 PM

@ Sancho_P, Bruce Schneier

I agree with Bruce, speaking this way is just to show a restrained description of what current US law is. There is a problem with US law that cannot be ignored as it denies the rights of foreigners (very sad on a country that has been founded by immigrants).

The issue, as I see it, is that this point of view where US citizens have all the rights while othre citizens are mostly apes is clearly approved by lots of US citizens right now (I am sure our host is not one of them!).

As you, I am worried about the huge despise US law currently exhibits against foreigners and the consequences this asymmetric point of view may have in the future.

albertJanuary 31, 2018 1:24 PM

"...It has even survived Trump's belief that he was being personally spied on by the intelligence community,..."

Too bad Trump never had ironclad proof. Every time he 'toes the line' and backpedals, I think 'someone took him aside and explained the facts of life in gov't service.' One fact is that the IC isn't afraid of rules or laws. It can do whatever it wants, whenever it wants. Congress-critters and gov't staffers should be very afraid, and considering their backgrounds, even more so than average law-abiding citizens.*

No one is untouchable or unreachable and there is no honor among thieves. The Herculean efforts by the Dumb-ocrats** to bring down Trump demonstrate a lack of understanding of this.

OTOH, perhaps I take this much too seriously.

-------------
*as long as those citizens aren't too critical of the gov't :) Don't want to be an Enemy of the State? Then keep your nose down and shut up.
** The other coin side is the Repugant-cans. I'm all equal opportunity whatever...
. .. . .. --- ....

VinnyGJanuary 31, 2018 2:13 PM

The problem is that even if Bruce got everything he requested, it would be only worthless paper promises. As he noted, NSA routinely violated the law prior to 702. Where are the prosecutions and convictions of those lawbreakers? What effective incentive can possibly be brought to bear to prevent a repetition? Unfortunately, this "laws are for peons" arrogance will almost certainly continue unchecked until some monumental crisis is reached at some nebulous point in the future, and I fear the outcome won't be decided on paper or in some virtual reality.

GrauhutJanuary 31, 2018 2:14 PM

@Bruce: "So what do we do? If we can't fight this particular statutory authority, where's the new front on surveillance?"

We shouldn't hope and pray for solutions from politicians or judges.

We need to make the installed sniffing system generation obsolete and make sniffing more complicated and expensive. Imho we need a technical solution, something like tcpcrypt + packet random fillup on transit lines.
https://en.wikipedia.org/wiki/Tcpcrypt

Tcpcrypt sleeps since 2014, time to kick this on again.
https://github.com/sorbo/tcpcrypt

echoJanuary 31, 2018 3:53 PM

Thanks Bruce for a very strong article. I also note your comments on the EU courts which is very welcome. I agree "breaking the legal veil" can be very difficult. The only complaint I have is this was a little light on practical and human rights issues but understand this may have diluted your essay.

While not directly related TTIP was an issue which conflicted with EU consttitional issues (for want of a better description) and more social outlook. I'm pleased there was very strong pushback against this and encouraged Americans fighting for their healthcare and employment and other rights can gain strength from this.

Thanks again Bruce for generously sharing your expertise and platform.

Sancho_PJanuary 31, 2018 5:42 PM

@Bruce:

Thank you for your statement.

”But please don't confuse my descriptions of what the US law currently is with what I think it should be.”
But isn’t it time to say what you think? Since I read you I’m eagerly looking for any public hint of disagreement in that matter.

Sorry, this one from your very first paragraph blew my safety valve:

” … civil libertarians have been fighting government mass surveillance of innocent Americans over the Internet. We've just lost an important battle.” (my emph)

It’s not you, the civil libertarians, and not you, the innocent Americans, who lost.
It’s us, the civilization, it is mankind who has lost another battle because no one important speaks out when the world’s finest nation, leading in liberty since decades, step by step proceeds into a totalitarian state and worldwide aggressor instead of realizing the imminent danger our canoe is in.

”There are many of us working to change that, but honestly it's not going to happen any time soon.”
This work seems to be classified and protected by the Constitution, probably we need another hero like Edward Snowden to bring it to light?

However, I’d like to read your “nationalistic” for most of the Americans (as I know them) as too patriotic, although some of your laws have that ex-German touch.

This leads me to my last point, your conclusion what we need:

No, we don’t need a bunch of now unrealistic measures. Too late.

The only thing we need is to face that it was not just the controversial crocodile at the top but a bipartisan congressional support to reauthorize the bill.
Without that your Snappy could only eat another burger.

It is either a total failure of democracy or the will of your elected powers representing the broad American public to go that way.

If we accept reality we must realize that no one can help us but we ourselves.
They got all our metadata, so we must struggle to protect our content.

/rant

Thomas J KenneyJanuary 31, 2018 6:19 PM

@Mike: "If people try to organise pushback against this Orwellian machine, it will be used to identify them and target them so that they can be silenced."

Should read...

If people try to use electronic communications to organise pushback against this Orwellian machine, it will be used to identify them and target them so that they can be silenced.

If one were to remain honorable and continue to use the 'weapon' that has been chosen by their adversaries, victory is not in the cards. Sneakernet FTW.

VennerJanuary 31, 2018 7:42 PM

The only reason for putting an entire nation under surveillance is fear. They live in fear of the repercussions from a nation that is still waking up to the fact they were attacked by their own government on 9/11.

moopsJanuary 31, 2018 9:16 PM

Well, for one thing, Diane Feinstein Has.To.Go.


that Democrat has been providing "bipartisan" cover for WAY too long for the surveillance state actions. A safe.safe.safe. seat Senator should behave better.

I fear at the heart of all this is America's still lingering racist past.

Grant HodgesJanuary 31, 2018 9:56 PM

Ok, let me break it down for you.

All that is needed is to put the Bushies and Obamites in jail that violated the FISA law. Everybody who unmasked an American without provable cause, everyone who spied on anyone without a warrant from the FISA judge, everyone who spied on political opponents or their wife's boyfriend . . . put every single one of them in jail.

Jail is the answer! :)

22519February 1, 2018 12:06 AM

Michael Hayden speaking in October of 2015:

"An American strategy for cyberspace must reflect and serve our ideals. In our zeal to secure the internet, we must be careful not to destroy that which we are trying to preserve, an open, accessible, ubiquitous, egalitarian, and free World Wide Web. There are nations—like Iran, China, Russia and others—who view precisely those attributes as the very definition of cyber security threats. Their concern is not digital theft, but the free movement of ideas. We must take care that in our efforts to prevent the former, we do not legitimize their efforts to prevent the latter."

Remember Gollom, formerly known as Smeagol, the loathsome creature who became completely corrupted by the Ring of Power?

Ash nazg durbatulûk, ash nazg gimbatul,
Ash nazg thrakatulûk agh burzum-ishi krimpatul.

One ring to rule them all, one ring to find them,
One ring to bring them all and in the darkness bind them.

Well, you know the rest of the story: Sauron and his big eye in Maryland got slammed by little Hobbit Edward S. who, against all odds, skipped the foreplay and brought Mordor down.

Michael Hayden, a great leader of free peoples, said, after Edward Hobbit made it back alive from Mordor (and I am paraphrasing), "well, at least we are not as bad as North Korea."

How deeply comforting!


AnonFebruary 1, 2018 1:51 AM

I wish people would drop the whole "the EU is holier than thou" attitude.

The EU hasn't got over WW2, and Germany hasn't yet got over the Stasi.

Europe is NOT the "great protector" of privacy that everyone thinks; this was raised a couple of months ago in a Squid post, about German attempts to backdoor security products.

WinterFebruary 1, 2018 2:09 AM

@anon
"I wish people would drop the whole "the EU is holier than thou" attitude."

The EU is not perfect, but they DO recognize privacy rights of ALL humans. The US have a very limited view on privacy and do NOT recognize that foreigners have rights. Actually, the EU gives Americans MORE privacy rights than their own government do.

tyrFebruary 1, 2018 2:28 AM


@Albert

My favourite mantra is the impeach Trump
crowd these days.

Do they really want Pence to take over ??
Donny has his faults but the people around
him are worse in my opinion. Of course that's
the same bunch whose email geo-location has
Marthas Vineyard as the most cited place
to talk about.

The dis-connect from the rest of us is a
Lovecraftian horror show on both sides.

@22519

Is that the Hayden who thinks we have a
Starfleet? Not the sharpest spoon in the
IC drawer.

jcFebruary 1, 2018 5:47 AM

We've just lost an important battle.

No fighting spirit.

On January 18, President Trumpsigned the renewal of Section 702, domestic mass surveillance became effectively a permanent part of US law.

The law which forbids unreasonable search and seizure? That law? Oh, no, that's just the Constitution.

We can't defend that law. We'd need guns for that.

No, no, no, we can't have that. We are all dead and buried under the letter of the law.

Mike BarnoFebruary 1, 2018 6:51 AM

@ Venner :

...a nation that is still waking up to the fact they were attacked by their own government on 9/11.

No, the USA was not attacked by its own government on 9/11.

The USA was attacked by its own government on 9/12/2001, when national-security zealots began implementing their surveillance wish list that became the USA-PATRIOT Act.

Rolf WeberFebruary 1, 2018 7:46 AM

I really love @Bruce's pragmatism. "Net activists" should really listen to him. 702 is a matter of fact for the forseable future. They should focus on goals that are more realistic to achieve.

What I completely disagree with is that you lay any "hope" in the EU. Something like "702 authority" exists in virtually every EU country as well. They all do the same (only difference is that more tech companies are located in the U.S. than in the EU), so how can you have any hope in the EU? How could the EU realistically stop the U.S. from doing something as long as they all do essentially the same?

Neither in the U.S. nor in the EU foreigners abroad are granted the same privacy rights than citizens or residents. And otherwise than you I think this is reasonable. And it's unlikely this will change anytime soon either.

jcFebruary 1, 2018 8:58 AM

The USA was attacked by its own government on 9/12/2001, when national-security zealots began implementing their surveillance wish list that became the USA-PATRIOT Act.

National socialists. Nazis.

America is occupied by hostile militant forces.

Wake up, sheeple.

We cannot afford to take it any less seriously.

vas pupFebruary 1, 2018 11:06 AM

@Bruce:
"Third, we need to end what's called "parallel construction." Today, when a law enforcement agency uses evidence found in this NSA database to arrest someone, it doesn't have to disclose that fact in court."
I 100% agree that IC information should not be used DIRECTLY by LEAs for arrests and prosecution(except extreme cases of treason, terrorism, mass killing, you name it). Same applies to criminal intelligence information obtained by LEAs themselves. I did not see any difference when UCE (undercover employee) or CI (confidential informant) provide intelligence information which is not disclosed directly but rather used as the lead for further actions to collect evidence admitted by the court for prosecution and "parallel construction" activity based on intelligence information obtained by technical means (NSA). But that is just my own opinion which based on my strong believe that IC and LEAs should be always in separate baskets.

SpellucciFebruary 1, 2018 11:16 AM

If the NSA thinks collecting our data is so important, why not help them along? Everyone print out your monthly call detail records and mail them into the NSA. 100 million phone accounts times 10 pages per account gives a billion pages for them to process a month. It is our patriotic duty!!!

PLANET EARTHFebruary 1, 2018 2:45 PM

Dear Bruce,

Thank you for being part of our journey on planet earth. We know our lifetime is limited. You are a role model for each and every one of us on how to use our time and skills for good. Thank you.

jcFebruary 1, 2018 4:00 PM

I 100% agree that IC information should not be used DIRECTLY by LEAs for arrests and prosecution(except extreme cases of treason, terrorism, mass killing, you name it).

How do you get around the fact that if law enforcement officers are not using it DIRECTLY, or if they do not have a warrant for it, they do not need to know it? Probable cause, warrants, and due process are especially important in such extreme cases as you mention.

Violation of due process. Classified information without need to know.

gordoFebruary 1, 2018 9:43 PM

What Goes Around Comes Around
By Ross Anderson

Here is the core issue, the acid test of whether America really believes in universal rights. But it is a challenge to which America can rise, because of the way its concept of rights has expanded steadily over the generations. Once a nation has bought the idea that “all men are created equal”, you eventually ask, “Blacks too”? It might take fourscore and seven years, but sooner or later the question can’t be ducked anymore. Then people ask, “Women too?” and so it goes: civil rights, gay rights, until eventually there’s only one taboo left. The question now is “Foreigners too?”

https://www.cl.cam.ac.uk/~rja14/Papers/WhatGoesAround.pdf

https://www.lightbluetouchpaper.org/2018/01/03/what-goes-around-comes-around/

FrankFebruary 2, 2018 2:44 AM

Trump was spied on with 702, large portions of the intelligence community are targeting him, and he somehow thinks it's a smart idea to reauthorize 702? Now THAT'S lunacy.

CallMeLateForSupperFebruary 2, 2018 9:07 AM

A long-time friend and I sit down a couple of times per month for supper and frank discussions about whatever animates us at the time. This week I vented about the fact that codified net neutrality is all but dead. I'd barely begun, was working through my second sentence, when I saw my friend's facial expression grow sullen. He dropped his head and began eating as though he was suddenly famished, and he didn't look up until I'd stopped speaking.

Then he spewed: People want to live in remote places - mountains; deserts; places where technology hasn't reached - and yet they think they have a fundamental right to internet service and that companies, not them, should pay the cost of running fiber/cable out to them. That's not the way business works!

That caught me totally off guard. I said, That's a different subject, not at all related to net neutrality; you know that, right? That put *him* off balance. He didn't answer. I probed a bit. It became clear that he hadn't *changed* the subject, he didn't *understand* the subject.

He was vehemently against net neutrality because he "knew" it was all about giving consumers a free ride at the expense of business. I do not know what planet he lives on.

CallMeLateForSupperFebruary 2, 2018 9:26 AM

OOPS! My post, above, belongs in the Squid. "I would certainly apologize if you’d like me to do that." :-)

Sancho_PFebruary 2, 2018 12:52 PM

@gordo: Thanks, good link.

Ross Anderson rightly acknowledges the worldwide agreement of our governments in their supposed need and right to tap whatever they can reach, citizen or foreigner, nationally or abroad.

More so, they do it because it’s their duty to “to protect us”.
They see this duty even above national interests, so friend or foe will collaborate and never openly complain.
They will - by intent - not secure the Internet or let it happen.

So we all have to acknowledge that they can and do, with or without our consent.
We have to understand that “our” metadata are theirs.
Say “yes” and say it now, because anything else would be a self-deception.

What is left are two points to discuss:
1) The worth / value of metadata, e.g. in court.
2) Who owns the content of communication.

I understand that it may be of interest to Spain, France, Germany, USA, Russia, China and Israel (to name just a few) that Sancho e.g. has contacts to the Algerian Ministry of Transport, the Egyptian Ministry of Health or a lawyer in Bilbao.
But no,
they have absolutely no “right” to learn about the content of any of our messages without our consent, neither in the past, the present, nor in the future.

gordoFebruary 2, 2018 10:33 PM

@ Sancho_P,

What is left are two points to discuss:

1) The worth / value of metadata, e.g. in court.
2) Who owns the content of communication.

1) What is plain view-parallel construction?[1]
2) What is encryption?

they have absolutely no “right”
Yes; regardless of whether it's "legal," it's "dehumanizing".

---

[1]"This practice of scanning e-mail traffic for the purpose of 'about' searches has long been one of the aspects of §702 collection most objectionable to civil libertarians, for several reasons. First, and most fundamentally, it inverts the normal order of operations for surveillance. Instead of scrutinizing the contents of the communications of a particular individual who has been designated as a target, it scrutinizes the contents of all communications, and uses the results of that automated scrutiny as the justification for collecting a particular message. In effect, a search is justified not by some antecedent grounds for suspicion, but by the results of the search itself." - Julian Sanchez; https://www.justsecurity.org/40384/ado-about/

---

https://www.eff.org/deeplinks/2018/02/how-congresss-extension-section-702-may-expand-nsas-warrantless-surveillance

WetSuitFebruary 5, 2018 6:38 PM

Truthfully, I cannot believe that any surveillance effort by the NSA, or for that matter any other agency, is really necessary in the vast majority of cases. The corporate surveillance network is almost as sophisticated as anything the gubmint has, and could easily be tapped and used successfully in most use-cases. The talk is big about massive data stores, yadda yadda. I bet that in 90 percent of cases they could let the corporate data collection system do the work, and just sit around the table, drink coffee, and talk about how great the Eagles looked this weekend ... easy work.

More importantly, it doesn't even need the Patriot Act.

vas pupFebruary 6, 2018 11:00 AM

Question: do IC and LEAs apply new technologies for recruitment? I guess polygraph data could be analyzed with more reliability utilizing AI like in article below for other clues:

As companies rely more on machine learning and artificial intelligence (AI) to find the right job candidates, is recruitment in danger of losing that personal touch?
http://www.bbc.com/news/business-42905515
“Employers don't have time to check the credibility and assess the skills of every potential candidate," says Chris Butt, founder and chief executive of Cognisess, a predictive analytics company."Our system creates a digital profile of not just data from their CV, but their responses via assessments and video interviews. "It analyses facial cues, body language and even how you speak. It then assesses whether the data collected from your CV is not only true, but also how good a fit for the role you are."

vas pupFebruary 7, 2018 3:05 PM

Recent on surveillance:
Police in China have begun using sunglasses equipped with facial recognition technology to identify suspected criminals.
http://www.bbc.com/news/world-asia-china-42973456
The glasses are connected to an internal database of suspects, meaning officers can quickly scan crowds while looking for fugitives. The sunglasses have already helped police capture seven suspects, according to Chinese state media.
The country has been building what it calls "the world's biggest camera surveillance network". An estimated 170 million CCTV cameras are already in place and some 400 million new ones are expected be installed in the next three years. Many of the cameras use artificial intelligence, including facial recognition technology.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.