Forgot your password?
typodupeerror
Privacy Government Security United States Your Rights Online

Whistleblower: NSA Has All of Your Email 478

Posted by timothy
from the well-most-of-it dept.
mspohr writes with this excerpt from Democracy Now!: "National Security Agency whistleblower William Binney reveals he believes domestic surveillance has become more expansive under President Obama than President George W. Bush. He estimates the NSA has assembled 20 trillion 'transactions' — phone calls, emails and other forms of data — from Americans. This likely includes copies of almost all of the emails sent and received from most people living in the United States. Binney talks about Section 215 of the USA PATRIOT Act and challenges NSA Director Keith Alexander's assertion that the NSA is not intercepting information about U.S. citizens." The parts about National Security Letters in particular are chilling, even though the issue is not new.
This discussion has been archived. No new comments can be posted.

Whistleblower: NSA Has All of Your Email

Comments Filter:
  • by stoolpigeon (454276) * <bittercode@gmail> on Saturday April 21, 2012 @07:31AM (#39755091) Homepage Journal

    if someone is - that would be shocking.

  • i hope... (Score:5, Funny)

    by ks9208661 (1862000) on Saturday April 21, 2012 @07:33AM (#39755105)
    ... they got all the spam as well.
    • Actually, maybe you are on to a good idea there. Since the has the best mathematicians in the world, and unlimited computing resources, why not ask them to do a public service? Eliminate spam.

      They should be able to identify the sources easily, if they are monitoring what everyone sends everywhere, or . . . ?

  • Encrypt (Score:5, Insightful)

    by betterunixthanunix (980855) on Saturday April 21, 2012 @07:38AM (#39755115)
    This is a problem whose solution has been known and available for over two decades, yet deployment is stagnant.
    • Re:Encrypt (Score:5, Interesting)

      by wvmarle (1070040) on Saturday April 21, 2012 @08:55AM (#39755547)

      Http is more and more replaced by https (even Facebook and Google do it now). Ssh is commonplace, encrypted VPN too, torrent traffic can be encrypted, etc. At a transport level encryption is making steady inroads, and is far from stagnant.

      On the other hand, for e-mails, it's not that easy. This is end-user level, and there is a good reason why it's stagnant. It's too technical for the general public to do properly, especially the key exchange with the other parties. And you have to do that over and over again, for every single e-mail contact you have. And in my case, that's easily a couple hundred. That's a bother.

      If we want encryption in e-mail, then we need a major e-mail client to implement its use transparently, and by default urge users to create a PGP key for their mail. Then the mail client needs a protocol to exchange keys securely with new contacts, to collect all the keys you may need to send encrypted mail to those contacts.

      And now the real fun thing: how to keep your secret key, secret? It's not a one-time key (like ssh uses). It's a permanent key; and you will have to cherish it to be able to decrypt old e-mails unless you store them decrypted on your computer. Have your secret key compromised and you're SOL.

      If you can solve all that, you could become rich. Or at least help us all have encrypted e-mail.

      • Re:Encrypt (Score:4, Informative)

        by Anonymous Coward on Saturday April 21, 2012 @09:15AM (#39755675)

        I always saddened when I see people still recommending GPG/PGP. That system is a total hack and not a standard.

        Use S/MIME. It's standardized and exists in every good client software.

        • Re:Encrypt (Score:4, Insightful)

          by wvmarle (1070040) on Saturday April 21, 2012 @09:53AM (#39755881)

          Use S/MIME. It's standardized and exists in every good client software.

          PGP or S/MIME is not the point. No-one uses either anyway. The point is: why don't they use it?

        • That system is a total hack and not a standard.

          http://tools.ietf.org/html/rfc4880 [ietf.org]

          The problem with S/MIME is the same one as exists with HTTPS. You're trusting the CAs your vendor tells you to trust (by default -- few people are smart enough to change this), many of whom are not trustworthy, not secure, or can easily be arm-twisted into providing a hostile government with a forged certificate.

      • Re:Encrypt (Score:5, Insightful)

        by Beryllium Sphere(tm) (193358) on Saturday April 21, 2012 @10:33AM (#39756149) Homepage Journal

        +1 insightful.

        I like to tell people that crypto doesn't solve a problem, but instead changes the problem into one that you hope is easier.

        Crypto replaces the problem of securing your communications channel with a problem of key management.

        Since the first problem is usually insoluble, this is usually a good thing, but good luck doing key management when the client machines are zombies controlled by an attacker, like so many personal computers are.

  • Good... (Score:5, Funny)

    by CrazyDuke (529195) on Saturday April 21, 2012 @07:40AM (#39755131)

    Then they should have all those missing White House emails. ...oh, wait...

  • by Spy Handler (822350) on Saturday April 21, 2012 @07:43AM (#39755141) Homepage Journal
    has 18 acres of mainframe computers underground. You're talking to your wife on the phone and you use the word "bomb", "president", "Allah", any of a hundred keywords, the computer recognizes it, automatically records it, red-flags it for analysis. That was 20 years ago.
    • Re:Fort Meade (Score:5, Informative)

      by AthanasiusKircher (1333179) on Saturday April 21, 2012 @09:40AM (#39755789)
      "+4 informative"??

      Hey paranoid mods -- just so you know, this is a quote from the paranoid thriller "Enemy of the State." It's meant to be funny... or at least ironic, given TFA.

  • by trout007 (975317) on Saturday April 21, 2012 @07:43AM (#39755143)

    Save the taxpayers' money.

  • easy way to find out (Score:2, Interesting)

    by Anonymous Coward

    send an email between two accounts only you use with fake plans for a terrorist attack...if you get arrested then we'll know they were reading it. (tell somebody you're going to do it just in case you disappear in the night).

    Still sometimes I think the government puts out these rumors on purpose to make everyone scared and think they are more powerful than they really are. I mean if the government "knows all" they when did Sept. 11th happen? Why do Mexican drug cartels ship billions of dollars of Cocaine ac

    • "They" "knew" about Sept. 11. [washingtonpost.com] And if we work backwards from the solution, physically stopping people from smuggling drugs across the border by force, isn't the problem fundamentally one of manpower?
    • Re: (Score:3, Interesting)

      by xhrit (915936)
      Remember the whole "Freedom fries" thing? Most people think it was due to France not supporting the US in the 2nd Iraq war, but the truth is much different. The big media anti-French smear campaign started just one week after the French government accused the National Security Agency of using the Echelon spying apparatus to steal trade secrets from the French to give American corporations an advantage. Corporations, I might add, that were deeply involved in the development of Echalon.

      The truth is the gov
  • by arthurpaliden (939626) on Saturday April 21, 2012 @07:45AM (#39755161)
    Protest like they did in Canada. Send the Ministers and your government representatives including the White House everything. For days they CCed them on every email, posted what they are doing to their members twitter accounts. After several days of having the Parliamentary mail and web servers taken to their knees the bill they were trying to introduce was 'sent to committee' (killed). People can make a difference
    • So we email them relentlessly until they discard all the data they've collected?

      We'll know they did this how? "Dear Citizens, we were lying before but now we are not and we've quit spying on you."

    • by Hatta (162192)

      DDOSing Congress is a federal crime.

  • by Securityemo (1407943) on Saturday April 21, 2012 @07:51AM (#39755183) Journal
    While this is certainly rather awesome, as a non-US citizen I think they should be open about it. Even if everyone else already assumed that they monitored everything they possibly could. Also, how did they ever think they where going to keep a domestic operation of that scale secret?

    Besides, how could they monitor foreign computer/internet-based espionage and other such things without actually monitoring the entire domestic network? If they where more open about this they could perhaps release information about botnet activity or similar useful data.
  • Think Big (Score:5, Insightful)

    by anorlunda (311253) on Saturday April 21, 2012 @08:12AM (#39755273) Homepage

    Consider the criticism on government for having failed to head off 9/11. Next consider the fact that the younger government employees will want to operate it in a 21st century way. Then, I think the logical extrapolation is to expect NSA to introduce the requirement that they can track communications retroactively.

    Suppose some person X becomes suspicious. Then there will be an instant demand to examine all X's communications in recent years, together with those of X's contacts, and their contacts, N levels deep. NSA can't know in advance who X is, so they only way to meet that requirement is to intercept and archive everyone's communications all the time.

    Consider the alternative. If they don't archive that stuff, and they could have, and if another 9/11 occurs, then the criticism will be wilting. They will be blamed for not doing everything possible to prevent it, They must do it as a matter of political self defense.

    I posted something similar once before. Another slashdotter thought I was writing science fiction. I don't think so. I calculate that it could be done for 300 million Americans with only a dozen or so exabytes. Heck, pull out your Visa card and order an exabyte server from Oracle today. It is hardly beyond the capability of NSA.

    I also believe that we privacy advocates also have to get our heads into the 21st century. It is time to shift focus from restricting government gathering of information to restricting government use of information already in their possession.

    • Suppose some person X becomes suspicious.

      X could be anyone the government doesn't like. And since there's no real oversight here, getting rid of them would be fairly simple. Oppressive governments or individuals would love this ability.

      It is time to shift focus from restricting government gathering of information

      As I still believe in the spirit of the constitution and privacy, no, it's not. I do not believe the government should be doing that.

      • by Sarten-X (1102295)

        Ah, the wonderfully pessimistic assumption that what can happen will.

        I like your attitude. I don't agree with it, but I like that it exists. The culture of the United States is paranoid and outrage-prone enough that if the government does actually turn oppressive, with opponents disappearing and certain thoughts outlawed, there will be enough activists to notice and care. In many cases this has happened with post 9/11 detainees, where local activists are fighting to have their friends returned. The governme

    • Re:Think Big (Score:5, Interesting)

      by wvmarle (1070040) on Saturday April 21, 2012 @09:29AM (#39755731)

      Intercepting and storing all this communication is the really easy part.

      Making sense of it; finding interesting connections; that's the really hard part.

      Now the probable justification would be "for the terrorists" which means you almost instantly have to branch out of the US, and intercept far more than just internal communication. And both possible and actual connections increase exponentially with the volume.

      I very much remember a Dutch supermarket introducing their discount card some 20 years ago. They openly stated that they wanted to track what people bought (linking separate purchases through this discount card), in order to put products that were often bought in tandem closer together in the shelves. Better for sales, convenient for customers.

      A few years later the card was cancelled. It didn't have the desired result. Sure they got a huge database of linked purchases, but they did not manage to get any useful connections out of it. And that was a relatively limited scope (just the products they sold and maybe a few million cards issued), well defined and easily parsable data (product bar code numbers; no fuzzy communication), and looking for specific connections only (products bought together frequently). Yet they didn't manage to do it.

      Sure computing has advanced, US government has possibly more resources, but also the problem is so much more complex in both size and scope. It uses fuzzy human communication, not even necessarily in English, can be any language. Looking for connections - but not knowing in advance what kind of connections. In an immense database: hundreds of millions of e-mail accounts, hundreds of millions of telephone subscriptions, each producing many data points every single day. Trigger by keywords? Well good luck making them general enough to catch who you want, and specific enough to not be drowned in noise.

      Only retroactively it may have some use. See who a suspect talked to, and when, can be valuable for investigations. But there surely are other and possibly easier ways to do the same: call up telephone records from their telco, analyse contents on their computer, etc.

      Is the story true or not? Can't say. It's unbelievable enough to be true.

      Is such a database, if it exists, useful? Probably; but I doubt it's worth the effort.

    • Re:Think Big (Score:5, Insightful)

      by davegravy (1019182) on Saturday April 21, 2012 @09:58AM (#39755915)

      I would rather live in a world where occasional acts of terrorism succeed due to missed opportunities to gather intelligence, than live in a world where there is even the REMOTE possibility that said intelligence will be used against me and my family by those we entrust to collect and manage it.

      It is time to shift focus from restricting government gathering of information to restricting government use of information already in their possession.

      Today's rules for how that information can justifiably be used will be different from tomorrow's. Most likely, the trend will continue towards more liberal use of the information by the authorities as time goes on. When the information exists in storage and the tyrant of the day has sufficient power to gain access to that information, and the right political / social situation presents itself, the information WILL be abused.

      When - not IF - but WHEN the next "Hitler" comes to power, we need to have a system of government that limits the damage he can cause. If Hitler had access to a database of all German communications and the resources to process that information, do you think that would have made things better or worse for the Jews?

      What mechanism of restricting the use of collected intelligence do you propose that would be effective against a talented and devoted psychopathic world leader?

    • Over the course of history, which is more common and more damaging: terrorists, or tyrants?

  • by dryriver (1010635) on Saturday April 21, 2012 @08:17AM (#39755293)
    So if those of us who live outside the U.S. use an American service - any American service - like Gmail, Hotmail, Yahoo Mail, Windows Messenger or perhaps mobile kit like an iPhone, are our messages thrown into the NSA Ueber-Surveillance-Database as well? If this is the case, the U.S. is breaking dozens and dozens of national/regional laws. Let me get this straight... You advertise a "free", supposedly "reliable" and also supposedly "private" service like say Gmail, and when I use it to communicate with my friends, acquaintances or business clients, all of my confidential messages get intercepted and funnelled into some huge NSA datacenter in Utah, or wherever it is that these spooks keep their pile of intercept-data. How can this be legal under any definition of any law? If my emails include confidential business documents - like confidential business strategy documents lets say - then "intercepting" and "evaluating" these messages is nothing short of "illicit industrial espionage". That's a serious crime that carries a prison-sentence in many countries. ------- More brave people need to come forward with what they know about clandestine "surveillance centers" being built by various governments, because if they don't, there will be no public outcry, and all these "regional efforts" will eventually be combined into one huge, powerful, global "surveillance grid" that nobody can escape from anymore.----- There is also International Law to consider. The Universal Declaration of Human Rights, quoted in my signature, makes it very clear that it is illegal to arbitrarily invade someone's privacy. So these large-scale efforts to gather as many emails or phone conversations as possible, are actually a super-violation not just of regional or country laws, but of human rights treaties most countries signed years ago, and with that, a serious and eggregious violation of internation law. ----- Somebody needs to put a stop to all this nonsense. Not only do these snooping systems not contribute to a safer world in any serious capactiy, but they also threaten to create a future where everyone is watching by someone or some system in everything they do. What precisely are we supposed to tell future generations about this, for example? Are we supposed to tell them "We are sorry, but you will have to grow up and live in a world where everything you do is being watched and evaluated. We could have protested against this stuff when it first appeared on the world scene, but we were daft enough not to do that. Again, sorry for having to live in a f_cked future! Have a nice life..."
    • No if you're outside of the US, you're fair game. It's all about national security. You can bitch and whine all you want, but unless you've got a fleet of nuclear bombers you're willing to use on DC, NY, and LA, and a missile defense network that can take out incoming MRV payloads with 100% efficiency you don't have any ground to complain.

      The big deal isn't that the US is spying on foreign nationals, it's that they're spying on their own citizens.

    • by gl4ss (559668) on Saturday April 21, 2012 @08:56AM (#39755555) Homepage Journal

      look, despite their international treaties they(american government) consider it legal to spy, torture, detain without reason or with reason anyone they please - but that getaway for free card isn't for everyone, which makes it complex and generally makes some of their international operations the clusterfucks they are, it's not like they even know when they're working under authorization or not and asking for it would affect it like the cat in the box. they don't really give a shit about international law.. just like they don't give a shit about the spirit of the domestic law, guantanamo being a prime example. "hey we can't hold these people as prisoners, it's against our laws. but hey what if we kept them as prisoners IN CUBA??" and so they're now in a clusterfuck situation from which they have no legal exit - such interpretation of "the rules" wouldn't be allowed in schoolyard games even.

      but if you could prove that google is doing behind the scenes work to enable interception of your emails - or if they know beyond doubt that their ssl's are no good, you could sue google successfully.

  • At what point. . . (Score:4, Insightful)

    by mosb1000 (710161) <mosb1000@mac.com> on Saturday April 21, 2012 @08:31AM (#39755379)

    At what point will psychiatrists have to stop classifying people as paranoid simply because they believe the government is tracking them?

  • by advocate_one (662832) on Saturday April 21, 2012 @08:47AM (#39755491)
    they're being given to us instead...
  • by Fred Ferrigno (122319) on Saturday April 21, 2012 @09:55AM (#39755897)

    Let's be clear that this guy doesn't have access to any secret information. He's analyzing publicly available information and coming up with his own conclusions about the probable extent of the surveillance. He may well be right, but the summary makes it sound like he's the new Bradley Manning. Quoting:

    AMY GOODMAN: Where do you get the number 20 trillion?

    WILLIAM BINNEY: Just by the numbers of telecoms, it appears to me, from the questions that CNET posed to them in 2006, and they published the names and how—what the responses were. I looked at that and said that anybody that equivocated was participating, and then estimated from that the numbers of transactions. That, by the way, estimate only was involving phone calls and emails. It didn’t involve any queries on the net or any assembles—other—any financial transactions or credit card stuff, if they’re assembling that. I do not know that, OK.

  • by guanxi (216397) on Saturday April 21, 2012 @03:14PM (#39758007)

    As long as they are collecting my data, can I use them as an online backup service? If my hard drive goes up in smoke, will they restore my emails? As a taxpayer, I want access to this government resource that I paid for.

If builders built buildings the way programmers wrote programs, then the first woodpecker to come along would destroy civilization.

Working...