Angry Mom and First Principles: What is the Nature of a Broken Lock?
This won’t be a cool, calm, collected post like Marcy writes, because it’s me, the angry mom. You might even have seen me Tuesday afternoon in the school parking lot waiting to pick up a kid after sports practice. I was the one gripping the steering wheel too tightly while shouting, “BULLSHIT!” at the top of my lungs at the radio.
The cause? This quote by President Obama and the subsequent interpretation by NPR’s Ari Shapiro.
President Obama to ABC’s new Latino channel, Fusion (1:34): It’s important for us to make sure that as technology develops and expands and the capacity for intelligence gathering becomes a lot greater that we make sure that we’re doing things in the right way that are reflective of our values.
Ari Shapiro (1:46): And, Audie, I think what you’re hearing in that quote is a sense that is widespread in this administration that technological improvements have let the government do all kinds of things they weren’t able to do before. They tapped the German Chancellor’s personal cellphone and nobody really stopped to ask whether these are things they should be doing. And so that question, just because we can do something, well, does it mean we should be doing it, that’s the question that seems to be the focus of this review.
Bullshit, bullshit, bullshit.
Here, let me spell this out in terms a school-aged kid can understand.
This is a doorknob with a lock; so is the second closure device on the right.
The lock technology used on the second door is very different; it’s no longer simple analog but digitally enhanced. The second lock’s technology might be more complicated and difficult to understand. But it’s still a lock; its intrinsic purpose is to keep unauthorized persons out.
If one were to pick either lock in any way, with any tools to enter a home that is not theirs and for which they do not have permission to enter, they are breaking-and-entering.
If it’s law enforcement breaching that lock, they’d better have a damned search warrant or a court order, in the absence of a clear emergency or obvious crime in progress.
The argument that information technology has advanced to the point where the NSA blindly stumbles along without asking whether they should do what they are doing, or asking whether they are acting legally is bullshit. They have actively ignored or bypassed the proverbial lock on the door. It matters not where the lock is located, inside or outside the U.S.
The Washington Post’s revelation Wednesday that the NSA cracked Yahoo’s and Google’s SSL — secure sockets layer — is equivalent to evidence of deliberately busted door locks. So is the wholesale undermining of encryption systems on computers, cellphones, and network equipment revealed in reports last month, whether by weakened standards or by willfully placed holes integrated in hardware or software.
The NSA has quite simply broken into every consumer electronic device used for communications, and their attached networks. When the NSA was forced to do offer explanations for their actions, they fudged interpretations of the Constitution and laws in order to continue what they were doing. Their arguments defending their behavior sound a lot like a child’s reasoning.
But there might be something bad going on behind the door.
But we might need something behind the door in the future.
But we can get behind the door if we ask our close circle of select friends to check our permission — they’ll keep our secrets, just trust us, we’ll be good, honest.
But we have the authority to be everywhere when we deem it necessary, without asking first.
And so on. The only argument we haven’t seen yet (and might yet see) is a full-blown, screaming-kicking-body-on-the-floor tantrum amid cries, But we wanna’ do it!
President Obama’s statement Tuesday suggests that the NSA has now resorted to the arrogant “You’re too stupid to understand these cool tools we’ve made, so we can do it until you get smart enough to stop us” defense. Granted, members of Congress and the judiciary have repeatedly proven their ignorance about technology. The NSA’s leadership — including Keith Alexander, with a career’s experience in spying technology and multiple master’s degrees under his belt — is fully aware of the disparity between their technical prowess and that of U.S. elected officials. They make use of this knowledge to fend off focused questions.
Like whether the NSA broke the locks on the doors of ALL electronic communications-generating devices, and the networks supporting them.
Let’s simplify the problem of NSA’s data collection processes scooping up metadata from innocent, non-target/non-suspect individuals, the collection of their locations based on cellphone use, the apparent snooping through email and other documents conveyed and stored in social media providers like Yahoo and Google.
These are all phones.
All these devices are used to convey communications data — information in bits, whether audio, visual, text, so on — from one individual to another, over networks both hardwired and wireless. Wiretapping of telephones was supposed to require a search warrant showing probable cause.
But the NSA has disregarded users’ long-held expectations of privacy and security in their communications. The NSA doesn’t care whether it’s a plain old telephone service (POTS) hardwired phone, a cellphone, a WiFi-enabled tablet/netbook/laptop/personal computer. They don’t care if you’re on cable, fiber, wireless service. Whatever expectations about privacy the public believed were reserved for anyone of these electronic devices and supporting networks — more so for communications based on voice over POTS — the NSA has chosen to ignore them just as they have ignored the locks on the doors.
When forced to explain why they have ignored individuals’ rights to privacy and security, they use the same childish explanations — see above. The only new spin is their segregation of electronic devices not identified as POTS or hard-wired telephones; they’ve chosen to ignore the fact that voice communications are now conveyed using a much broader range of devices.
But we have authority to access these devices because they’re not really telephones.
But we can tap these not-telephone devices because they are overseas, and anybody and everybody overseas is fair game, whether Chancellor or Pope.
While it’s absolutely necessary that both the public and their elected officials become more technically savvy in order to see through the NSA’s bullshit and develop better policy, regulations, and oversight, it’s also essential that the public and their representatives remember first principles while considering the NSA’s overbroad spying:
It is what it is on the face of it:
- Locks on consumer electronics and networks have been willfully and systematically broken;
- Personal, private, and confidential communications as well as related metadata have been taken in the overwhelming number of cases without cause;
- The NSA refuses to give us any reasonable, straightforward explanation as to why laws do not apply to their breaking into our communications and devices.
Some folks at the NSA, White House, and Congress needs a time-out for their inability to grasp the rather simple nature of this failure and put an end to this mess. I’m *this close* to suggesting a spanking instead.
On further consideration of my teen’s oft-used excuses and one of his favorite movies, I think I’m going to call the arrogant “You’re too stupid to understand these cool tools we’ve made, so we can do it until you get smart enough to stop us” argument the “Ferris Bueller defense.”
Yes ma’am.
Then, insult to injury, in the NPR “interpretation” Shapiro conflates domestic US activities with foreign collection that has been, and is, the traditional mission of the NSA. “Ally” status does not grant German, or any other nationals, on their own soil, US Constitutional protections.
DiFi has done the same thing, as did Gary Johnson at the “Stop Watching Us” rally in D.C. last weekend. It spans the political spectrum. Thomas Drake specifically did not. The German reporter who interviewed me sure understood. NSA domestically here resembles the Stasi there (in information gathering), and German intelligence learns what it can from US and other nation’s comm, political and otherwise.
Foreign intelligence gathering that breaks security is how it works. That same behavior exercised domestically is both unconstitutional and criminal. The former can help keep us free. The latter enables tyranny.
On this point I think that they have. They keep dancing around admitting that EO12333 is their charter but I suspect it is and thus “a president told us we could”
I realize that that is neither reasonable nor terribly straightforward but that is probably the best they have.
But we have authority to access these devices because they’re not really telephones.
Okay, then we-the-people (who are the government) have the authority to shut down any agency that thinks this kind of BS is a good excuse for ignoring the constitution and the laws. You guys don’t like it, you can move to Somalia. Without all your expensive toys.
@C: The “dancing around” combined with the word “admitting” does not persuade me to believe in the legitimacy of NSA efforts, nor does it persuade me to believe the NSA believes in the legitimacy of their work or the legitimacy of their response.
You’ll also note that EO 12333 does not revoke older, still
unclassified[1] national security directives, only 13354, 13355 and part of 12958 — see NSDD 171, as just one example from the Reagan Administration.[1] my bad, I meant still classified.
@PJ Evans: It would be nice if we could defund this mess and start over from scratch with clear directives. But I have a nasty feeling this crap is completely entwined in our current military and other intelligence facilities in such a way that we can’t excise this hydra.
@Rayne:
I think that below a certain point in the structure, people don’t know where the information comes from. The guys at the top certainly do (or should) know, and they’re the ones that need to be fired first. In between, there are a lot of people who simply don’t want to know, so they can deny that they’re breaking laws.
You sure NSA is root?
AT&T: http://www.emptywheel.net/2013/10/31/the-smartest-european-blowback-in-the-world/
Yahoo: http://techcrunch.com/2013/06/02/yahoo-shuts-down-mail-classic/
Google: Do a search on “google no expectation of privacy”
Marcy said earlier that govt rules changed so what’s being protected isn’t people but property:
And I wondered the other day who was leading who by the nose, telecoms or govt? I linked to case where a private hospital got friends in DA’s office to go after a guy sending faxes to them that they didn’t like. The DA fabricated a case against the guy using guy’s subpoenaed e-mails and phone calls. Everybody got paid for the subpoenas, the telecom, the e-mail provider, the DA good buddy.
Somebody digs a hole and gets paid. Somebody fills a hole and gets paid. Follow the money around and aound? And all that “volunteer” talk.
Ha! Angry Mom, Indeed.
I had a little bout last week on Twitter with some one I don’t know. Tried to explain to him that this NSA stuff is like a criminal breaking into your home, going through your drawers and files, taking everything, and will never be taken to justice for stealing.
That IDIOT keep trying to tell me they don’t do that. LOL. I hope he has seen the light. I mean, the flashlight that virtually sees everything he does and can hear him fart and burp!
What about dealing a blow to the Third Party Doctrine? That won’t eliminate the fact that the NSA is breaking locks, but with the Third Party Doctrine the NSA would have to search for an alternate method and/or explanation for how it is obtaining our private information without a warrant.
http://www.techdirt.com/articles/20080530/2014171272.shtml
Third Party Doctrine includes cell phone/telephones obviously but also smart readers (toll booths, ID badges), and the newer electricity smart readers that record time of day and day by day use ostensibly to help ‘avoid the surprise of an unexpected high bill at the end of the month.’ For the energy company the home dweller’s data will enable the company to build a profile on that home dweller (when the occupants are likely out of the house, when and what equipment/lightbulbs are in use in the house based on electricity signatures, etc).
Since the home is still probably the best remaining bastion for privacy (despite the erosion occurring under the Third Party Doctrine as noted above) maybe renaming our personal devices (such as computers and cell phone) as “home file cabinets” might give judges pause about looking the other way when the government performs a warrantless search and seizure of our data.
Is there a way to design those devices to keep a record of those unwanted searches to prove to a judge when they occurred?
WRT to erosion of privacy in the home, I recall vaguely a Supreme Court discussion about whether a police helicopter flying over private property was an infringement on that home owner’s privacy. One of the conservative judges (Scalia) stated that if the technology used by the government is available for general use by the public, then there should be no expectation of privacy by an individual spied on with that technology.
http://www.nytimes.com/1989/01/24/us/supreme-court-roundup-copter-search-without-a-warrant-is-upheld.html
Make me think about the research and development of flying spy cameras — not just the drones but also the tiny ones in the form of robotic hummingbirds and insects. Currently used by the military it likely will spill over into police work. If Radioshack and other electronic retailers are selling similar spy cameras to the population at large will such ubiquity be used as a reason why it is “okay” for the government to spy on the home owners?
@pdaly:
correction “but WITHOUT the Third Party Doctrine the NSA would have to search for an alternate method and/or explanation”
@pdaly: Blowing up the Third Party Doctrine is a good place for citizens to focus their efforts, assuming they can pressure lawmakers to codify it out of existence.
The average American really has no ken about the doctrine; this is an interpretation forced upon the people, who generally believe they have contracted privately with a carrier to convey communications. The carrier is just that, a carrier; they are not a party to the communications. This is no different than using the U.S. Mail; postal carriage service does not mean the USPS is engaged in the dialog between individuals. USPS is involved solely as a carrier. Ditto for telcos.
The breakdown as always is with Congress. Members are corrupted under the current system, persuaded by money and pressure that their constituency is not voters but corporate interests, and corporate interests are often one and the same with the invisible state driving the intelligence community.
@pdaly: And of course here’s yet another fly in the ointment — there are several SCOTUS jurists who are in the bag for the MIC, whose ideologies do not defend the rights of the individual but that of corporations. Scalia’s argument about the helicopter is flawed because the police do not use the technology in question for the same reason as the private sector. Here on the face of is the argument Scalia would use to defend the NSA’s spying on the public; if the technology is used by the public, the state can use it, too.
Never mind that the average citizen isn’t using communications technology for the purposes of spying on their neighbors.
Unfortunately, unless there is a serious understanding in a Democratic-led Senate, there won’t be better SCOTUS jurists able to put down Scalia and persuade a majority on the bench successfully.
@thatvisionthing: Let me throw a question out to you, in light of your comment:
Ever wonder why this country does not have nationwide, pervasive wireless and WiFi?
Ahem.
It’s so handy that no people in our government are responsible for all this massive data sniffing and then storing. Heh, the “technology” did it. Or made them do it.
Wow.
Rayne wrote: “The lock technology used on the second door is very different; it’s no longer simple analog but digitally enhanced.”
Be careful with that word “analog”. Analog computers–as distinct from DIGITAL computers–do exist. Back in the 1970s & 80s the physics department I used to be a lab attendant with had a couple. The wikipedia article on such devices can be found at:
http://en.wikipedia.org/wiki/Analog_computer
The lock on the left is better described as a “mechanical lock” rather than an “analog” one,
Rayne wrote: “If one were to pick either lock in any way, with any tools to enter a home that is not theirs and for which they do not have permission to enter, they are breaking-and-entering.”
Um, not necessarily, at least in the case of the digital one. The digital lock is controlled by metadata stored on a computer server somewhere. If that server doesn’t belong to the house owner but is instead owned and controlled by some third party the house owner has outsourced their home security to, then essentially the metadata for that lock has the potential to be in the same position as all that Verizon phone metadata everyone has been kicking up a stink about but which the NSA and its sympathisers say they are free to collect using general warrants like the one The Guardian published back in June.
That is to say, under the cover of Smith v Maryland no search warrant would be needed to be served on the owner of the HOUSE but on the security company with the server In other words, it could be claimed that by outsourcing control over your locks to somebody else. If the NSA legitimately (ie using the Smith v Maryland argument) gets the metadata for that house lock and uses that to produce another keycard, then it could be argued that what they have done would be the equivalent of the house owner handing the NSA the keys to that house. If an NSA agent then used that keycard to enter the house I can see the NSA arguing that, technically, such an act would NOT be breaking-and-entering any more than the house owner giving someone a mechanical key to a mechanical house lock who then gives it to a burglar who uses it to enter the house was.
Note that if that burglar takes something from the house they might still be charged with theft, just as the NSA may still need a warrant to seize items from the house they enter with their newly acquired keycard, but then that is not the same as breaking-and-entering. The NSA could use the keycard to enter the house, look for interesting items, then leave and come back later with a warrant to seize items found on their initial look. (I point this out because having the ability to do a search is the argument the NSA makes for collecting all that phone metadata. So having a collection of these keycards from aroumd t6he nation would allow it (or somebody else; eg the DEA or FBI) to go through the proverbial haystack to search for needles.
Of course, whether that would stand up in court is another matters, just as it is an open question whether Smith v Maryland is still a reliable case law guide to metadata matters. IMHO it won’t If, however, it DOES then be prepared to live in some interesting times (as the Chinese would say).
@Stephen: Unless the owner of the first door made his own key; it has a number on it which someone else made. That number can be used to duplicate the key. Does that mean law enforcement need only go through the “locksmith” to gain entry?
@Stephen: That’s a lot of fancy bullshit as far as the average American is concerned.
There’s a lock on the door. Bypass the lock without permission and you’re breaking-and-entering.
Yeah, we do a lot of weedy fine reading here, driven by fancy wordsmithery used to defend fancy footwork. At the end of the day, a lock is still a lock. No need to defend buttheads who reject a lock’s innate purpose.
@john gleason:: You’ve conflated two separate issues into your question:
1) Obtaining the key number then duplicating the key.
2) Obtaining the authority to use an acquired key to enter your house through the lock in question.
The first would require locksmiths keep records of every key they make and the location of the lock they made it for. I cannot speak for the US, but (AFAIK) where I come from (Australia) that does not happen, It would also require the law enforcement agency to first obtain take a look at the key in question to find out what the key number was and the name of the locksmith which made it. Without that information they would be in the same position the NSA would be in with its haystack of phone call metadata records: they would have a rather large “haystack” of needles somewhere in the midst of which was the one particular needle they were after but which they had no information about other than that it was somewhere in the haystack!
As for the second issue, mere duplication of the key would no more give the law enforcement agency the authority to enter your house than a thief who secretly copies your key thereby has the authority (from you) to use it to enter your house. The scenario you are using is NOT the same as the one I hypothesized in my previous post (a security company which the house owner has given control over the entry codes to their electronic locks)l. You have not given the locksmith who made the lock any kind of authority, so even if the law enforcement people did have the key number and induced the locksmith to make the duplicate, that does not in itself endow them with the authority to enter your house.
@Rayne:
Re Third Party doctrine, from Justice Sotomayor’s concurrence in Jones:
And Marcy:
I think this is one of the things the NSA and Feinstein skate on, the “fact” that there is no expectation of privacy to our conversations and that the Supreme Court has already ruled that way – in essence, that the Supreme Court has overruled the Fourth Amendment. That’s pretty damn thin ice. The Fourth Amendment is not a dead letter to me.
@Rayne: Rayne wrote: “That’s a lot of fancy bullshit as far as the average American is concerned. There’s a lock on the door. Bypass the lock without permission and you’re breaking-and-entering.”
That may well be so if you’re talking about mechanical locks with actual physical keys or electronic locks which you yourself own and control the computer systems which control the lock. Outsourcing that control to somebody else, however, potentially changes the equation; and it does so to your potential disadvantage. That have been at least three major incidents over the past couple of years which have illustrated the dangers. One of those is, of course, Snowden’s revelations about that Verizon FISA warrant. The other two were Twitter’s announcement that it was going to offer its users’ tweets for sale and the FBI’s takedown of the MegaUpload site.
Twitter announced early last year that it was going to start sell access to its users’ tweets. The implication of that announcement was that its users did NOT own the tweets they posted on its site. Twitter did. Hence its decision to sell them off without permission, much less giving those users a share in the profits from the sales.
As for MegaUpload, the FBI took down that site because of the copyright pirates operating off it. However, that same site also had legitimate users, users now denied access to their own data. Moreover, when it finished its investigations and handed back control, the FBI reportedly told the site’s hosting service provider that it could now delete the data on the site, which apparently it did, to the outrage of the MegaUpload’s owner, never mind the users who put (legitimate) data there in good faith. See:
http://torrentfreak.com/leaseweb-wipes-all-megaupload-user-data-dotcom-outraged-130619/
Note that both these cases dealt not just with METADATA, but actual content.; and in both instances the attitude of Twitter and the FBI was that once it gets onto a cloud server,, the person (or corporation or other organisation for that matter) which put it there does not own it. Those who own the cloud service’s servers do. For a good write-up of some of the implications, see this Wired article.
http://www.wired.com/threatlevel/2012/11/megaupload-data-what-to-do/
Which means that, “[a]t the end of the day, a lock is still a lock” is no longer necessarily the case if the lock in question is an electronic one controlled by an outsourcing company.