[liberationtech] Boundless Informant: the NSA's secret tool to track global surveillance data

Nadim Kobeissi nadim at nadim.cc
Mon Jun 10 13:14:40 PDT 2013 

On 2013-06-10, at 5:01 AM, x z <xhzhang at gmail.com> wrote:

> 2013/6/10 Yosem Companys <companys at stanford.edu>
> But, as in the case of AT&T and as corroborated by numerous NSA whistleblowers, tech companies embed NSA workers and give them full access to all their user data, with little to no accountability, which in some ways is even worse.
> 
> Yes that would be quite bad if it's true. I doubt firms like Apple, Google or Facebook would "embed NSA" workers to give them full access to all user data, for the same reasons listed in my previous email, but this is a different topic.
> 
> Then, regarding the possibility that NSA has embedded engineers in all these companies to build a back door without the management's approval, that is also very unlikely. To build a back door in these big companies' system need a whole team, and they need to hide their trace from corporate security monitoring, which is way too risky. 
> 
> Balancing all these gains/benefits and costs/risks, a rational NSA would simply use their usual routines, which is legal, safe, of little risk, and still very effective for their goals.
> 
> Occam's razor would give us the following is what has actually happened in the past three days: a semi-clueless whistle blower fed an overzealous journalist a low-quality powerpoint deck, which met the privacy-paranoia and exploded.
> 

Edward Snowden is one of the most well-spoken, measured and intelligent whistleblowers that we've had in the history of this intellectual sphere. Nothing about the information he's provided qualifies him as "semi-clueless". The Verizon court order, by any account, is the most legitimate court document anyone could ask for in order to prove massive metadata surveillance.


Everything that has been published so far has been confirmed by the Office of the Director of National Intelligence as information related to actually existing intelligence programs. Any common-sense analysis would suggest that Greenwald is publishing the leaks sequentially, bit by bit, and I assume that there is a lot more information either being held back as background data or that will be published soon.

What qualifies a journalist as overzealous? Is it passion and hard work? When this passion produces a consistent stream of intelligent arguments and debate, is it still overzealous? Ask yourself these questions.

Overall, I'm not sure why you insist on not realizing the significance of what happened this past week. Your arguments and point do not measure in front what's been presenting by Snowden, Greenwald and Poitras. Sure, we all always "knew" this was happening — but it's courageous whistleblowers who provide the evidence and indignation needed for public discourse. Now is that time. Realize it and stop wasting yours.

NK

> Cheers,
> 
> 
> On Mon, Jun 10, 2013 at 1:30 AM, x z <xhzhang at gmail.com> wrote:
> (was away for the day, then saw this long thread).
> 
> First of all, I don't feel offended by Jacob's reply to my email at all, probably because I know and expect his style of wording. So far I think the discussion is still pretty civil.
> 
> Now to the main point, which is on the main point of "direct access to servers". The following is why I still think it's untrue:
> 
> - The PRISM slides do not prove such "direct access" (as we interpret it) exists. The PRISM slide's reference to "direct access" can have alternative explanations. For example, it is likely that when the firms hand over information to NSA, they store the requested information on a, say, FTP server for NSA to download, hence "collection directly from the servers of these U.S. Service Providers". Remember that these slides are rather amateurish, and quite clearly they are not written by technical people.
> 
> - The firms (Apple, Google, Facebook, etc) do not have any incentive to participate in such a program to offer "direct access" to NSA. That is quite obvious. Then, what kind of power do people think NSA possesses that can secretly coerce these firms into cooperation?? Remember that Patriot Act/FISA do not require the firms to offer "direct access" at all. Will these firm's CEO or Chief Legal Officer go to jail, for not providing "direct access"? Or DOJ retaliates the firms somehow? Or IRS threatens to tax them at higher rates? Or they all have some sex video to be exposed? The government doesn't really have that much power actually.
> 
> - If all these "participating" firms have built such a system to feed NSA's request automatically, many people would have got involved. This is not a trivial task, the executives need to find engineers to make it happen. And the number of engineers won't be small, given the diversity of data mentioned here. When the CEO's are making their "blatant" denials, aren't they afraid of their own whistle blowers? Or all these engineers are bought out? This feels more like a movie script now.
> 
> - I don't know how some people on this list can get the conclusion that the firms are hiding something from they all having similar "carefully worded denials". They all deny "direct access", that's the most crucial part. Several of them stated that all NSA requests are reviewed manually, that's also a crucial part. If these two bits are true, nothing else really matters. Yes, they do comply with NSA requests, which is not glorious, but it's not what Glenn Greenwald's sensational headline is about.
> 
> I think many people on this list have been hoping or waiting for something like this, because it reinforces their beliefs and helps their agenda, so they readily fall for it. I expect more rigor from geeks.
> 
> Cheers,
> 
> 
> 
> 2013/6/9 Nadim Kobeissi <nadim at nadim.cc>
> It seems Europe isn't safe either from data mining, due to overreach:
> http://www.zdnet.com/blog/igeneration/google-admits-patriot-act-requests-handed-over-european-data-to-u-s-authorities/12191
> 
> NK
> 
> On 2013-06-09, at 1:22 PM, Jacob Appelbaum <jacob at appelbaum.net> wrote:
> 
> > Nadim Kobeissi:
> >>
> >> On 2013-06-09, at 1:02 PM, Jacob Appelbaum <jacob at appelbaum.net>
> >> wrote:
> >>
> >>> Nadim Kobeissi:
> >>>> Jake, I don't agree with x z (and rather agree with you), but
> >>>> I'm really tired of just how aggressive and rude you always are
> >>>> on Libtech. And it doesn't appear to just be towards me. I'm not
> >>>> the only person who feels like this.
> >>>>
> >>>> Even if you're right, tone your ego knob down already. Be nice. I
> >>>> can barely read through threads anymore. Thank you.
> >>>
> >>> Dear Nadim,
> >>>
> >>> I'm sorry that your felt that I was aggressive and rude. It wasn't
> >>> my intention. Nor do I think that my last email had anything to do
> >>> with my ego.
> >>>
> >>> I was defending Glenn's reputation and his findings - which seem
> >>> absolutely solid from where I'm standing.
> >>
> >> What a nice thing to say! Thank you! :-) I think Glenn Greenwald is a
> >> wonderful journalist who really revealed a hugely meaningful story.
> >> Maybe not the story of the decade overall, but perhaps the story of
> >> the decade when it comes to computer and information security and
> >> privacy.
> >>
> >> The thing is, I agree with you almost all the time. But you alienate
> >> me (and I think others too) because of the ruthlessness in which you
> >> express yourself. Even well-known members of a community do not
> >> obtain a license to talk down to others.
> >>
> >
> > I'm sorry that you think I am rutheless. I feel that I actually have
> > quite a lot of compassion and I regularly express it. I do not generally
> > feel pity - to feel pity, generally one must place oneself above others
> > - which isn't useful or productive.
> >
> >> I think it's super nice of you to be this considerate and I think
> >> this is a solid contribution to improving the mood of this list. I
> >> hope "x z" also appreciates this clarification! Hurray for Jake!
> >>
> >
> > Do you suppose you might reply to the points that I made?
> >
> > You asserted that I was aggressive and rude. I contested it. Did you
> > decide that my previous emails were not so, after clarification, or what?
> >
> > All the best,
> > Jake
> > --
> > Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech

More information about the liberationtech mailing list