« How can I tell whether the intelligence agencies are useful? | Main | The Emperor and the fire »

January 23, 2014

Comments

You're all set to be the life of the party now!

Actually, I don't know why they don't try to sell these at the local adult emporium, though I guess the inventor who views this as saving the lives of SEALS is not going to be too happy when it is used for your (not-so?) friendly neighborhood dominatrix.

The timer handcuffs actually seem like they might indeed have valid uses. Including the one mentioned in the linked article. Far more real utility than, for example, a refrigerator linked to the Internet.

"Far more real utility than, for example, a refrigerator linked to the Internet. "

But what will I use for spamming?

But the wonder of spam, as I recall, was that it didn't need refrigeration! ;-)

Ah, so you use an internet connected pantry or basement instead? Clever.

My wireless router for my internet-connected pantry has 16-bacon-bit encryption.

I was thinking of putting up a thread dissecting the decision in Smith v. Maryland and why it's problematic on its own terms, and utterly useless when analyzing today's NSA surveillance. But can't seem to find the time.

The Court in Smith went out of its way to emphasize the limited nature and capability of the surveillance and surveillance tool at issue in the case, quoting another case "a law enforcement official could not even determine from the use of a pen register whether a communication existed. These devices do not hear sound. They disclose only the telephone numbers that have been dialed - a means of establishing communication. Neither the purport of any communication between the caller and the recipient of the call, their identities, nor whether the call was even completed is disclosed by pen registers." The information collected by NSA goes well beyond this.

The most startling line in Smith v Maryland, I thought, was this: "Petitioner in all probability entertained no actual expectation of privacy in the phone numbers he dialed." What universe do these justices inhabit? On what do they base their "in all probability" of what the petitioner (or any of the rest of us) expected?

*I* certainly expect that, if someone wants to find out what phone numbers I have dialed, they will have to get a warrant.

wj - there's a lot of statements in the opinion that seem to be based on nothing by Justice Blackmun's own sense of "what is." E.g.:

"All telephone users realize that they must 'convey' phone numbers to the telephone company"

and

"All subscribers realize, moreover, that the phone company has facilities for making permanent records of the numbers they dial, for they see a list of their long-distance (toll) calls on their monthly bills"

Note the subtle switch from "users" to "subscribers" there.

"Although most people may be oblivious to a pen register's esoteric functions, they presumably have some awareness of one common use: to aid in the identification of persons making annoying or obscene calls."

What? If "most people may be oblivious to a pen register's esoteric functions" then how does the rest of the opinion make sense?

ugh, I think what we have here is a blatant case of someone first deciding what result he wants. And then finding (or inventing) reasons to support it. It's what a lawyer is supposed to do for a client. But not what a judge is supposed to do in making a ruling.

Some people just don't get that they are pawns.

sapient:

Speaking of the RNC's about face, can I assuming you have always been a strong supporter of the NSA programs, even under the GWB administration?

GWB (and his sidekick) were fascists. He took power with a Republican Congress. They abused their power.

I believe in a strong government with a lot of power, but the citizens have to be responsible enough not to elect fascists. The solution isn't to dismantle government; it's to kick out the fascists.

I realize this is an open thread, but saying you are leaving because of the snark and then bringing it over here is not really what I (and I think the great unmatched wash of the commentariat) has in mind.

Oh, and thompson, we did that! At least we managed to do it on the Federal level. More work to do, especially in the House.

I realize this is an open thread, but saying you are leaving because of the snark and then bringing it over here is not really what I (and I think the great unmatched wash of the commentariat) has in mind.

As you wish, lj.

sapient:

I have no objections to the 'don't elect fascists' plan. Personally, I don't view it as sufficient, but I understand we differ on that point.

But what I was wondering, and maybe I should be more explicit, was the following:

Is your support of the NSA now predicated largely by an administration you support?

To say another way, would the same tools in an administration you didn't support (frex GWB) be objectionable?

I think it's hilarious that the RNC is now thanking Snowden and condemning NSA spying. It'd be even funnier if some liberals reversed their positions. Oh, wait...

But snark aside, why should anyone make judgments positive or negative about issues based on what cynical political types choose to do?

Thanks sapient, I appreciate that. I'm actually probably a lot more sympathetic to your position than most, and I'm hoping Ugh will write something and I may try as well, but when it gets to the level of zingers, I feel we might as well just move to twitter.

I have an extra can or two of snark in case anybody feels they are running short. Spraying the pan with snark before frying the spam enhances its flavor substantially.

for wj: General propositions do not decide concrete cases. - Oliver Wendell Holmes.

I think it's hilarious that the RNC is now thanking Snowden and condemning NSA spying.

I think it's predictable that the RNC would support removing information as a tool of government and leaving corporations with a monopoly over it.

Is your support of the NSA now predicated largely by an administration you support?

I've pretty much always supported a strong and effective government as long as it's in the hands of humane and competent leaders. The constitutional system of checks and balances controls against abuse if responsible leaders are in office. I consider elections extremely important, and I'm much more troubled by the fact that money distorts the electoral process than I am about the NSA in the hands of the Obama administration. But yes, the NSA, the military, the other departments of government - all of those are disastrous tools in the hands of the right-wing.

The answer is to elect people who make government work for the general welfare. It's our only solution to combat the unbridled power of private wealth. Weakening government certainly isn't the answer.

I think it's predictable that the RNC would support removing information as a tool of government and leaving corporations with a monopoly over it.

If you weren't talking about a defense/LE "tool of government" I'd agree with you, but the RNC has rarely demurred from empowering the military-industrial complex and its halo.

Some people just don't get that they are pawns.

And other people base their opinions of governmental programs on principle rather than political expediency.

I don't know what "defense/LE" means.

Defense or law enforcement.

Also:

I've pretty much always supported a strong and effective government as long as it's in the hands of humane and competent leaders. The constitutional system of checks and balances controls against abuse if responsible leaders are in office. I consider elections extremely important, and I'm much more troubled by the fact that money distorts the electoral process than I am about the NSA in the hands of the Obama administration. But yes, the NSA, the military, the other departments of government - all of those are disastrous tools in the hands of the right-wing.

Not to put too fine of a point on it, but this sounds an awful lot like a thinly-veiled paean to rule of man over rule of law.

sapient, if you leave, where will you be going? just, y'know, curious.

I think it's predictable that the RNC would support removing information as a tool of government and leaving corporations with a monopoly over it.

I don't understand what this monopoly over information is supposed to mean. How does the government's having the same data that corporations have protect us from the corporations? That's not even the purpose of the NSA program in question.

You say the comms companies need this data to perform functions vital to our way of life, but because you don't trust them with it, you suggest that it makes it acceptable for the government to have it.

I just don't get it. It makes no sense.

And you have yet to address the point that these corporations don't have each other's data, nor Nombrilisme Vide's point that the comms companies lack the resources to analyse the data in the ways the NSA can.

You also reduced the question of potential for abuse to a binary determination between *potential for abuse* versus *no potential for abuse*, which it is not. It's a question of determining to what degree the potential exists and making a judgement about acceptable levels of risk.

this sounds an awful lot like a thinly-veiled paean to rule of man over rule of law.

You have to do a lot of interpreting in order to come to that conclusion. The Constitution provides for a strong government under the law, allowing the Bill of Rights to protect individuals against majority abuse by the government. I don't advocate ignoring the Constitution (which includes the authority of Congress to make laws), so not sure what your point is. Good leaders honor the law; bad leaders find no need to do so.

Remember, the NSA data collection program began without any Congressional authorization. "A former telecom executive told us that efforts to obtain call details go back to early 2001, predating the 9/11 attacks and the president's now celebrated secret executive order. "

Who needs laws to "rein you in" if you don't care about the law?

sapient, if you leave, where will you be going? just, y'know, curious.

Hard to say.

And you have yet to address the point that these corporations don't have each other's data

What's stopping them from buying it? Or merging? Why do you need "all the data" in order to have enough on many of those millions of customers you do have to blackmail them, or harm them?

companies lack the resources to analyse the data in the ways the NSA can.

That's an unproven assertion, if I ever heard one. As most of us know, Google is way better at finding significant information from large amounts of data for a variety of purposes than what we know the NSA is doing. And where has anyone answered the question: if third parties have huge amounts of data with which they can sift though and find out who in the batch is pregnant, what kind of "expectation of privacy" do we exactly have in that data?

You also reduced the question of potential for abuse to a binary determination between *potential for abuse* versus *no potential for abuse*, which it is not.

When did I do that?

It's a question of determining to what degree the potential exists and making a judgement about acceptable levels of risk.

Sure. No argument. Congress has been through this process, and revisits it on a regular basis. Not only is there legislation that was introduced during the fall (two competing bills), but Congress placed a sunset provision on existing law to expire in 2015. They have to reauthorize it if it's going to remain in existence. I don't consider that system an indication of totalitarianism.

*I* certainly expect that, if someone wants to find out what phone numbers I have dialed, they will have to get a warrant.

The norm has been that a warrant is not needed for this.

Sort of briefly:

Olmstead vs United States (1928) held that wiretaps did not violate the 4A.

Katz vs United States (1967) overturned Olmstead and held that they did violate the 4A, and established the "reasonable expectation of privacy" test.

Smith vs Maryland (1979) held that a pen register trap and trace - which captures the numbers dialed and the time of call, but not the content - did not violate the 4A because there could be no reasonable expectation of privacy since the phone company (a third party) has to know that information in order to route the call.

From Smith vs Maryland on, information about the communication other than the content itself has been seen as outside 4A protection, while the content has been seen as being protected by the 4A.

Congress established *statutory* (as opposed to constitutional) protection for pen register and similar methods for capturing "metadata" in the Electronic Communications Privacy Act (ECPA) in 1986.

The ECPA also explicitly addressed email and other electronic communications where message content is held at rest by a third party, and extends the legal protections afforded to phone calls to those.

The protections afforded to electronic "metadata" by the ECPA is weaker than that afforded to content - a court order, rather than a warrant, is sufficient to carry out metadata capture. So, for metadata, stronger protections than under Smith vs Maryland, but not as strong as Katz.

The USA Patriot Act (USAPA) overrode much of the protections of the ECPA, however in its current amended form metadata captures still must (a) be relevant to a specific investigation authorized by the FISC, and (b) cannot be carried out on US persons for activities specifically related to their exercise of 1A rights.

Long story short, from 1967 to 1979 the feds would have needed a warrant to trace what numbers you called. Other than that, they could do so either at will or with a simple court order.

As an aside, I will say that relying on the personal goodness and integrity of individuals elected to public office as an impediment to the abuse of power seems, to me, fantastically naive and unrealistic. It also seems to be contrary to the entire project of constitutional republican (note the small r) governance.

My opinion.

what kind of "expectation of privacy" do we exactly have in that data?

We have the expectation that the government will not allowed to capture it and use it against us, whether in a criminal proceeding or any other way.

That's what is guaranteed in the 4A.

As far as I can tell, the 4A does not and was not intended to address the use of private information by private actors.

As an aside, I will say that relying on the personal goodness and integrity of individuals elected to public office as an impediment to the abuse of power seems, to me, fantastically naive and unrealistic. It also seems to be contrary to the entire project of constitutional republican (note the small r) governance.

Relying on "personal goodness and integrity," is not what I said, although those things are a plus, for sure. Competence, devotion to the law, and belief in the project of governing is more what I meant. I don't understand why that's more naive than thinking you can pass laws that "rein in" undesirable behavior, and then elect people who will ignore them, and think that it will all be okay.

On the question of NSA surveillance, there are some factual givens. There's a vast amount of information that's collected all over the world, and available to many people. Some of it is freely available; some of it is protected under the law, and by technology, but available to people with technological expertise, and willingness to flout the law. Some of it is encrypted successfully (for now), but can be disclosed by malice or accident by people who have the keys. The federal government is only one of many entities who might have access to this data.

National defense is a legitimate interest of government. Allowing the federal government to pursue that interest, while protecting citizens' constitutional rights, requires vigilance and oversight. No one denies this. But prohibiting the federal government (which represents the collective interests of citizens) from access to the same information that large numbers of private actors have (who represent their own interests) is putting too much power into private hands.

We have the expectation that the government will not allowed to capture it and use it against us, whether in a criminal proceeding or any other way.

That's not at all what the Fourth Amendment says. The Fourth Amendment says nothing about "capturing" data given to third parties. That's what the "outside of the envelope" concept is all about.

What's stopping them from buying it?

A couple of things. First, it is generally not for sale. You can see this for yourself: call up the phone companies and try and buy this data on yourself or on me. Go ahead, I'll wait. Any luck?

There are thriving markets in selling data on individuals, but for a lot of reasons, this data is generally focused on demographics; companies like bluekai will, for a price, tell you that the web browser with bluekai cookie #12345678 is (probably) a married woman in her 30s who lives in Nebraska and is interested in purchasing a new car. This is really not comparable in any way to the NSA's data (you can opt-out, the data doesn't contain personally identifying information, etc).

Or merging?

Consolidation in the wireless telecom space is really not a problem these days.

Why do you need "all the data" in order to have enough on many of those millions of customers you do have to blackmail them, or harm them?

I tried to explain this earlier but perhaps I was not clear.

The government has huge databases of criminals and suspected criminals, accumulated as part of its law enforcement functions. No one else has access to these databases. If AT&T decided to blackmail a Senator by looking at their call metadata, they'd have a much much harder time than the NSA because even though they can link Senator A to person B and person B to person C, they don't know that person C is part of a drug cartel and they don't know that person B is suspected by the DEA of being an intermediate distributor. The government does know that though.

Privacy is not a boolean property that you either have or don't have. It is a multifaceted emergent property that depends in part on how much information other people can easily combine about you. No one but the feds can easily combine law enforcement databases and tax databases and metadata.

companies lack the resources to analyse the data in the ways the NSA can.

That's an unproven assertion, if I ever heard one. As most of us know, Google is way better at finding significant information from large amounts of data for a variety of purposes than what we know the NSA is doing. And where has anyone answered the question: if third parties have huge amounts of data with which they can sift though and find out who in the batch is pregnant, what kind of "expectation of privacy" do we exactly have in that data?

I build big data systems for a living. I have access to data on several hundred million people. And your statements here are just bullshit. You literally don't know what you're talking about.

Consider AT&T. It has metadata. And as I explained above, it doesn't sell that data, so the only privacy issue here is with AT&T (and its sibling telecom companies) or the NSA. From AT&T's perspective, there's no value in privacy violating metadata analysis: AT&T gets paid by subscribers. Privacy-violating metadata analysis doesn't help them improve their service and get more subscribers or higher profits. It costs money and can lead to a public relations disaster that causes them to lose subscribers en-masse and thus lose lots and lots of money. The NSA, on the other hand, doesn't have to worry about losing money: their all point is to analyze this data and they have a bottomless money pit backing them.

Why do you need "all the data" in order to have enough on many of those millions of customers you do have to blackmail them, or harm them?

Consider the case of AT&T trying to blackmail a Senator. In addition to not knowing who is criminal, there's also the problem of probability. Assume that the wireless telecom market is divided into roughly equal fourths. That means the probability that any given wireless phone number belongs to AT&T Wireless is about 1/4. The probability that Senator A's wireless number and Person B's and Person C's wireless numbers all belong to AT&T are (1/4)*(1/4)*(1/4), or under 2%. There's a less than 2% chance that AT&T would have enough data to realize the Senator is a drug user (assuming they had access to law enforcement databases to begin with). Of course, the presence of landline phones and other communication mechanisms reduce this number even further.

Market segmentation make it very very hard for any single actor in the telecom space to amass the kind of data needed for this sort of blackmail. The NSA really does have unique capabilities different in degree and kind from any private entity.

My book recommendation:

[...]
Which paint color is most likely to tell you that a used car is in good shape? How can officials identify the most dangerous New York City manholes before they explode? And how did Google searches predict the spread of the H1N1 flu outbreak?
[...]

Big Data: A Revolution That Will Transform How We Live, Work, and Think

Interesting, CharlesWT. Looks worthwhile.

When did I do that?

Here, for just one example:

Parents sometimes abuse children; therefore, people can never be parents.

People sometimes embezzle funds; therefore, people should never be put into a position of trust.

Etc. Your premise is dumb, thompson.

Juxtapose your attitude about the potential for the government to abuse the power gained from all the data they've collected with all the "what if"s you're willing to apply when it comes to corporations. You're perfectly willing to think they're going to do all these strange, unprecedented things to mess with people with the data they have, but the government, which has a track record of abusing information and power for nefarious purposes, should be trusted...because Obama.

Consider the case of AT&T trying to blackmail a Senator. In addition to not knowing who is criminal, there's also the problem of probability.

What if he's having an affair? That's not really criminal, but it's what many people are brought down for.

Most organizations don't have any reason to do the kind of data mining that the NSA would do to find terrorist suspects. That doesn't mean powerful people with access to information couldn't blackmail people. COINTELPRO was often about discrediting people for personal associations or indiscretions.

I think that most people have better things to do than read my email or track my phone calls, but it would bother me if they did. But any form of communication is dependent on a certain degree of trust, that the recipient won't forward it or discuss it. The Fourth Amendment mentions physical objects (including one's body). Once a person communicates an idea to another person, that communication is out of the bag. (Letters can be passed around, etc., so a warrant may need to be issued to cover the belongings of a person possessing the letter, but not the sender, etc.)

Some of these ideas are being discussed in a case against Google. (A brief">http://www.consumerwatchdog.org/resources/googlemotion061313.pdf">brief by Google's lawyers.) Please check out some of the footnotes regarding recent cases on the expectation of privacy in Internet communications.

This is an interesting area, and I don't claim to know anything about technical issues involved in amassing data. It's clear to me, though, just anecdotally, and from cases that have been published, that there is a lot of law left to be decided on what is a "reasonable expectation of privacy" and what isn't.

Sorry, bad link. The brief is here.

Not really a gadget, but something I've been waiting to hit the market for a long time: Omniphobic clothing. No more stains!

http://www.youtube.com/watch?v=HpBK8kQRCi0&list=UUcTtHvqdxYATv861ioWdHbw

hairshirthedonist, you're entitled to opinion. Maybe the Congress will shut down the NSA. If the Government can effectively defend the country without it, I really don't care. I just feel that if you want to be paranoid about the brave new world of data, you've got a mountain of other worries that are more serious than the abuses of the NSA.

"If the Government can effectively defend the country without it"

IS there any indication it can't? I've linked to three different very, very thorough analyses that all say its done practically nothing.

Interesting, CharlesWT. Looks worthwhile.

No, it really doesn't. It looks like garbage written by ignorant people who don't know basic statistics and have never built or worked on an actual big data system. People who have worked on such systems would never make such sweeping claims because they're simply ludicrous. If you think big data is going to change how you buy a used car, well, I have this awesome bridge to sell you.

What if he's having an affair? That's not really criminal, but it's what many people are brought down for.

The exact same arguments apply in this case. The problem of probability still greatly reduces the chances that any one company will have the data needed to detect an affair. And while the government knows everyone's date of birth and gender and marital status, many private companies do not, so reliably determining that this individual the Senator is talking to is a paramour is much harder for AT&T than the government.

The point is that the NSA having "all the data" puts it in a very different position than a single company having a small fraction of the data. There is a network effect here where the value of the data set for blackmailing is proportional to the square of the fraction of the data available. Having all the data makes blackmail easy, but having 25% of the data is basically useless for blackmail.

Having all the data makes blackmail easy, but having 25% of the data is basically useless for blackmail.

Unless you're using the data to confirm what you already suspect about someone whose account you can look at.

Unless you're using the data to confirm what you already suspect about someone whose account you can look at.

Did you understand the probability argument at all?

Turbulence:

Big data analysis isn't something I know much about. I've only read popular media accounts, and I know those are fraught with error.

Can you recommend a relatively easy to understand book/blog/what have you?

If you think big data is going to change how you buy a used car, well, I have this awesome bridge to sell you.

Don't mistake your personal tree for the forest. :)

IS there any indication it can't? I've linked to three different very, very thorough analyses that all say its done practically nothing.

If, as Turbulence said, most people's analysis of big data is BS, and Turbulence believes that the government, and the government alone, can find out stuff about people, I'm inclined to believe that the government can find out about terrorist networks. So far, most Congress people who have access to classified information, keep reauthorizing the program. Also the FISA court judges keep issuing orders allowing searches. I don't claim to know the answer - I'll trust my elected representatives who have time to look at the classified and other evidence.

Honestly, I'll start stressing out when notice that any dissidents are being silenced. For the most part, everyone I know trashes the Executive branch on a regular basis, including people here on this blog. As for criminals, if they go to court with plenty of untainted evidence against them, they deserve to be prosecuted.

If, as Turbulence said, most people's analysis of big data is BS, and Turbulence believes that the government, and the government alone, can find out stuff about people, I'm inclined to believe that the government can find out about terrorist networks.

That's a spectacular distortion about what I wrote. I think the NSA is in a unique position to threaten the civil liberties of people. That doesn't mean that private companies are completely harmless. And it certainly doesn't mean that the NSA is effective at finding terrorists. I don't think that at all.


Can you recommend a relatively easy to understand book/blog/what have you?

When people talk about big data, I think they're often conflating two different things. One is scalable cheap parallel data storage and computation. The other is statistical inference. The implication of a lot of big data stories in the popular press is that we're on the verge of entering a golden age where the combination of awesome statistics/machine-learning and computers will lead to all sorts of world changing insights. I don't think this is true at all.

A lot of big data stories boil down to:

(1) really simple statistical models being thrown against large data sets; this is only feasible (at a reasonable cost) because of recent improvement in scalable data storage and distributed computation

(2) more complex statistical analysis that's actually running on fairly small data sets

(3) small data sets that are generated easily from much larger messier data sets that didn't used to be available (this is a subset of (2))

(4) obvious BS where people who don't understand statistical inference threw some numbers into Excel or SAS or R, got a result and are too ignorant to realize that their result is meaningless

The Google flu detection is an example of (3) as is the Target pregnant customer campaign. There's a fairly obvious signal hiding in a mass of large data (flu symptom keywords and pregnant woman purchase changes). Once it occurs to you to extract that data, doing so is very easy, and once you extract it, the data itself and the statistical analysis are small and simple. That's kind of cool, but not very general and unlikely to be earth shattering.

The difference between (1) and (2) is that even with distributed computation, if your inference algorithms are complex enough to consume time or memory that grows faster than the size of your data, when you have a lot of data, you can't afford the computation needed. (Think of naively sorting a data set for example: if I have N things to sort, I'm going to need around N squared operations to sort it; when N is very large, N squared is impossibly large, so I can't do it). So, sufficiently complex statistical models are usually only run on small data sets. If you're really running on large data sets, odds are that your analysis is relatively simple, and there are limits to how much you can learn from simple inference, even with lots of data.

To your question, I usually think of two different pathways: the statistics/machine-learning side and the scalable data storage/processing side. Data scientists usually focus on the former while systems people like me focus on the latter; it is somewhat rare to find people with expertise in both. Any basic statistical inference or machine learning textbook will get you off the ground on the former. Things like the Kaggle competitions are popular in that world. For the systems aspect, things are trickier. A lot of work is being done in the hadoop ecosystem, and there are tons of books/conferences/articles. The problem is that hadoop was written by morons and most of the ecosystem surrounding it is crap. If you just want an intro to the field though, reading up on hadoop and the problems that it solves and why it is the way that it is can be useful. That basically boils down to "how do I do scalable distributed computation while dealing with the fact that nodes can fail and inter-node communication can be expensive?".

"I'm inclined to believe that the government can find out about terrorist networks"

Based on...what? Congressional approval and a secret court?

"Honestly, I'll start stressing out when notice that any dissidents are being silenced."

You mean like a staunch critic of the intelligence/industrial complex repeatably detained at airports and had personal property seized?

http://en.wikipedia.org/wiki/Jacob_Appelbaum#Detention_and_investigation

The Fourth Amendment says nothing about "capturing" data given to third parties. That's what the "outside of the envelope" concept is all about.

Which is why I have said, repeatedly, including in this very thread, as long as this topic has been under discussion here on ObWi, that routing and other information about communications *other than the content of the communication itself* is not protected by the 4A.

What the 4A does not cover is the capture and use of private communications by private actors. Since we're discussing the *government's* use of that information, it seems to me to be a relevant point.

If you'd like to begin a discussion of data privacy laws and why they would be a good thing to have, I'm all for it. That's a different discussion.

That's a spectacular distortion about what I wrote.

Welcome to another episode of "conversations with sapient".

turbulence:

Thanks, I'll look into kaggle and hadoop. I appreciate the breakdown, it was very thorough and made a lot of sense.

I've had quite a bit of fun playing around with this symbolic regression software.

Laura Poitras is another journalist who is routinely harassed at airports. link

I've had quite a bit of fun playing around with this symbolic regression software.

(Second try. The previous one went into monitor purgatory.)

Since we're discussing the *government's* use of that information, it seems to me to be a relevant point.

We're discussing legality and policy matters concerning what we know about the NSA data collection program. We know that the NSA collects metadata which, according to current case law (except for Judge Leon's opinion), is not unconstitutional.

Whether the collection of data is otherwise illegal, whether it's wise, whether there are sufficient safeguards, and whether the notion of "expectation of privacy" regarding electronic communications is changing because of use of that information by non-government entities are all things that are being discussed.

"Expectation of privacy" is a fluid concept. Not only that, but it's a fairly new legal concept. For Fourth Amendment purposes, I have a great expectation of privacy in a letter I write, as long as I've still got the letter. When I put it in the U.S. mail, because of postal laws and regulations, I still have an expectation of privacy. When the recipient gets it, I have considerably less expectation of privacy. When a warrant to read my pen pal's mail is obtained, my letters can be read. These expectations are relevant for Fourth Amendment analysis purposes even if the government isn't yet involved.

So, aside from ECPA considerations, do I have an expectation of privacy in my "inbox"? Do the senders of the mail have one? Do I have an expectation of privacy in my "sent mail" box? There are some court rulings that indicate that there is no expectation of privacy in instant messages.

In other words, no matter how violated we feel, the law isn't specific on all of those issues, and when people say that their rights are being violated, it's not clear that the law will back them up.

That's a spectacular distortion about what I wrote.

I wrote what I understood you to say, which is the following (as I heard it, not as you said it):

1) the NSA can make grave and destructive use of data because they have so much of it;

2) they are able identify when people are involved in crime and will use that information for blackmail;

3) we don't have to worry about private entities doing that because they don't have the incentive, and something [incomprehensible to me] about probabilities.

4) But anyway, don't worry your little heads about Google when the NSA is the one that's going to blackmail you with secret knowledge of your criminal activities.

I realize you didn't say it that way, but perhaps it would be helpful for you to know that some people understood it that way.

Now you're clarifying: that the NSA can't really solve terrorist plots; they are only capable of using this vast data to find evidence to blackmail people and do other nefarious things. And, yes, we should worry about private entities too, but maybe not for the same reasons.

I realize that what I understood is not exactly what you said, but it seems close. Other people probably understood it exactly as you intended, so let this just be evidence of my learning disability.

As to the friends of Wikileaks who are being investigated at airports: even though you love Wikileakers and Snowden, the fact is that revealing classified information is a crime. These people are suspected of gaining access to the information, and are probably suspected of helping the leakers. There is nothing new or wrong with investigating suspected accomplices to crime. (I know you don't think it's a crime!)

Here's the latest I know about on the Miranda lawsuit. Don't know if there's been a decision, but we'll see if the court determines that the detention was oppression of a dissident.

" There is nothing new or wrong with investigating suspected accomplices to crime."

I certainly agree. Which is why it should be easy to get warrants to investigate and detain, assuming the suspicion was based on something like probable cause.

And this would likely be followed up by indictments, trials, and convictions.

As none of this happened with Appelbaum or Poitras, I'm left assuming the government has little evidence that they committed a crime.

In which case, they are basically harassing American citizens who are engaged in activism the government does not approve of.

As both of these people are regularly in the US, it would be trivial to arrest and charge them, again if the US government had any evidence to suggest they committed a crime.

turb, let's face it. Big Data is just the latest in a decades-long series of fads in IT. Most of them had some small bit of good sense originally. Then the PR guys got to it, and it because The Next Big Thing. And lost all resemblence to reality.

All of which is only exacerbated by the fact that a lot of people think they know what data is; and virtually none of them even know that a statistic is not a piece of (raw) data. Statistical inference? Not even in their universe. Which doesn't keep them from pontificating about how the world will change as a result.

As none of this happened with Appelbaum or Poitras, I'm left assuming the government has little evidence that they committed a crime.

Fortunately, Appelbaum and Poitras live in Germany now where they can be free.

The harassment of Poitras started after her first documentary on Iraq. And she's not the only one. Glenn has an article about how a great many people have been harassed at airports--

link

This, again, is what worries me about government surveillance. They're not going to come after me for bloviating under my real name all over the internet. But they might go after investigative reporters (the few that still exist) or Muslim Americans with views critical of US foreign policy. Here is a prolonged quote from the Greenwald article about Poitras--

"Since the 2006 release of “My Country, My Country,” Poitras has left and re-entered the U.S. roughly 40 times. Virtually every time during that six-year-period that she has returned to the U.S., her plane has been met by DHS agents who stand at the airplane door or tarmac and inspect the passports of every de-planing passenger until they find her (on the handful of occasions where they did not meet her at the plane, agents were called when she arrived at immigration). Each time, they detain her, and then interrogate her at length about where she went and with whom she met or spoke. They have exhibited a particular interest in finding out for whom she works.


She has had her laptop, camera and cellphone seized, and not returned for weeks, with the contents presumably copied. On several occasions, her reporter’s notebooks were seized and their contents copied, even as she objected that doing so would invade her journalist-source relationship. Her credit cards and receipts have been copied on numerous occasions. In many instances, DHS agents also detain and interrogate her in the foreign airport before her return, on one trip telling her that she would be barred from boarding her flight back home, only to let her board at the last minute. When she arrived at JFK Airport on Thanksgiving weekend of 2010, she was told by one DHS agent — after she asserted her privileges as a journalist to refuse to answer questions about the individuals with whom she met on her trip — that he “finds it very suspicious that you’re not willing to help your country by answering our questions.”

"Fortunately, Appelbaum and Poitras live in Germany now where they can be free."

Germany has a fairly complete extradition treaty with the US. This would be no bar unless it was a "political offense" and not otherwise a crime.

This, again, suggests to me the USG has no evidence that these people committed a crime. If they did, they could have seized them at any time on one of their many trips to the states, or issue an extradition request to Germany.

And again, we end up with law enforcement harassing activists that the government doesn't like. Which is precisely when you said you would start to worry.

Donald:

Another thing that concerns me is that it doesn't seem these checks are investigating a crime.

First of all, they only take place at border entry, with weakened constitutional protections. While it doesn't mean they don't have probable cause to question her, it certainly doesn't indicate they do.

Second, the repeated questioning, extended detentions (some lasting hours!), and seizure of perfectly legal papers and things has every presentation of harassment and fishing expeditions and no indication of an actual specific investigation.

You do know, Donald, that there's a international border exception to the Fourth Amendment. I'm not sure where my outrage went off to: someone who is known to be assisting a fugitive comes and goes across the border 40 times.

Of course, if one is a foreign Arab journalist, the gloves come off--

amnesty international report

The claim is that Abdulelah Haider Shaye was working with Al Qaeda to plot attacks on Americans, but evidence of this seems lacking. What is known is that he helped expose a US missile attack that killed a lot of civilians and that Obama personally lobbied to keep him in prison.

This, again, suggests to me the USG has no evidence that these people committed a crime.

The government doesn't need evidence to search people at borders. It also doesn't have to be especially nice to people who assist fugitives from justice in disseminating national security secrets. As far as I know, both people are living safely and happily abroad, working away, and expressing themselves freely. If the NSA were all powerful, wouldn't it be easier to just disappear them?

Donald:

Amnesty International? They are probably in the Koch brothers' pocket. An extreme right-wing organization if I ever saw one.

Which fugitive, sapient? Was Snowden a fugitive in 2006? The NSA been doing some secret time travel research alongside the quantum computer work?

Anyway, I understand that to you there's nothing suspicious about the harassment of a journalist who makes the US look bad. Journalists are always hanging out around suspicious characters and so if the government is to do its job it has to harass them.

That international border exception to the Fourth Amendment is pretty broad. Literally. Extending inward a 100 miles from the borders.

" It also doesn't have to be especially nice to people who assist fugitives from justice in disseminating national security secrets."

Like the new york times or other journals?

I recognize (and even said above) that constitutional protections are weakened at borders. My point is the government seems to be using that to harass and intimidate people when they have NO EVIDENCE that these people are criminals.

" As far as I know, both people are living safely and happily abroad, working away, and expressing themselves freely."

Which saddens me that two american citizens need to live abroad and not enter the US in order to enjoy constitutional protections.

" If the NSA were all powerful, wouldn't it be easier to just disappear them?"

Nobody said the NSA had that capability.

Big Data is just the latest in a decades-long series of fads in IT.

Tis true alas.

Welcome to another episode of "conversations with sapient".

At least sapient is consistent. That's a virtue when it comes to being wrong, right?

That international border exception to the Fourth Amendment is pretty broad. Literally. Extending inward a 100 miles from the borders.

This is just not true. Literally not true.

The NSA been doing some secret time travel research alongside the quantum computer work?

Maybe the border patrol found some stuff on her computer even back then? In any case, they're allowed to do that, and it's a chance that people take when they travel. She's made a decision to avoid the hassle by staying in Germany. Good for her.

By the way, it doesn't seem as though Amnesty International has completed its investigation regarding the Yemeni reporter (who is now free). The article you point to "raises questions".

Which saddens me that two american citizens need to live abroad and not enter the US in order to enjoy constitutional protections.

They enjoy constitutional protections when they're in the U.S. Just no Fourth Amendment protections against searches at the border. Same with me. Same with you. I choose to live in the United States anyway.

This is just not true. Literally not true.

Depends on how restrained officials feel from doing as they please within that 100 miles.

Holding Border Patrol Accountable (youtube)

·

Big Data is just the latest in a decades-long series of fads in IT.

keeps me employed. so, bring it on.

hsh:
And you have yet to address the point that these corporations don't have each other's data, nor Nombrilisme Vide's point that the comms companies lack the resources to analyse the data in the ways the NSA can.

In all fairness, I made that point right after sapient bowed out of the other thread, so it's entirely unreasonable to expect him to have addressed it.

"Just no Fourth Amendment protections against searches at the border. Same with me. Same with you."

sapient, a few things.

First of all there are still 4A protections at the border, they are just weakened. The thrust of the case law, as I understand it, is that 'routine' searches of property are reasonable at the border.

Extended detentions are not routine and only allowed if CBP has reasonable suspicion of contraband stowed in the GI tract.

The 5A implications of the border seizures have not been hashed out in the courts, to my knowledge.

Second, we grant LEOs fairly broad powers outside of judicial review. While I recognize that these powers are legal, I also recognize that they are subject to abuse, for example in the repeated harassment of an activist by detaining them and seizing their property.

So, while I suspect that there may be illegal aspects to some of the USG actions in these cases, my concern doesn't rest on the illegality of the actions.

Even if the USGs actions were fully legal, I'd still hold grave concerns that the government was improperly using powers granted to it by the people to harass and intimidate anti-government activists.

sapient:
I don't advocate ignoring the Constitution (which includes the authority of Congress to make laws), so not sure what your point is. Good leaders honor the law; bad leaders find no need to do so.

When you advocate creating and empowering programs that you freely assert will be "disastrous" when the "wrong people" control them, you're asserting that we should base our expectations of governmental behavior on the values of our leaders rather than on our laws. You weren't even asserting (as you do here) that it's a matter of the "bad people" breaking the laws to make bad things happen, you asserted that the systems that you deem well-regulated and non-excessive will become abusive and unacceptable under "bad" leadership. So no, you don't have to do much interpreting at all in order to come to that conclusion.

Also, if you're serious in thinking that the checks and balances in place will hold back malfeasance, they need to be zealously enforced when the "right people" are in office, or they'll be delegitimatized when the "wrong people" take power. That you've argued that zeal now amounts to becoming an RNC "pawn" suggests a preference for selective applicability of law, which again reinforces a perception of a preference of rule of man over rule of law.

As most of us know, Google is way better at finding significant information from large amounts of data for a variety of purposes than what we know the NSA is doing.

Again, Google (or other private actors) don't have access to as much (or the same kind) of data the gov't does. Period, full stop. And given the extreme secrecy enshrouding the NSA, your "than we know the NSA is doing" is carrying so much weight that I can't see it advancing itself, let alone an argument. You also are back to wanting to have it both ways: you want us to believe the NSA's (supposed (and dubious)) inferior ability to make shallow inferences (and I'm sorry, your chosen example doesn't rise above that level) based on web search patterns and suchlike means we've nothing to fear from it, but it's also important that they have that capability so they can make the deep inferences that will make terrorists et al have everything to fear from it.

(Also, what Turb said. Very much so. I know enough about ML/data mining to know he's accurate, but not enough to make any contribution beyond "what he said!".)

You also reduced the question of potential for abuse to a binary determination between *potential for abuse* versus *no potential for abuse*, which it is not.

When did I do that?

When you argued that the private sector having too much data on us is a countervailing factor in favor of the gov't having too much information on us, especially since it's not exclusive of the corps still having said info. Indeed, especially since the NSA having said info is contingent on the corps having it. You don't explicitly make the dichotomy hsh spells out, but you imply it with your misdirecting invocation of excessive private data holdings. Logically, both private and public actors having "too much" info (or even just data) is bad, but you've presented the private actor having it as a mitigating factor in considerations that the public actor has it too (and then some). So while there's no explicit (or rational) invocation of said dichotomy, the implicit conclusion is that we should view it as a non-problem since we've failed to prevent private actors from collecting (non-collated) data. Though to your credit you have explicitly denounced this view, albeit without reconciling the above issues.

As to the friends of Wikileaks who are being investigated at airports: even though you love Wikileakers and Snowden, the fact is that revealing classified information is a crime.

Actually, no it isn't. Revealing certain (broad) categories of classified information is a crime (Title 18 U.S.C. §793-794, §798, §952; Title 42 U.s.C. §2274-2277; 50 U.S.C. §421; potentially 5 U.S.C. Section §552a, with the first being the broadest: disclosure of of information “relating to the national defense” when the person disclosing the information has reason to believe it could be used to injure the United States or to aid a foreign nation). But just because something is classified doesn't make its disclosure a crime (unless you're a servicemember, in which case you'll probably be covered by a tight enough web between General Orders and UCMJ that any disclosure would be criminal).

So, while I suspect that there may be illegal aspects to some of the USG actions in these cases, my concern doesn't rest on the illegality of the actions.

I imagine the brave and illustrious civil liberties champions would be willing to test the legality of these actions by suing. But the reason that they don't is that the actions weren't illegal.

Even if the USGs actions were fully legal, I'd still hold grave concerns that the government was improperly using powers granted to it by the people to harass and intimidate anti-government activists.

I have few concerns about the alleged harassment of somebody who goes back and forth across the border 40 times. That's a lot of times. She's apparently very free to travel. She has created documentaries that are freely screened. We all know what she thinks. If she's inconvenienced because during a war she was suspected of having something that the government didn't want her to take outside the country, or she had classified information, or something else, and she had to wait for a couple of hours, I'm just not gravely concerned. Call me apathetic, but I just don't care.

Anyone see my open thread? I thought it was around here somewhere...

we should view it as a non-problem since we've failed to prevent private actors from collecting (non-collated) data

My feeling is that you can't stop private actors from collecting data. Like this. The City of London (which, because of certain historical anomalies, has a special status) has ordered the company to stop, but I imagine you'll see this technology in Asia in the next 10 years. Back when this thread was an open thread, fridges linked to the internet were mentioned, and Google's purchase of Nest for 3.2 billion should raise eyebrows. This interview has this:
We've been producing new products, but we wanted to roll them out to multiple countries.

We are in 96 countries where we don't even sell today because we can see these items being connected but we can get there fast enough.

For us going with google, we could get financing, no problem, but we can get access to resources to allow us to move these products much more quickly around the world.

Later in the interview, he says that the data remains with Nest, and if that changes, he will tell everyone, but 10 years down the road, is that going to be the case?

LJ:

As someone completely unqualified, I think this is another example of Google struggling to get out of the advertising game.

If I was google, I would be concern about trending towards a more privacy conscious society, either in terms of the regulatory environment, or just in the technological solutions available to people.

In terms of Nest, I don't think its a great acquisition for google. Thermostats, even smart ones, aren't well protected by IP or other barriers to entry. If its popular, pretty much any other company can easily get in.

Good for competition, but I don't see it working out for google in the end.

The SLIPS video I linked earlier I think is a more disruptive technology than Nest.

Google's problem is that they have overwhelming dominance is what is rapidly becoming a saturated market. Which is to say, there isn't anywhere to grow, unless they can expand out of their niche into other things.

The challenge for them, then, is finding another area. One which
a) is not already taken,
b) has protential for the kind of growth that their shareholders have become accustomed to, and
c) where they can leverage the resources that they already have to good effect.
It isn't proving an easy task, which is why they have paid big bucks for various companies, which then didn't pan out.

My suspicion is that the only real possibility is to come up with a new area themselves. Invent it, figure out how to make money off it (and advertising, as noted, won't do it), build the infrastructure for it, and then convince the world that they cannot live without it.

wj:

I agree. And I think that's part of the reason they've been investing in highly disruptive technologies like driverless cars, as well as infrastructure (google fiber) that would be hard for smaller companies to get into.

They have a huge cash advantage and I think they are looking to the future. At least more so than facebook is...

Fair point, and this article suggests that the google acquisition is more a tribute to an inside Silicone Valley mentality than anything else.

If I was google, I would be concern about trending towards a more privacy conscious society, either in terms of the regulatory environment, or just in the technological solutions available to people

So would you address this by giving more tools to people to have control of their own privacy or would you try to anesthetize them to the ramifications and concerns? Maybe I'm just a pessimist, but the trend seems to be the latter.

I don't see the SLIPS as that disruptive but I may just not be looking in the right place.

The SLIPS video I linked earlier I think is a more disruptive technology than Nest.

Another liquid repellant.
·

LJ:

People are going to get those tools, regardless. Notice how quick Google was to pressure DC after Snowden. They know their current model is predicated on trust...if people don't trust them to handle their privacy, they will turn away.

Schneier has written on this extensively, and I'd recommend it. Trust is central to our economy, and even more important to information companies like google.

There are some people that say privacy is being depreciated by society. I don't think that's true. I just don't think people have really understood the costs yet. People will of course be apathetic before the costs (lost jobs due to HR searches, criminal prosecutions based on facebook, etc etc) become prevalent.

Google may be more interested in the data gathered by Nest products than the products themselves.

LJ:

Regarding SLIPS:

First of all, as a grade A slob, I'd love clothes that didn't stain. But the implications are actually far beyond that.

SLIPS, and other surface modifications from Wyss, are broadly antifouling and are apparently quite robust.

That has implications from preventing barnacle attachment to ships hulls to surfaces that are innately antibacterial.

Imagine a hospital where surgeries, desks, bathrooms, chairs, sheets, blankets, etc...all resist bacterial colonization.

A little farfetched, but not as much as you might think.

"Google may be more interested in the data gathered by Nest products than the products themselves."

Maybe, but I wouldn't think much of them if they did. It would be trivial to make a nest-like system without phoning-home.

Considering a one time investment per house and the price of thermostats...google's typical strategy of offering a product for free in exchange for data would be...less persuasive in general.

LJ, I suspect that, as part of the effort to anesthetize their customers, Google will put lots of effort into pushing all of the advantages (to the customer) of them having all that data. Not sure how they make that case . . . which probably proves that I'm right not to try for a career in PR.

Verizon is doing something similar in the TV ads pushing how you can control all of you household equipment (lights, doors, TV even) from their smartphone. Presumably they are hoping that you won't notice that anyone who can hack the phone signal (don't even need to steal your phone) suddenly has complete access to your house. Somehow, I don't think I'll be signing up.

...control all of you household equipment (lights, doors, TV even) from their smartphone.

Or your car.
·

wj:

The verizon thing is a perfect example of something that would be easy for any other company to replicate. It doesn't rely on any of Verizon's advantages.

I think this is the key problem. Ultimately, you don't need a large aggregator of your data. You need a tool that will aggregate your data for you. And a lot of companies can provide that, even ones that aren't interested in mining your data.

I'm usually pretty sensitive to privacy and data sharing concerns, but the worries over data sharing for nest devices has me totally stumped. Can someone explain to me: why would anyone care whether google knows when my smoke detector goes off? Or what my thermostat is set to?

There are a lot of things that google does that are problematic or at least questionable from a privacy perspective, but this? This just doesn't seem like one.

Thanks, a bit of googling turns up this about SLIPS.

There are some people that say privacy is being depreciated by society.

My viewpoint is from being in a society where privacy is not valued so much, or if it is, it is only as a nod to propriety. This paper gives a basic outline of the situation in Japan. I'm not precisely sure about Verizon, but a lot of these IoT approaches are being mooted here in reaction to the demographics, so that the elderly can more easily be monitored by their kids and caregivers and it seems that once they are integrated, the advantages will be perceived to outweigh the disadvantages.

The comments to this entry are closed.