Creeping Totalitarianism

Journalist Glenn Greenwald has announced plans to publish his final big leak from the Snowden files: A list of U.S. citizens that the NSA has spied on. Naturally, this raises a very important question: Am I on the list? ‘Cause it would really help my badass libertarian rep if I was. I’m just beside myself with excitement!

Truthfully, I doubt they’ve ever spied on me, except to the extent that they’ve spied on everyone, such as phone call metadata. Actually, I’m kind of hoping that the list will run to hundreds of millions of people — damned near everyone with a digital footprint. That would make the NSA’s contempt for privacy pretty damned clear.

But if the list is more exclusive than that, I doubt I’ve drawn their attention. However, I wouldn’t be surprised if a few of the people I know in the blogosphere have made the list. A couple of obvious candidates come to mind:

#1 by a mile is Mirriam Seddiq. She’s a Muslim criminal defense and immigration lawyer from Kandahar, Afghanistan. If the NSA isn’t watching her, they’re not paying attention.

Another likely candidate is Jamison Koehler. Jamison seems mostly harmless, but his wife Susan Burke likes to stir up some shit, and she travels overseas to do it.

Beyond that, I follow a bunch of criminal defense lawyers who probably make a lot of trouble between them — Mark Bennett, Norm Pattis, Rick Horowitz, PDgirl, Matthew Haiduk, Matt Brown, Gideon, the Squawk, the list goes on and on — but they mostly do state work, which I’m guessing wouldn’t draw a lot of attention from the national security types at the NSA. But maybe Scott Greenfield… He does federal work and used to represent drug dealers, and we know the NSA was feeding information to the DEA. Scott is also friends with Lynne Stewart, a defense lawyer who was prosecuted in connection with her defense work for some accused terrorists. If he had contact with her during that time, he could be on the list. Besides, it wouldn’t be the first time the feds spied on Scott.

After that, I don’t know. I’d like to think all us libertarians are on the government’s list, since we hate it so much — maybe Jennifer Abel for all the shit she says about the TSA or anyone at Reason because they despise both parties — but the truth is I suspect nobody in the government regards us as a threat. It kind of hurts my feelings.

(There is, of course, the hive mind that is Popehat. Between Clark’s libertarian ranting and Ken’s federal criminal work, maybe the hat made the list.)

The thing is, if the NSA is spying on libertarian writers like me, it’s an invasion of privacy in service to a witch hunt. That’s pretty bad, but it’s nothing compared to what it means if they’re spying on people like Mirriam Seddiq or Scott Greenfield or any of the other people for whom opposing the will of the government isn’t just a political leaning but their whole professional calling. And if the government has been spying on privileged lawyer-client communications, it raises a lot of disturbing possibilities.

I suppose it’s unlikely that anyone I know will make the list. But if they do, I expect they’ll be really angry.

Holy crap.

I’m still reeling from the latest revelation to come from Edward Snowden:

The files show that the National Security Agency and its UK counterpart GCHQ have broadly compromised the guarantees that internet companies have given consumers to reassure them that their communications, online banking and medical records would be indecipherable to criminals or governments.

This goes far beyond anything I was speculating about a few weeks ago. They don’t mention compromising a CA, but given the scope of the programs revealed yesterday, compromising multiple certificate authorities would be just one small part of the NSA’s assault on privacy. And they really do think of our privacy as the enemy:

The agencies, the documents reveal, have adopted a battery of methods in their systematic and ongoing assault on what they see as one of the biggest threats to their ability to access huge swathes of internet traffic – “the use of ubiquitous encryption across the internet”.

Here’s how the Guardian article describes what the NSA has been doing:

Those methods include covert measures to ensure NSA control over setting of international encryption standards, the use of supercomputers to break encryption with “brute force”, and – the most closely guarded secret of all – collaboration with technology companies and internet service providers themselves.

If I understand the revelations correctly, this doesn’t describe a single program so much as a strategy.

Cryptography is based on math. The broad idea is to find classes of math problems that are that are easy to solve if you have a hint. Encryption then consists of two steps: Generating a random math problem in this class, and then taking plaintext data and transforming it into ciphertext in such a way that the reverse transform back into plaintext will require you to solve the math problem. Since the problem is much easier to solve with the hint, having the hint is like having the key to unlock a door, and this hint becomes the decryption key.

For example, our math problem might involve rotating letters around the alphabet, transforming each letter into, say, the 5th letter after it. A becomes F, B becomes G, Z rotates around to become D, and so on. The decryption is just the reversal: F becomes A, G becomes A, and D rotates back around to become Z. In this example, the class of math problems is rotation around the alphabet, and this particular math problem is based on rotating 5 steps.

Now if I give you a string such as “BNSIDUZSINY” and tell you that it has been rotated by some number of characters, the only way you can decode it is to try all 26 possible rotations and see if any of them make sense. This will take you, on average, 13 tries. Since it is 11 letters long, you will do a total of 143 rotations, on average, to decode it.

On the other hand, if I also tell you that the number of characters it has been rotated is 5, then it will only take you one try — 11 rotations — to decode it to “WINDYPUNDIT”. In other words, by having the hint “5”, you can decrypt it 13 times faster than without the hint. This hint is our decryption key.

Real encryption systems, such as the ones protect your bank’s website, are based on the same principle, but the math problems are much more complicated, and instead of a 13-to-1 advantage to having the decryption key, it’s more like a 13, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000 – to – 1 advantage.

Even if you could convert all the matter in the entire known universe into cloud computing, using any computing technology we know of, you couldn’t try all those keys before the stars burnt out. (Not that there are stars anymore, because you’ve converted them to computers.)

Of course, nobody seriously trying to attack modern public-key encryption will actually try to brute-force it; that would be impossible (unless the key is really tiny). Instead, they try to look for shortcuts that solve the math problem by something other than brute-force guessing. After all, if the problem collapses from impossible to trivial when you have the hint (the decryption key) maybe there are intermediate non-trivial but non-impossible solutions that can be found through analysis of the encrypted data.

Much of internet-based security depends on the RSA algorithm, and there are no known attacks on RSA that improve on brute force enough to make it seriously insecure. On the other hand, nobody has proven that such attacks don’t exist.

Public key encryption algorithms are that complex and that hard to crack because they were designed to be. It’s why they’re secure.

But…

The design process is done by humans, often in the form of standards documents, and this latest document dump from Snowden reveals that some of those humans work for the NSA, and some of them have been secretly making design choices in standards documents that make the encryption weaker.

Some of this may be obvious, in the form of performance trade-offs. Encryption with 2048-bit keys requires more computing power than 1024-bit keys, and since even 1024-bit keys are currently secure, why not use the smaller key and save computing power? Other ways to weaken encryption maybe be a lot less obvious. Cryptography experts have often questioned the reasoning behind some strange decisions by the standards bodies, and subornation by the NSA could explain some of them.

Furthermore, although cryptographic algorithms are math, practical implementations of encryption systems require more than just the encryption algorithm — you have to generate the keys, distribute the public keys, encode the data, and so on — and a lot of that can introduce vulnerabilities. For example, some RSA public keys are inherently weak, so a good implementation has to test each key for these weaknesses and discard keys that don’t pass. Other times, weaknesses in the key generations can produce collections of keys that have mathematical relationships that can be exploited, so that an attacker who collects enough keys from the weak generator can crack all the related keys.

Again, encryption implementations are more than just math, they are code. And the latest Snowden revelations reveal that the NSA has been working with the major technology companies to make sure the code further weakens the security of our encryption systems. There have been convincing allegations of such attacks in the past, and Snowden is claiming that other encryption systems have been compromised as well.

Finally, the Snowden documents mention some sort of breakthrough that makes it easier for the NSA to crack Internet encryption. It’s possible this is some sort of improved attack on the RSA algorithm, or some other part of the encryption process. Bruce Schneier has seen the Snowden documents, and he says the RSA algorithm is still secure, but the NSA has undermined everything around it.

Between these three strategies — undermining standards, undermining code, and some kind of cryptographic breakthrough — it’s possible that the NSA has significantly reduced the practical difficulties of cracking RSA as used in the real world. Even if decryption without the key remains a billion times harder than with the key, those supercomputers mentioned in the quote above could probably crack them in a time frame of seconds to minutes.

In addition, they apparently have built themselves a huge toolkit for compromising computing systems, and people smarter than me say they can probably get into any computer on the internet if they try hard enough. It’s not so easy that they can do it to more than a small fraction of the world’s computers, and it’s risky because they could get caught, but

These are hacker tools designed by hackers with an essentially unlimited budget. What I took away from reading the Snowden documents was that if the NSA wants in to your computer, it’s in. Period.

Then, once the NSA gets into a computer, they can search it for private decryption keys. Lots of good it does to use SSL or PGP if the NSA can copy the keys and certificates off your computer and throw them to a cloud of 100,000 computers to brute-force your password. Or they can compromise your computer’s encryption software to weaken it, then intercept and decrypt the data stream out on the Internet. They may also have broken into the Certificate Authorities’ computers and stolen the signing keys, allowing them to conduct man-in-the-middle attacks.

All of this leaves me feeling somewhat conflicted. On the one hand, I’m a techno-geek, and what the NSA has done is damned impressive. This is as close as we’ve come in the real world to Setec Astronomy, and it’s an awe-inspiring accomplishment of breathtaking scope.

On the other hand — although the major media doesn’t seem worried about it, judging by the lack of coverage — the NSA has essentially destroyed the trusted framework of the internet. Not just the parts of it used by terrorists, cybercriminals, and human traffickers, but all of it, from the secure website where you do your banking, to your medical records, to Gmail, Facebook, and Twitter.

The documents seem to claim that the NSA’s subversions don’t weaken security unless we know what the NSA knows about them:

“These design changes make the systems in question exploitable through Sigint collection … with foreknowledge of the modification. To the consumer and other adversaries, however, the systems’ security remains intact.”

That sounds just like something the NSA would do. They’re trying to balance their espionage role of spying on everyone’s communications with their counter-espionage role of securing American communications. The problem is that we’re all on the same global Internet — everyone uses the same technology and everyone talks to everyone else — so those goals collide head-on: The NSA wants to have back doors through the encryption, but they don’t want anyone else to use them, so they poke holes in the security, and then they make those holes as secure as they can.

There are two problems with that. The first is technological: If the NSA has weakened the security technology of the internet, then we’re all using weaker security technology. We all become more vulnerable because of that.

However, even if the NSA has taken great pains to ensure that other adversaries cannot easily benefit from the backdoors they’ve installed, they’re still going to run into the second problem: People. The people making up the NSA are fallible and flawed, and subject to failure and indiscretions. Some of them probably have evil intentions.

One of the NSA slides describes a part of this program as “Extremely fragile.” That may be, but even worse than that, it’s brittle: All it would take is for someone to leak detailed information about the NSA’s subversion of Internet security, and then other intelligence agencies could do it. It’s the cyber equivalent a corporate security officer who puts steel doors with $1000 electronic locks on 100 offices but keeps a copy of the master key locked in his desk. Thieves who want to rob the place blind don’t have to break through 100 locks, they only have to break through one. Anyone who can compromise the NSA can compromise the Internet.

And we know the NSA is compromised. The proof is that we’re reading about this right now. Edward Snowden has taught the NSA a brutal lesson in the hazards of brittle security systems. As the Director of National Intelligence, James R. Clapper, says:

The stories published yesterday, however, reveal specific and classified details about how we conduct this critical intelligence activity. Anything that yesterday’s disclosures add to the ongoing public debate is outweighed by the road map they give to our adversaries about the specific techniques we are using to try to intercept their communications in our attempts to keep America and our allies safe and to provide our leaders with the information they need to make difficult and critical national security decisions.

I think “outweighed” is not his place to decide, but I’m sure he’s right about the damage. Our national enemies have learned of our ability to spy on them, and they will change their behavior to get out from under NSA surveillance. This is a devastating blow.

I actually feel bad for the NSA about this. An awful lot of very smart people with good intentions have done a lot of hard work, and they’ve accomplished something rather amazing: Making most of the internet transparent, at least to the U.S. government. Depending how our adversaries respond, Edward Snowden has destroyed much of their work. Hundreds of millions of dollars worth of effort down the tubes. Maybe more.

But again, the problem is people. Snowden is not the guy who has stolen the NSA’s secrets. He’s just the only guy who has stolen NSA secrets that we know about.

I mean, what are the chances that the only person who has ever walked this information out the door of the NSA is an outside contractor with idealistic tendencies? It’s starting to look like the NSA didn’t even know he took this stuff until he started dumping it to the world media. If somebody else walked out with another thumb drive and sold it to the Russians and the Chinese, is there any way we could even tell? Our nation’s enemies could have had this information for years before we heard about it.

Then there are the internal enemies. We already know from other leaks that NSA personnel spy on their friends and lovers, so why wouldn’t they compromise corporate computing facilities and sell trade secrets to the highest bidders? Why wouldn’t they read an opposing political party’s email? High-security activities are a breeding ground for misbehavior because of the lack of transparency. I’m sure the NSA has its share of the kind of grasping megalomaniacs that seem to populate middle and upper management throughout industry and government, and the NSA provides them with an opportunity to operate with relatively little oversight.

We also have to worry about the kinds of internal enemies that the NSA doesn’t even think of as enemies, such as other government agencies with totalitarian leanings. We already know they share information with the DEA, which then goes on to arrest people based on the information and then lie to everyone about where they got it. The NSA may be a pure intelligence agency, but at this point the DEA is pretty much the American equivalent of the Taliban, invading homes and locking people in cages out of a near-religious conviction that they’re doing something wrong. The United States has the highest percentage of it’s population in prison of any country in the world, and the NSA is helping it jail even more.

I keep coming back to Clapper’s invocation of “terrorists, cybercriminals, human traffickers…” Why is that third item on the list? It seems like a basic appeal to the moral panic of the day. Granted, human trafficking is a real problem, yet when government agencies talk about trafficking, they almost always mean sex trafficking, which they conflate with ordinary prostitution and other sex work. So now I’m imagining an NSA Human Trafficking department that breaks into escort web sites…Polish Princess sure sounds like it’s full of foreign nationals, right? It seems like the NSA are already thinking of themselves as a program in search of a justification.

I guess what I worry about most is that the revelation of this program will severely impair the legitimate activities of the NSA by alerting our nation’s enemies to the NSA’s capabilities, but that nothing else will change. Our enemies will have learned how to hide from the NSA, but the NSA will keep right on spying on the rest of us, using whatever justification seems to work.

 

So, a few months ago, I wrote a post about sequestration in which I said, basically, bring it on!

I had a couple of reasons for saying that. First of all, from my libertarian point of view some of the threatened cuts were pretty awesome. The Obama administration was threatening to cut federal grants to law enforcement, the TSA, Customs and Border Protection, and especially the DEA. Lower federal spending through laying off government thugs. What’s not to like?

Second, I wanted to call Obama’s bluff. In addition to the law enforcement cuts, his press release also claimed that it would cut things like support for economically disadvantaged families, special education, homeless veterans and the mentally ill, and vaccination programs for children. It seemed to me that Obama was threatening to take hostages:

Let’s put that in perspective. At the beginning of the year, the federal government unceremoniously (and with surprisingly little debate or media coverage) increased payroll taxes by 2 percent. And all over America, millions of middle-to-low income-families — anybody with earnings below the cap, really — quietly learned to live with a 2 percent cut in the family budget.

But now when the government is asked to cut its budget by about the same percentage, they say they’ll have to cut programs that help women and children, the sick and the disabled. It’s hard to interpret this as anything other than a threat.

Third, I didn’t really think it would happen. Actually, the deadlines were only a few days away, so I know the sequestration would technically kick in, but I figured Congress would do another deal to kick the can down the road for a few months, a strategy that has always served them well.

I was wrong about that last part. The sequestration happened, and so far it hasn’t been fixed. We’re going down that road, maybe with few changes until the next election.

It turns out, however, that all those dire predictions neglected to mention one very important item that would be hurt by sequestration, the federal public defenders program:

Largely out of the public view, defenders and judges say, the federal public defenders system is buckling under the effects of the $85 billion across-the-board cuts known as the sequester, threatening the integrity of the criminal justice system, which guarantees the right to a court-appointed lawyer for those who cannot afford one…

The 81 defender offices across the country, which represent 60 percent of all criminal defendants in the federal court system, have already had their budgets cut by 10 percent because of the sequester and other reductions this year and could face up to a 23 percent cut in 2014. Additional cost-cutting measures may result in a smaller cut, around 10 percent. Although the cuts are widespread across the government, public defenders say the reductions are hitting them particularly hard. Unlike other federal programs, the public defenders say, they have little fat to trim since most of their costs are for staff and rent. Just 10 percent of their budgets are devoted to expert witnesses, investigative costs and travel.

Crap. I should have seen that coming.

The amount of sequestration in 2013 is actually a small fraction of the government budget — 1 or 2 percent, depending on how you count — and it doesn’t get that much larger in 2014, so cuts of this magnitude are the result of deliberate decisions to concentrate the damage in one program. You just know that unscrupulous upper managers are using the budget squeeze as an excuse to get rid of people and programs they don’t like, so I guess I shouldn’t be surprised that they’re trying to gut the federal defender program — that only helps the bad guys avoid justice, right?

It sounds like things are pretty bad:

Already, federal defenders said they have cut back on staff members and their workloads.

Almost all offices have had to furlough or lay off workers. In Virginia, a chief public defender said he had to lay off five lawyers, about 10 percent of his staff. Two other staff members retired to help save the office money, while another voluntarily went on active duty in the military.

In Delaware, public defenders had to take 15-day furloughs. In Illinois, a public defender’s office cut two lawyers and a computer technician.

Michael S. Nachmanoff, a federal public defender for the Eastern District of Virginia, who has represented Somali pirates and illegal arms and drug dealers, said he faced a difficult decision this year when he had to choose between paying staff members or continuing a case without adequate resources.

“It really wasn’t much of a choice,” Mr. Nachmanoff said. “I’m not going to compromise the quality of a case to pay people.”

This is a terrible loss. The federal public defender program had a good reputation, built up over decades by a lot of dedicated people doing a lot of painstaking work. It will be a shame — and a threat to our freedom — if the public defense program were to end in ruin.

Scott Greenfield explains:

The emasculation of senior staff at federal defenders’ offices means that the strong cadre of lawyers will be gone, with only a barebones and less experienced (and less well-paid, and more capable and willing to work for a pittance of their pittance salary) staff remaining.  When and if things turn around, it will take years before staffing is back to adequate strength to handle its caseload, and even more years before that staff gains the experience to do its job as well as it had in the past.

Of course, if the public defenders are unable to keep up with the work due to budget cuts, there is of course an obvious solution to this problem: Reduce prosecutions. But that will never happen. You might think the sequestration cuts in the Justice Department would naturally reduce the volume of cases they bring, but politicians love law-and-order too much:

While federal defenders have had to cut back on the number of cases they handle, the Justice Department is increasing the number of cases it brings to court and also hiring staff.

Its annual budget is nearly $28 billion, compared with $1 billion for the federal public defenders program. Since both Republicans and Democrats were reluctant to hurt federal law enforcement, Congress granted the attorney general broad authority to shift money from other programs to pay for salaries and avoid furloughs.

As a result, the F.B.I., federal marshals, United States attorneys and other offices have been spared the steep job cuts predicted at the beginning of the sequester.

Still, you’d think the system would be self-regulating because of this:

The result, said lawmakers, judges and public defenders, are court delays that might violate defendants’ rights to speedy trials and could lead to the dismissal of criminal cases.

Everyone has a right to a defense, right? It takes two to tango. So if the federal defenders refuse to take more cases than they can handle, the courts will be unable to proceed, forcing prosecutors to either accept dismissals or pick and choose more carefully when they decide to charge people. Maybe that will lead to more funding for federal defenders.

Unfortunately, it doesn’t work that way. When the public defender is unable to take a case, the courts can appoint private lawyers under the Criminal Justice Act (CJA) to do the job. Although some excellent lawyers take CJA appointments out of a sense of duty, there are reasons to believe that the CJA program as a whole provides a less effective defense than full-time federal defenders. Also, following in the fine tradition of government contracting everywhere, the CJA lawyers actually cost more per hour than full-time federal defenders.

The Judicial Conference of the United States, which is responsible for the criminal defense budget, is dealing with that issue pretty much like any company facing cash flow problems:

The judicial conference announced on Aug. 16 that it would try to keep staffing of the public defenders program at current levels by delaying payments to court-appointed private lawyers and reducing by $15 an hour the rate at which they were paid.

Between the decreased fees and matters of principle, this is going to cause good lawyers to quit the program. Mark Bennett offers this explanation:

But the criminal-defense bar…gets psy­chic value from doing what it does.Even though CJA rates were already below mar­ket rates for good lawyers, good lawyers took appoint­ments in fed­eral court because it pro­vided other sat­is­fac­tions, among them the plea­sure of help­ing those whom God had for­saken, society’s strays.

I believe, as a mat­ter of prin­ci­ple, in call­ing bluffs. Criminal-defense lawyers ought to quit the CJA panel en masse, because gut­ting the defense to pre­serve the pros­e­cu­tion is wrong, and because the only way for the lawyers to keep the gov­ern­ment from cut­ting their pay and lay­ing off PDs is by refus­ing to accept it. If the gov­ern­ment wants to pros­e­cute peo­ple, it must pay to defend them; if it’s not will­ing to do so it should be forced to forgo prosecution.

There are plenty of strays I can help with­out being appointed to help them, so I am resign­ing from the CJA list.

He’s probably not the only one.

At a time when there are so many criminal laws that some lawyers estimate the average American commits three felonies a day, and our justice system already has a larger percentage of our population in prison than any other country, it’s hard to believe these budget cuts are anything other than a deliberate attempt to dismantle the public defense system and give prosecutors even more control over our lives.

So this story just makes me feel miserable:

The partner of the Guardian journalist who has written a series of stories revealing mass surveillance programmes by the US National Security Agency was held for almost nine hours on Sunday by UK authorities as he passed through London’s Heathrow airport on his way home to Rio de Janeiro.

David Miranda, who lives with Glenn Greenwald, was returning from a trip to Berlin when he was stopped by officers at 8.05am and informed that he was to be questioned under schedule 7 of the Terrorism Act 2000. The controversial law, which applies only at airports, ports and border areas, allows officers to stop, search, question and detain individuals.

The 28-year-old was held for nine hours, the maximum the law allows before officers must release or formally arrest the individual. According to official figures, most examinations under schedule 7 — over 97% — last under an hour, and only one in 2,000 people detained are kept for more than six hours.

Miranda was released, but officials confiscated electronics equipment including his mobile phone, laptop, camera, memory sticks, DVDs and games consoles.

The UK isn’t exactly known for respecting free speech, but this kind of intimidation is petty tyrannical crap.

And this detail in HuffPo‘s coverage didn’t help my mood:

Miranda was coming from Berlin, where, the Guardian said, he had stayed with Laura Poitras, the filmmaker and journalist who, along with Greenwald, has been at the center of the storm surrounding NSA leaker Edward Snowden. Ironically, Poitras, whose work usually involves sensitive national security issues, re-located to Berlin from America because she had grown tired of being constantly detained and questioned at airports.

Well isn’t that just great? Germany is the former homeland to the Gestapo and the Stasi, but now people are leaving my country to go there because the security goons manning our checkpoints are worse.

And while I was reading that other stuff, I stumbled across an Alan Dershowitz quote about Greenwald from a few weeks ago. Now is it all in my imagination, or was there a time when Dershowitz supported civil liberties? I notice that his official website’s list of his books omits two of his earliest books that helped shape my attitude towards criminal defense and civil liberties: The Best Defense and Taking Liberties. That Alan Dershowitz would have hated the Alan Dershowitz who says crap like this:

Dershowitz, for his part, insisted there is no gray area:

“Well, it doesn’t border on criminality – it’s right in the heartland of criminality. The statute itself, does punish the publication of classified material, if you know that it’s classified,” explained the guest. “Greenwald – in my view – clearly has committed a felony.”

Continuing his assessment of the reporter, Dershowitz held little back:

“Greenwald’s a total phony. He is anti-American, he loves tyrannical regimes, and he did this because he hates America. This had nothing to do with publicizing information.”

I’m not a huge fan of Greenwald’s, but I think he hits it on the head in his response:

This is obviously a rather profound escalation of their attacks on the news-gathering process and journalism. It’s bad enough to prosecute and imprison sources. It’s worse still to imprison journalists who report the truth. But to start detaining the family members and loved ones of journalists is simply despotic.

Pretty much.

In the early days of the Usenet distributed bulletin board system, some of us used to include random  collections of suspicious-sounding keywords in everything we posted (usually in the signature block). We did this because we were paranoid enough to assume government agencies were watching everyone’s posts, and we thought it would be funny to sneak tons of spurious messages through their keyword filters.

Eventually, I gave up. Not because I thought they weren’t watching — an FBI agent had already told me they were — but because it seemed kind of pointless in the modern internet. Government agencies were less likely to spy on private email messages or social networking clusters.

But I could be very wrong about that, as revealed in a jaw-dropping Washinton Post story by  Barton Gellman, Laura Poitras, Julie Tate, and Robert O’Harrow Jr. It turns out the government is spying on our internet traffic rather a lot.

The National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track one target or trace a whole network of associates, according to a top-secret document obtained by The Washington Post.

The program, code-named PRISM, has not been made public until now. It may be the first of its kind.

My condolences to the NSA. For an intelligence agency, it really sucks to have your sources and methods exposed, let alone splashed all over the news.

How did this program come about?

Between 2004 and 2007, Bush administration lawyers persuaded federal FISA judges to issue surveillance orders in a fundamentally new form. Until then the government had to show probable cause that a particular “target” and “facility” were both connected to terrorism or espionage.

In four new orders, which remain classified, the court defined massive data sets as “facilities” and agreed to occasionally certify that the government had reasonable procedures in place to minimize collection of “U.S. persons” data without a warrant.

Is the program vulnerable in any ways?

Government officials and the document itself made clear that the NSA regarded the identities of its private partners as PRISM’s most sensitive secret, fearing that they would withdraw from the program if exposed. “98 percent of PRISM production is based on Yahoo, Google and Microsoft; we need to make sure we don’t harm these sources,” the briefing’s author wrote in his speaker’s notes.

Oh, well then I guess this exposure really sucks.

Analysts who use the system from a Web portal at Fort Meade key in “selectors,” or search terms, that are designed to produce at least 51 percent confidence in a target’s “foreignness.” That is not a very stringent test.

I’ll say.

Training materials obtained by The Post instruct new analysts to submit accidentally collected U.S. content for a quarterly report but add that “it’s nothing to worry about.”

Well, not for the analysts. But the rest of us should probably be worried.

Say, what happens to all that non-foreign data? You know, the stuff of ours that the NSA is not supposed to have?

Sens. Ron Wyden (D-Ore.) and Mark Udall (D-Colo.), who had classified knowledge of the program as members of the Senate Intelligence Committee, were unable to speak of it when they warned in a Dec. 27, 2012, floor debate that the FISA Amendments Act had what both of them called a “back-door search loophole” for the content of innocent Americans who were swept up in a search for someone else.

“As it is written, there is nothing to prohibit the intelligence community from searching through a pile of communications, which may have been incidentally or accidentally been collected without a warrant, to deliberately search for the phone calls or e-mails of specific Americans.”

What sort of data can they get?

There has been “continued exponential growth in tasking to Facebook and Skype,” according to the PRISM slides. With a few clicks and an affirmation that the subject is believed to be engaged in terrorism, espionage or nuclear proliferation, an analyst obtains full access to Facebook’s “extensive search and surveillance capabilities against the variety of online social networking services.”

According to a separate “User’s Guide for PRISM Skype Collection,” that service can be monitored for audio when one end of the call is a conventional telephone and for any combination of “audio, video, chat, and file transfers” when Skype users connect by computer alone. Google’s offerings include Gmail, voice and video chat, Google Drive files, photo libraries, and live surveillance of search terms.

I hope everyone is as outraged as I am.

In conclusion, I would just like to say uranium, FBI, phosgene, isopropyl alcohol, vengeance, knives, Khalid Sheikh Mohammad, ethanol, soman, sovereign citizen, World Trade Center, terrorism, killing, sarin, guns, militia, death, Julian  Assange, pseudoephedrine, Semtex, trinitrotoluene, Don’t Tread On Me, VX, Timothy McVeigh, Golden Gate Bridge, ANFO, Turner Diaries, tabun, marijuana, anthrax, Area 51, cobalt, RDX, plutonium, Treasury  Department, NSA, P2P, arsenic, botulinus toxin, chlorine, ricin, Ramzi Yousef, Pentagon, Posse  Comitatus, heroin, bombs, stinger, IED, C-4, Willis Tower, diisopropylaminoethanol, Empire State  Building, Homeland Security, crack, phosphorus trichloride, Jihad, methylphosphonyl difluoride, Bradley Manning, Al-Qaeda, isopropylamine, claymore, CIA, cyanide, smallpox.

When I read that the Supreme Court had decided it’s okay to take DNA swabs from people who are arrested but not yet convicted, I was a bit peeved because it seemed they had chipped away one more bit of our Fourth Amendment rights.

Still, it seemed like a relatively small thing. After all, they already take fingerprints when you’re arrested, and DNA is kind of like a newer, more accurate way of doing what fingerprints do. So while it’s not a good thing, it didn’t seem like a big change from what we’re already doing.

Boy, was I wrong, as PDgirl explains:

Do you see why this is not even remotely the same thing as fingerprinting? The sample wasn’t used to identify him.  It wasn’t even processed until months after his arrest.  He’d already appeared in court and I’m sure the court confirmed that they had the right person when they arraigned him. The sample was entered into the system under the assumption that it was King’s DNA. It wasn’t ever used to verify that the person they arrested really was King…

So, what was the purpose of collecting King’s DNA? It clearly was not for identification purposes. You know what it was for? Generally collecting evidence. Without reason to believe that the evidence they collected was in any way connected to any crime in the unsolved cases database.

Her whole explanation goes into more detail (including info-graphics!) and is definitely worth reading if you are concerned about this issue.

These sorts of rulings have a way of getting out of hand. This year, the Supreme Court ruled it’s okay to take DNA evidence from people just because they happen to be arrested for serious offenses, because this happened in Maryland, where the law only allows it for serious offenses. But maybe next year some court decides that “serious offenses” is not a critical part of the ruling and they allow police to take DNA swabs from people arrested for having expired licenses.

This could also become a rationale for other evidence gathering. After all, if the court allows police to take something as personal as DNA, then surely the court would not object to a gunshot residue swab, hair and fiber samples, and a quick look through everything on your smartphone, right?

It’s not like this hasn’t happened before. Once the camel’s nose is in the tent, the rest of the camel is likely to follow.

Michael Galindo has a hobby taking pictures of storms as a volunteer for the National Weather Service’s Skywarn program. On September 13 he took a few pictures of a brewing storm which, unknown to him, happened to be near the Lyondell Refinery outside Houston. And I wouldn’t be mentioning this if it hadn’t taken an ugly turn:

A man who snapped photos of a brewing storm last month received a visit Friday from an FBI Agent, inquiring why he would want to take such photos.

Michael Galindo explained that he was simply volunteering for the National Weather Service.

And FBI Agent David Pileggi seemed to be satisfied with that response.

But Galindo was left wondering whether he now has a permanent FBI file.

“He told me, ‘you’re not a threat and you are doing a public service but just be careful next time,'” Galindo said in a telephone interview with Photography is Not a Crime.

With all due respect to Agent Pileggi — who seems to have handled this in a reasonable and proportionate matter — Michael Galindo was just a guy taking some pictures in a public place. That’s his right. You are the the one who got sent on a fool’s errand to harass an American citizen by demanding an explanation for something that he shouldn’t have to explain to anyone.

Next time, maybe you should be more careful.

The TSA is well-know for annoying air travelers, but I’ve been worried for a while about the TSA’s attempts to branch out to annoy people using other modes of transportation. As it turns out, I wasn’t imaginative enough: After all, why should the Transporation Security Agency limit their activities to annoying only people who are using transportation? They’ve been thinking outside the box:

Many political TV junkies and casual evening news watchers were more than a little surprised to see the bright blue shirts of agents of the Transportation Security Administration (TSA) at a recent Paul Ryan campaign event at The Villages in Florida.

They shouldn’t have been.

About 18 months ago, TSA chief John Pistole…told USA Today he wanted to “take the TSA to the next level,” building it into a “national-security, counterterrorism organization, fully integrated into U.S. government efforts.”

As Steve Watson at Infowars notes,

…airport security style checkpoints and inspection procedures are already in place at bus terminals, train stations, and are rapidly being expanded to the streets of America.

Agents have even been spotted roaming around at public events such as sports games and music concerts, and even at high school proms.

The TSA even moved beyond its own borders this summer as agents were dispatched to airports in London for the Olympic Games.

Internal checkpoints run by uneducated thugs are the hallmark of totalitarian regimes everywhere. We have to put a stop to this before it gets even more out of hand.

(Hat tip: Lucy Steigerwald)

I just bought a new laptop computer, and now I’m looking for a backpack with a padded laptop compartment, so I don’t break my new toy in the first month. So as I’m looking on Amazon and reading reviews, I notice that a lot of laptops are labeled “Checkpoint Friendly,” meaning they open up easily so they can be scanned at the airport.

Fuck.

When pundits first started complaining that TSA searches were a way to teach the population to be submissive, I thought it was an overreaction. I thought the TSA’s search policy could be explained by panic and stupidity. Now I’m beginning to wonder.

I mean, what’s next? See-through clothing so they don’t have to pad you down? Transparent car trunk lids, so the cops don’t have to ask you to pop the trunk? Houses pre-wired for bugging by the FBI? An increase in sales of douche and enema kits so our odor won’t offend when we get strip searched?

Chicago will be hosting the NATO summit meeting this month, and it’s turning into a typical display of government arrogance. For a recent example, the Metra commuter rail system has announced that they will be stopping service on the line that runs through the summit location:

Metra plans to operate regular service on 10 of its 11 lines. For the Metra Electric Line, most trains will operate, although some stations and the Blue Island branch line will be closed for all or part of the summit. Those closings are detailed below.

In other words, “Sorry, you poor working stiffs who have been our customers for years, but we’re doing important stuff here and you’ll just have to make do.”

Naturally, they’re also using this as an excuse for various infringements of our Fourth Amendment rights:

Riders of all lines may be subject to screening and baggage checks, with more extensive screening on the Metra Electric Line. Passengers on all lines will be prohibited from carrying many items onboard trains and will face other security restrictions outlined below.

These restrictions apply to all lines, even those that have nothing to do with the NATO summit, and Metra’s description of the changes is kind of chilling:

In addition, the following safety measures apply to riders of all Metra lines during the three days (May 19, 20 and 21) of the summit:

1. Riders may be subject to search and/or screening before boarding or while en route.

2. Riders may carry only one bag not exceeding 15 inches square and 4 inches deep. Boxes, parcels, luggage, backpacks and bicycles will not be allowed on trains. Banned items cannot be stored at Metra stations. They must be removed or they will be disposed of.

3. Riders may not carry any food on the trains. Liquids and personal effects (such as makeup) must be less than three ounces in size. This includes coffee and other beverages. Breast milk can be carried but is subject to inspection and should be declared during any screening.

4. Riders may not carry any type of tools, pipes, stakes, wood or weapons, including pocket knives and pepper spray, on the trains.

5. Law enforcement personnel must identify themselves and present their credentials and any weapons. Security guards will not be allowed to carry any weapons onboard.

Failure to comply with these safety measures or instructions from law enforcement personnel, or attempted avoidance of screening, will result in ejection from the station or further police action.

The suspicionless searches amount to some kind of internal checkpoint, which is bad enough, but the rest of the rules are going to inconvenience thousands of people. No tools or pocket knives? What’s the theory here? That someone will use a Swiss Army knife to derail a train? And the rules against food and beverages sound insane.

They even have the 3-ounce beverage rule! That was put in place on airplanes because of the theoretical threat that 3-ounces of liquid explosives could bring down a plane. I’m no expert, but I’m pretty sure 3 ounces of explosives wouldn’t do much damage to a 40-ton solid-steel Metra passenger car, let alone a whole train of cars. And in the worst case, the train can just roll to a stop.

Remember, this is not just for people entering the NATO summit site. It affects everyone riding on the entire commuter rail system. Because, you know, someone might threaten the NATO summit from 15 miles away by carrying a sandwich onto a rail car.

The powers that be in NATO and Washington, D.C., and Chicago City Hall have decided to host this summit, and they’re cracking down with the violent power of they state because they’re scared that somebody somewhere might do something they don’t understand and control. This is the totalitarian impulse in action.

(Hat tip: Tina Sfondeles and Casey Toner at the Chicago Sun-Times.)

One of the things Kip Hawley left out of his explanation of why the TSA sucks is the TSA’s infestation of other forms of transportation, such as the one described in this press release from the Houston Metropolitan Transit Authority:

In an unprecedented approach that involved four law enforcement agencies – including federal agents – METRO launched a national BusSafe pilot program last Friday that saturated its system and resulted in quality arrests, making transit safer for passengers.

The METRO Police Department, Houston Police Department, Harris County Precinct 7 Deputy Constables and 15 agents – part of so-called viper teams – from the Transportation Security Administration (TSA) joined forces in a synchronized, counter-terrorism exercise that focused on bus stops and shelters and transit centers.

Law officials performed random bag checks, conducted sweeps with our K-9 drug and bomb-detecting dogs, and assigned both uniformed and plainclothes officers at transit centers and rail platforms to detect and prevent criminal activity.

The call it a “counter-terrorism exercise,” but in the very next paragraph they mention drug-sniffing dogs, which of course have nothing to do with catching terrorists. And given the incredibly self-serving nature of this press release, they would have mentioned it if any of the “quality arrests” had been for something even remotely resembling terrorist activity.

In reality, what they did was setup an internal checkpoint — a place were citizens just going about their business are forced to show their papers and submit to questioning and investigation by the authorities — which is the hallmark of tyrannical governments everywhere, and a sign of creeping totalitarianism here.

Naturally, our elected representatives don’t see the problem:

Congresswoman Sheila Jackson Lee (D-Texas District 18), a senior member of the House Homeland Security Committee, called this a new era for the TSA, and a new era for surface transportation security.

“We’re looking to make sure that the lady I saw walking with a cane…knows that METRO cares as much about her as we do about building the light rail,” said Jackson Lee at the news conference.

What the hell is that? Mention a woman with a cane and somehow that makes it alright to harass citizens for no reason? Is she that stupid? Or does she think we’re that stupid?

(Hat tip: Mark Bennett.)

Update: And now the Houston METRO folks have realized that “random” searches may not hold up in court, so they’re trying to change their story. Mark Bennett is all over it.

There are many things wrong in this story, but let me focus on this one for the moment:

That’s right, not only were they forced to live under the accusation of being child pornographers, but the FBI naturally had to seize all their computers, since they contained all the evidence.  Like nice pictures of their cat Fluffy.  Shouldn’t that have had some impact on the FBI’s allegations?

(because they confused a game about hacking with actual hacking) they put the gaming company out of business by taking their computers, although even they didn’t take all the computers:Secret Service raided Steve Jackson gamesThe seizing of computers by law enforcement has always been abusive, even in the earliest days. When the

files; other systems were left in place. In their diligent search for evidence, the agents also cut off locks, forced open footlockers, tore up dozens of boxes in the warehouse, and bent two of the office letter openers attempting to pick the lock on a file cabinet.GURPS CyberpunkThe only computers taken were those with

The next day, accompanied by an attorney, Steve Jackson visited the Austin offices of the Secret Service. He had been promised that he could make copies of the company’s files. As it turned out, he was only allowed to copy a few files, and only from one system.

Nowadays, apparently, even a raid for possession of child porn results in all computers being seized and held for years.

When police want to search a house, they can’t lock out the legal occupants for years, so why should they be able to keep people out of the digital equivalents of their homes? If there isn’t an organization out there working to revise these laws, then maybe I ought to start one…

There might be a legal issue with using second-best evidence (a copy instead of the original drive), but that sounds like something that could be fixed with a statute. Civil courts have been working around the problem for decades.

What makes this especially abusive is that it is technically unnecessary: Law enforcement officers could take a forensic mage of a computer’s hard drive in just a few hours. At worst, they’d have to seize computers for a day or two before giving them back. Then they could search for what they need without incapacitating anyone.

My computer contains has about 2 terabytes of hard drive storage (not including disks used for RAID or backups). Making the generous assumption that an average book requires a full megabyte of storage, that’s enought to store about 2 million books. Now, noting especially the use of the word “particular” in the Fourth Amendment, does it seem reasonable to assume that the Founding Fathers intended to allow the the government to seize, with a single warrant, more data than all of the Founding Fathers combined had in all their papers and personal libraries?

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

If the Supreme Court hadn’t completely gutted the Fourth Amendment, this would surely be unconstitutional.

(I have backups, but I assume the invading law enforcement agents would take all those too. And my offsite backups only cover critical stuff — I’d still have a lot to put together.)

on our computers — all our email, all our financial and legal records, everything both of us do for a living, and much of what we do for fun. our whole livesMy wife and I keep I keep Losing them would be a huge disaster, second only to losing our entire home.

The Transportation Security Agency’s latest plans to abuse passengers have attracted a lot of attention. People aren’t pleased at having to choose between body-imaging that shows all their naughty bits or a pat-down that that feels an awful lot like a sexual assault. Maybe this time the outrage will lead to action, and someone will put a stop to this insulting behavior.

Or maybe not. The social panic after 9/11 still hasn’t died down, and the security theater at the TSA keeps getting more painful. Remember those innocent days when confiscating nail clippers seemed like the dumbest thing the TSA could possibly do? They’ve gone way beyond that on the stupidity front, from making travelers take off their shoes to prohibiting shampoo bottles larger than 3 ounces. Then, just the other day, the TSA agents told a guy that not only couldn’t he get on the airplane without either the nudie pictures or the groping, he wasn’t even allowed to change his mind and leave the airport.

The TSA is like a cancer on our freedom. We’ve been ignoring the problem and hoping it will go away, but it just keeps getting bigger. And it’s time to do something about it, because I think the next step for the TSA is metastasis, when the cancer spreads everywhere. The first symptom will be when some government agency imposes checkpoints and intrusive searches someplace other than an airport and justitifies with reference to the TSA, saying something like, “The TSA has been doing this at airports for years. How can we not protect our children as well as we protect airline passengers?”

If you’ve been paying attention to civil liberties, that’s a familiar refrain. Once we let the security state poke its appendages into one area of our life, they just start pushing everywhere else. Some years ago, in the name of the War On Drugs, we started letting narcotics officers perform surprise armed raids against suspected sites where illegal drugs were being stored and distributed. Today, the Consumer Product Safety Commission is using SWAT teams to raid manufacturers of children’s chemistry sets.

The TSA’s metastasis may already be underway. Last April, the TSA started helping New York City subway cops search passengers. Of course, no terrorist is going to be able to take control of a subway car and crash it into a skyscraper, so the rationale for this invasion of travelers’ privacy is non-existent. (Actually, with the new armored cockpits–not to mention an entire plane full of aware passengers–nobody is going to do that to passenger jets either, but that’s another story.)

Actually, the TSA may not be the source of this particular cancer. Poor people and minorities living in the inner city have been putting up with TSA-style searches by police for years. The legal justification is rather strained, but cops can essentially stop people for reasonable suspicion–a very weak standard–and frisk them for weapons, and it’s not like they’re going to be courteous about it.

The TSA is just the vector by which it’s going to spread to the population at large–folks who are wealthier and/or whiter. Although the TSA searches only apply to air travelers, they are in some ways far more virulent, because police searches on the street require at least the pretext of specific suspicion that something will be found, whereas the TSA’s broad search powers allow them to search everyone, with no need to justify their actions.

Hmm. Somewhere along the way, my metaphor has shifted from metastasizing cancer to infectious plague. Sorry about that. Either way, the TSA is a disease, and we need a cure.

I’ve been writing about the un-American and totalitarian horror of civil forfeiture laws for a while, and I’ve been following the issue on and off for two decades, so the latest bit of outrage to make the rounds isn’t really a surprise:

On Monday, the U.S. Drug Enforcement Agency, the Missouri Highway Patrol and the U.S. Attorney’s Office filed a joint complaint in the Eastern District of Missouri asking to seize the 350-acre Zoe Farm, alleging rampant drug dealing and drug use at events.

According to its website, the farm, called Camp Zoe, is located 150 miles southwest of St. Louis near Salem and hosts a popular Grateful Dead festival called Schwagstock every year, as well as biker and pagan rallies and individual concerts. Once a popular summer camp for kids, the property was purchased in 2004 by Jimmy Tebeau, a member of the Schwag, a Grateful Dead tribute band. He opened the grounds to recreational camping and float trips and began hosting the festivals soon after the purchase.

In the complaint, officials said investigators spent four years monitoring and interacting with concertgoers on the farm, witnessing drug use and completing open drug deals with participants during events. Officials allege that the owner and event operators were aware of the activity and “took no immediate action to prevent” the sale and use of cocaine, marijuana, LSD, ecstasy, psilocybin mushrooms, opium and marijuana-laced food.

This is typical. Fighting crime–even drug crime–is the job of the police. But that requires a criminal trial, which means the cops need to find things like proof and evidence. That’s hard work. It’s far easier just to declare that property owners should be responsible for fighting drugs on their own property and then seizing the property when they turn out to be no better at it than the police. It’s more lucrative too, since law enforcement agencies get to keep some of the loot.

(Of course, if you try to help out the police by reporting drug crimes you believe are occurring on your property, you’re just giving them more reasons to seize the property.)

Tebeau has not been charged with a crime. Nor would he have to be for the court to approve the seizure of the property under a civil asset forfeiture law that enables the federal government to take property that is relied upon by criminals as part of an illegal money-making enterprise.

Yes, this is real. Yes, this is America. It has worked this way for a couple of decades now.

It gets worse:

[Tebeau’s lawyer, Dan] Viets, who is representing his client pro bono, said Tebeau discovered this week that officials had cleaned out his bank account, yet he has not been served legal notice on that forfeiture.

“It’s pretty darn hard to hire legal counsel if you don’t have any money — and the government knows that,” Viets said. “It’s just heavy-handed and mean-spirited, and entirely uncalled for.”

For a guy who’s working for free, Viets is being awfully polite in describing the might-makes-right thuggery of the DEA agents, the Missouri Highway Patrol officers, and the U.S. Attorney. That’s probably wise lawyering, but my way is more satifying to write about.

When I first read about Tebeau’s problems at Scott Greenfield’s Simple Justice blog, I wanted to confirm my understanding that without Viets’s generous help, Tebeau would be unable to afford a lawyer and would have to try to fight a court battle on his own, against the government, if he wanted to keep his farm. I posted this comment:

Let me see if I understand the full horror of this situation. Tebeau is effectively indigent because the feds took his money, however, because forfeiture is a civil proceeding, he’s not entitled to help from the federal defender, right? So if Viets wasn’t willing to help him pro bono, he’d pretty much just lose everything, perhaps after an attempted pro se fight?

Scott’s response blew my mind:

Almost.  The procedural rules for in rem forfeitures are under the Supplemental Maritime Rules, so he would have to know, pro se, how to navigate those instead of the usual Federal Rules of Civil Procedure.

That’s “maritime” as in “of or relating to navigation or commerce on the sea.” I actually thought this might be some obscure attempt at lawyer humor on Scott’s part. After a bit of googling, however, it looked like he didn’t make that up. It’s just one more example of how screwed up civil forfeiture is: The goverment is using laws about ships on the sea to seize a farm.

Attention, pedophiles! Do you like touching children? Well, if you haven’t been arrested yet, you’ve probably already applied for this job:

God, I hate this kind of crap.