NSA

If You're Connected to the Internet, the NSA Always Has Ways of Spying On You

|

NSA Spying
EFF

“The NSA has turned the Internet into a giant surveillance platform,” declared renowned tech guru and Harvard Berkman Center fellow Bruce Schneier at the Cato Institute's conference on NSA domestic spying last fall. There are supposed to be some limits on how much snooping the NSA and its minions can do on Americans, but a new analysis by two Harvard researchers suggests that with clever technical work-arounds combined with creative legal interpretations the agency can brush aside even those paltry restrictions. In its "Americans as 'vulnerable' to NSA surveillance as foreigners, despite the Fourth Amendment" article, ZDNet reports:

"The loopholes in current surveillance laws and today's internet technology may leave American communications as vulnerable to surveillance, and as unprotected, as the internet traffic of foreigners," [Axel] Arnbak [co-author of the new paper] said.

Although Americans are afforded constitutional protections against the US government from unwarranted searches of their emails, documents, social networking data, and other cloud-stored data while it's stored or in-transit on US soil, the researchers suggest these protections do not exist when American data leaves the country.

By manipulating internet traffic to push American data outside of the country, the NSA can vacuum up vast amounts of US citizen data for intelligence purposes, thus "circumventing constitutional and statutory safeguards seeking to protect the privacy of Americans," they warned.

ZDNet reports that an NSA spokesperson denied via email that the agency "targets" U.S. persons by intentionally routing their emails outside the U.S. Perhaps. But the NSA's lexicon is more than a bit artful, as American Civil Liberties Union analysts Jameel Jaffer and Brett Max Kaufman pointed out in Slate last July. Words like surveillance, collect, relevant, incidental, inadvertant, minimize and targeted don't mean what most of us think that they mean. Jaffer and Kaufman point out that targeted surveillance outside the U.S. is not limited to just foreigners:

The government’s foreign targets aren’t necessarily criminals or terroristsâ€"they may be journalists, lawyers, academics, or human rights advocates. And even if one is indifferent to the NSA’s invasion of foreigners’ privacy, the surveillance of those foreigners involves the acquisition of Americans’ communications with those foreigners. The spying may be “targeted” at foreigners, but it vacuums up thousands of Americans’ phone calls and emails.

In fact, the Harvard researchers observe:

A network owned by a single organization (even an organization that is nominally “based” in the U.S. such as Yahoo! or Google) can be physically located in multiple jurisdictions. The revealed MUSCULAR/TURMOIL program illustrates how the N.S.A. exploited this by presuming authority under E[xecutive] O[rder] 12333 to acquire traffic between Google and Yahoo! servers located on foreign territory, collecting up to 180 million user records per month, regardless of nationality.

The Electronic Frontier Foundation reported last fall just how broadly Executive Order 12333 is being interpreted by the NSA when it comes to spying on Americans whose internet traffic is incidentally routed outside the country.

Given the past record of the NSA's leadership with regard to truthtelling, it's reasonable to assume that the agency is engaging in technical hanky-panky as a way to get around the pesky Fourth Amendment rights of Americans. Because there is no way to correct its abuses and corruptions, it remains the case that "Secret Government is the Chief Threat to Liberty."

NEXT: Intelligence Agencies Conducted Broad Sweep Of Warrantless Searches On Americans

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Speaking of which, wasn’t Greenwald supposed to make his most important expose of NSA wrongdoing last night?

    1. See https://twitter.com/ggreenwald.

      Seems like he’s following in the steps of Julian Assange … makes big claims about a spectacular story, and then fails to deliver.

      1. Did the Assange story ever com out? Seems like its been over a week, and nothing.

        1. I believe this is it. The timing is right.

          http://wikileaks.org/tisa-financial/

      2. I could’ve swore I read an article talking about “The Intercept” that mentioned that if the government were to opposed one of its stories, “The Intercept” wouldn’t hold it. Can’t seem to find the article now.

        Greenwald lost a bit of respect in my book.

        1. Doubt that’s true. I’m pretty sure the government as been opposed to nearly all of the stories they’ve done so far, yet they were published.

      3. The story was supposed to be posted at midnight, then he (GG) pulled it at the last second.

        He’d hinted he’d be “naming names” so I was actually planning to stay up.
        Oh well, maybe tomorrow.

    2. a list of individuals actively targeted by the U.S. government for surveillance

      I’d love to see some pols on there, some NGO execs, industry CEOs.

      1. “One of the big questions when it comes to domestic spying is, ‘Who have been the NSA’s specific targets?’ Are they political critics and dissidents and activists? Are they genuinely people we’d regard as terrorists?”

        With this big lead it better be peaceful critics otherwise crickets.

  2. Look, do you want to feel protected from all harm or not?

    1. Absolutely. Who’s offering to get the feds off my back?

  3. Wow, the NSA sure respects civil liberties! I feel totally safe with them!

    Now run *that* through your sarcasm detector!

  4. I see we have a new front-runner for the Least Shocking Post of the Month award.

  5. I’ll miss the PM links, so I’ll just put this here. #12 is the best shot, I think.

    1. I figured you’d go for #10, the one where they found your penis at the bottom of a lake.

      1. That’s not my penis. That’s just an errant dongjectile.

    2. Thank you Warty, that really cheered me up!

    3. What, no love for #2, the implied “Explosive Sheep”?

      (that one wins the ‘most accidentally Banksy‘-award)

      I frequently wonder to what degree the french youth are schooled in their own history during the 20th century, and how often they are reminded of just how many ‘foreigners’ died to help them retain their independence.

      1. How many Americans know that we wouldn’t be here if not for the French? Same thing.

    4. Thanks, Warty.

      The family is doing some research on WWI veteran relatives. We’ll be adding this to our links.

  6. . . . the researchers suggest these protections do not exist when American data leaves the country.

    See, here’s the problem. All those rights in the constitution are *inherent* to being a human being NO MATTER WHAT COUNTRY YOU’RE IN AT THE TIME.

    For some reason, we’ve interpreted leaving the country as not only taking you out of the protective umbrella of US government but also stripping you of the rights that the US constitution merely *recognizes* (not gives).

    There is absolutely no good reason why constitutional limits on US government action shouldn’t exist, both for citizens and non-citizens, outside the borders of the US.

    If you want to spy on someone, get a goddamed warrant – whether they’re in Moscow, Russia or Moscow, PA.

    1. Does the anti-slavery amendment also apply outside America? Are all countries subject to the US constitution? Extremely expansive interpretation. Such complications. So not sure.

      1. The restrictions on government action in the constitution are specific to the US government. The rights of the individual are universal.

        Governments outside of the US may not *recognize* those rights, but they still exists.

        The 13th amendment makes slavery illegal in the US, but no-one has ever had the right to enslave another – prior to the 13th our government simply did not recognize that right to freedom.

        Its not an expansive interpretation – either our rights are inherent to being human or they derive from the government.

        If the former, they exist *always and everywhere* and should be respected no matter what legal jurisdiction we happen to be in. And by ‘we’ I mean human beings no matter what country they are citizens of.

        If the latter, then we are all slaves.

        1. Our rights are absolute, and government’s must defend the rights of their citizens. I would not give carte blanche to USG action in foreign lands but the constitution simply does not apply to those foreign lands. America can declare war on them for instance.

          1. The constitutions *limitations on government power* do not apply to those governments, however they should apply to the *US government*.

            Otherwise, what you’re saying is that once you step across the border the US government can do whatever it wants to you.

          2. I would not give carte blanche to USG action in foreign lands but the constitution simply does not apply to those foreign lands.

            I think the Constitution applies to the USG, and does not evaporate at the border and leave the USG free to do as it pleases regardless.

            Exh. A: Congress’s reserved power to declare war. This must mean that the USG is not free to wage war overseas unless and until Congress has declared war.

            ExH. B: Due process rights. The USG cannot simply arrest anyone as long as they are overseas without a warrant, etc.

            1. Okay.

    2. “If you want to spy on someone, get a goddamed warrant – whether they’re in Moscow, Russia or Moscow, PA.”

      That’s one of the most ignorant fucking comments I’ve yet to read on this website. Do you seriously fucking believe that the US Government should get a warrant from the US Government to spy?

        1. And if you don’t, then why should they have to get a warrant to spy on you?

      1. Spying is a little tricky, true. However, the target of “legitimate” spying is foreign governments, which have no rights.

        1. The target of ‘legitimate spying’ are *people*, some of whom happen to be working for foreign governments. Others work for NGO’s (legitimate and ‘terroristic’).

          By your rationale, it would be perfectly legitimate to listen in on the conversations of anyone, who is employed by any level of the US government, without a warrant.

          Just as being part of a corporation does not remove your individual rights, being part of a government does not remove the either.

          We can all get behind recording governments agents performing their duties, but I think all of us would draw the line at filming cops taking an off-duty crap.

          And what’s the problem with the warrant? Either you can point to specific people doing stuff that is dangerous to the US (and can get a warrant based on PC) or you can’t – in which case leave them alone.

          1. By my rationale? Bullshit. What part of “it is illegal to collect and process the content of any electronic communication from any US Person, anywhere, without a warrant, except under very specific circumstances” are you not understanding? The US Constitution applies to US Citizens and green-card holders, and anyone in the territories of the US. That’s it. It doesn’t apply to Russians in Moscow Russia, it doesn’t apply to the fucking Taliban in Afghanistan, and it doesn’t apply to Pakistanis in Pakistan.

  7. Speaking of connected to the internet…

    No-IP’s Formal Statement on Microsoft Takedown

    This morning, Microsoft served a federal court order and seized 22 of our most commonly used domains because they claimed that some of the subdomains have been abused by creators of malware. We were very surprised by this. We have a long history of proactively working with other companies when cases of alleged malicious activity have been reported to us. Unfortunately, Microsoft never contacted us or asked us to block any subdomains, even though we have an open line of communication with Microsoft corporate executives.

  8. Would the MaidSafe devs please oh please hurry? I’d rather it done right than wrong but we need that network ASAP. Who am I to bitch though? I haven’t even switched over to TOR.

    On topic: the TrueCrypt imbroglio appears to be a lot more banal than it first appeared.

    It appears that for some reason TrueCrypt’s developers decided to stop supporting TrueCrypt. And rather than turn it over to the open source community, they chose to attempt to kill it by releasing a final version that allows users to decrypt existing encrypted folders, but doesn’t allow for the creation of new encryted files and folders.

    http://www.pcadvisor.co.uk/fea…..-safe-use/

    Good news: TrueCrypt v 7.1a (older than current) is probably perfectly fine, and a forensic code audit is being conducted that should tell us whether the software is secure.

  9. I AM WATCHING YOU ALLZ!

    /NSA Goon

    1. NSA Goon would make a fine handle.

    1. I assume North and South Dakota are going to have to come up with some new names as well.

      1. I propose we stop the use of the words vandal and vandalism. After all, the Vandals were fighting an asymmetric war with Rome. One in which they sacked the city BUT ANYWAY!.

      2. I have a 90-year-old Crane Illini toilet in my bathroom. No way I’m tossing it out.

      3. Maybe even Texas – which was named for the Tejas tribe, which meant friendly.

  10. Although Americans are afforded constitutional

    Oh what, this old thing?

    *waves hand dismissively*

  11. “By manipulating internet traffic to push American data outside of the country, the NSA can vacuum up vast amounts of US citizen data for intelligence purposes, thus “circumventing constitutional and statutory safeguards seeking to protect the privacy of Americans,” they warned.”

    Absolute bullshit. It is illegal to collect and process the content of ANY US person’s communications, without a warrant, anywhere, except under very specific circumstances. It always has been, and it always will be, regardless of all of the hyperbole and speculation. USSID18 spells it out in no uncertain terms, and is the Holy Grail of SIGINT collection. Is your shit going to get collected? Maybe, because there’s no way to know if something is from a US Person until it has been collected. If your shit is inadvertently collected, there’s no reason for anyone to look at your content, ever, unless you’ve been “chained” to an actual target somehow, and even if that’s the case, the very minute that there is even a suggestion that you are a US Person, everything comes to a full stop. If you called Mullah Omar, they’re going to get a warrant, and rightfully so. If you visit a Yemeni Jihadist website frequently, they’re gonna get a warrant, and rightfully so. BUT, nobody is going to sit around listening to your phone calls or reading your emails without a warrant, period. Those are the facts. All of this “could be doing this”, and “may be doing that” is speculative, sensationalized bullshit.

    1. All of this “could be doing this”, and “may be doing that” is speculative, sensationalized bullshit.

      well, considering the NSA has denied dozens of these accusations over the last year and then, while squirming admitted that well, y’yes, ok we DO actually do thus and so, but none of it really matters…

      Your government is spying on you. Act accordingly.

      1. Please provide one specific example where the US government illegally collected and used intelligence obtained from electronic communications to prosecute, persecute, or do any fucking thing to any US citizen. I’ll wait.

        1. NSA illegally collected thousands of emails before Fisa court halted program
          Declassified court ruling from 2011 found government ‘disclosed substantial misrepresentation’ of data collection program

          The secretive court that oversees surveillance programs found in 2011 that the National Security Agency illegally collected tens of thousands of emails between Americans in violation of the fourth amendment to the US constitution.

          The foreign intelligence surveillance (Fisa) court ruling stemmed from what intelligence officials told reporters on Wednesday was a complex technical problem, not an intentional violation of American civil liberties.

          Whoops, our bad?

          Did they prosecute anyone based on that?

          Well, funny you should ask. Once they have the data, how do we know that data didn’t lead to a prosecution?

          The current Fisa court presiding judge, Reggie Walton, told the Washington Post last week that the Fisa court remains reliant on government assurances, rather than its own independent oversight capabilities, to determine that the NSA and the government is in compliance with surveillance law and agreed-upon procedures.

          So you’re asking me to trust you?

          Fuck off.

          1. “tens of thousands of emails” is about 60 fucking seconds worth of collection on a trans-oceanic fiber, and “was a complex technical problem, not an intentional violation of American civil liberties”.

            The fact is that unless you’re in the habit of calling known terrorists, or visiting jihadist websites, nobody gives a fuck about your boring, insignificant life. Nobody gives a fuck who you call, when you call, what midget-donkey porn websites you visit, or who you buy your dime-bags from.

            1. The fact is that unless you’re in the habit of calling known terrorists, or visiting jihadist websites, nobody gives a fuck about your boring, insignificant life.

              Except for the couple that received a mysterious visit after she was googling pressure cookers?

              So you ask for one example, I immediately gave you two. So now what’s next, you’re going to demand three? And then four?

              1. Maxwell Smart: Ok, would you believe that much?

              2. So a couple says they received a mysterious visit from Nassau County and Suffolk County police in black SUVs, and that’s your example of NSA spying on citizens? Really? Let’s go over why you’re wrong. To begin with, all SIGINT is classified SCI, that’s “Sensitive Compartmented Information”. I will bet good money that there isn’t a single individual anywhere in the Nassau County or Suffolk County police departments that has an active DoD TS/SCI clearance. I’ll guarantee it. So there’s no fucking way that anyone from the NSA, or any other intelligence agency called the Nassau County and Suffolk County police departments and told them that they need to go search this home based on SIGINT.

                1. I’ll guarantee it. So there’s no fucking way that anyone from the NSA, or any other intelligence agency called the Nassau County and Suffolk County police departments and told them that they need to go search this home based on SIGINT.

                  YOu can guarantee nothing. No-thing. Every time we try to look into the NSA activities, we’re assured that it’s all super-secret and just trust us, it’s perfectly constitutional… w’w’well, except for that, oh and that too, oh, and this too, but we think those activities have been stopped…

            2. What part of ‘parallel reconstruction’ do you not understand?

              1. What part of “you’re a fucking idiot if you think the US government should get a warrant to collect intelligence on foreign nationals in foreign countries” do you not understand?

                1. I understood all of that – I simply do not agree with you. But that’s in the earlier part of the thread.

                  *Here* we’re discussing your assertion that the US government does not ‘. . . collect and process the content of ANY US person’s communications, without a warrant, anywhere . . .’.

                  Where we’ve already seen that the NSA already *does* that, got caught doing it, lied about doing it, and then admitted doing it.

                  Then got caught passing this intelligence off to domestic law enforcement, lied about doing so, got caught lieing about it, and then finally admitted to doing it.

        2. How would we do that when the US government’s law enforcement agencies have already *admitted* to using this information and then using ‘parallel reconstruction’ to get their evidence without having to submit the NSA’s work to court scrutiny?

          1. ‘parallel reconstruction’

            Thank you, that’s the phrase I was searching for.

          2. Regardless of how the information is acted on, it still requires a warrant to obtain the information. I agree that “parallel reconstruction” is bullshit, but it has nothing to do with how and when intelligence is collected.

            1. Uh, no – you missed the part about where the NSA collected the information *sans* warrant and then passed that off to other law enforcement agencies who then used that intelligence to give them a leg up on where to look for evidence they *could* get a warrant for and then not need to subject the NSA’s activities to court scrutiny.

              1. Wrong. You made up the part where “the NSA collected the information *sans* warrant and then passed that off to other law enforcement agencies”. The only reason ‘parallel reconstruction’ is used is to protect the sources and methods of intelligence that was legally collected.

                1. What warrant did the NSA have to collect the information in the first place?

                  They’ve *already* admitted they collected info without so much as a FISA court rubber-stamp warrant, let alone a warrant based ‘. . . upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.’

                2. Dude, if you’re going to argue that the government *should* have the power of warrantless searches – the argue that.

                  But don’t jump in and claim that what the government’s been doing is kosher because they’ve been following established precedent when its already been shown they aren’t.

                3. And protecting sources and methods is something that still requires judicial review – it is not something that can be unilaterally decided by an agency.

            2. Regardless of how the information is acted on, it still requires a warrant to obtain the information

              Except when they didn’t obtain a warrant, had their hand slapped, and they pinky-promised they had either stopped the practice, or would never do it again.

        3. An independent executive branch board has concluded that the National Security Agency’s long-running program to collect billions of Americans’ phone records is illegal and should end.

          http://www.washingtonpost.com/…..story.html

          So it appears, Mr. Anon E. Mouse, that we seem to be labouring under predication that we act until we’re caught.

          “We have not identified a single instance involving a threat to the United States in which the telephone records program made a concrete difference in the outcome of a counterterrorism investigation,”

          So here we go back to your ‘prosecuted’ argument. Maybe they’re not prosecuting anyone, because the mountains of data they’re mining is FUCKING USELESS.

          But like an open-minded thief, the philosophy seems to be, steal it now, figure out what you’re going to do with it later.

          1. The key part of this phrase is “in the outcome of a counterterrorism investigation”. I can absolutely guarantee you that we don’t spend billions on SIGINT for nothing.

            1. So you’re saying that these illegal spying operations are for sort of, whatever crime fighting priorities are on the whiteboard?

              1. I’m saying that the primary customer for all national intelligence is the DoD. The DoD doesn’t “investigate” terrorism; they eliminate it.

                1. I’m saying that the primary customer for all national intelligence is the DoD. The DoD doesn’t “investigate” terrorism; they eliminate it.

                  Unfortunately, that’s the problem. Apparently, had they “investigated” the tips they were getting from all that sweet illegal data mining, they’d have realized the only thing they’re eliminating are Pakistani weddings.

                  1. You’re a fucking idiot if you think that anyone just indiscriminately launches missiles at random wedding parties. The Taliban cross into and out of Pakistan at will. A “Pakistani wedding” consists of a bunch of Taliban men on winter break, deciding who is going to butt-fuck the 14 year-old bachi boy first.

                    1. A “Pakistani wedding” consists of a bunch of Taliban men on winter break, deciding who is going to butt-fuck the 14 year-old bachi boy first.

                      Your mask just came off.

                      So let’s sum up.

                      You demanded an example of the NSA illegally acquiring data on Americans. I provided not one, but two.

                      You cleverly added the addendum that someone had to have been successfully prosecuted based on this illegal data– a point which suggests that it’s not the illegality of the spying, but the fact that they’ve been incapable of acting on any of this illegally obtained data.

                      Then you suggest that it’s not really about prosecution or due process at all, it’s all to provide the #1 client, the DoD, the data (evidence) required to drone-bomb terrorists back to blighty. So it’s all ok if they’re spying on Americans because they’re drone-bombing foreigners based on that data, not doing anything to the Americans they’re spying on.

                      Then you blithely dismiss the KNOWN bad-shoots the DoD is responsible for because hey, it’s all in the service of getting the bad guys.

                      And we’re being sensational.

                    2. You didn’t provide shit. The section 215 metadata collection programs were deemed legal at the time, and as such, were not illegal. Were they wrong? Fuck yes, they were wrong, but they were functioning under the direction of the Executive, with the approval of the Judiciary. Your second “example” is total nonsense. Nobody at the NSA passed TS/SCI information to a police department to go check out a suburban couple who looked up pressure cookers on the internet. It’s concocted bullshit.

                      I never said anything about it being OK to spy on Americans, ever. I said that they’re not spying on Americans without a warrant. I asked you for a single example of any US intelligence using illegally collected intelligence to prosecute or persecute any US citizen, and you came up with…nothing.

                      What “KNOWN bad-shoots”? Is there going to be collateral damage when we vaporize a bad dude at his cousins wedding? You bet there is, but you know what? I don’t give a fuck whether someone beats Mohammed bad-guy to death with the severed leg of his infant son. I really don’t fucking care. We’re talking about people who blow up schools full of little girls, and cut the heads off female Red Cross workers, on video, just because.

                    3. And what mask just came off? Ever hear of bacha bazi? It’s pretty common in Afghanistan and some other muslim countries. It’s what happens when there is absolutely no social interaction allowed between men and women, under threat of death. Homosexuality, bestiality, and pederasty are rampant.

                2. The DoD doesn’t “investigate” terrorism; they eliminate it.

                  You have some weird view of what we do in the military.

                  If all those guys did was go out and kill terrorists, then who are all the people inside Gitmo? Why are they there if not for ‘investigations’?

                  1. “You have some weird view of what we do in the military.”

                    I spent 11 deployments and roughly five years of my life in Iraq and Afghanistan. I have a pretty fucking good idea of what “we” do in the military.

                  2. BTW, were you ever in the military during wartime?

            2. I can absolutely guarantee you that we don’t spend billions on SIGINT for nothing.

              Oh well what more could I want than the pinky-swear of some surveillance state apologist mongoloid on the net? That MUST mean that all this money spending is somehow different than what the rest of government does.

            3. Oh, well, if you guarantee it, then it must be OK.

              1. Oh, well, if you guarantee it, then it must be OK.

                Don’t laugh, a random troll named “anon e. mouse” on the internet promising us that it’s all kosher is exactly as good as the NSA telling us it’s all Kosher.

                1. You should stick to a subject you know something about, like “the curvy shape of cars” or something.

                  1. You should stick to a subject you know something about, like “the curvy shape of cars” or something.

                    Your boss at the NSA is proud of your efforts at PR.

                    1. Yea, he might be if he actually existed. I’m self-employed, and own my own company.

                    2. Yea, he might be if he actually existed. I’m self-employed, and own my own company.

                      I wish your basement comicbook operation the best of luck.

            4. I can absolutely guarantee you that we don’t spend billions on SIGINT for nothing.

              We’ve got terabytes of data to show for it, for one thing.

              Nobody has been able to show that all this data accumulation and mining has actually been useful in fighting terrorism, though.

              1. Yea, because they should come right out and tell everyone what they do, and how they do it, right?

    2. ITT, a surveillance state apologist gets pwnd up and down.

      1. Awww….”pwnd”…that’s so cute. What are you, 17 years old?

        1. So, with no facts to back up your assertions and no coherent argument for allowing expansive surveillance, you resort to childish attacks on others?

    3. BUT, nobody is going to sit around listening to your phone calls or reading your emails without a warrant, period.

      Your faith in our spooks is remarkable.

      Their fundamental program of collecting data en masse, regardless, is itself a form of warrantless surveillance. No different, really, than if the cops came into your house and made a copy of the contents of your file cabinet. Whether they actually read it or not is kind of red herring, in my opinion.

      1. Or, something we already have precedent for, using an IR camera to film the interior of your house from the street.

        Its still a search even if no-one looks at the recording.

  12. R. Paul should/better run on cutting these guys down at the knees. Think there are lots of people who are otherwise non-committal, confused or ambivalent about their politics that are damned mad about this NSA shit.

    This issue could cut across both teams & differentiate him from other Repubs in the primary & HRC in the general.

Please to post comments

Comments are closed.