Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Boundless Informant: the NSA's secret tool to track global surveillance data

Jacob Appelbaum jacob at
Mon Jun 10 16:25:31 PDT 2013

x z:
> I argue that direct access or not is is substantive, not semantic. We have
> the following two versions of the story:
> *A: The Guardian story alleges that NSA has direct access to user data from
> major internet firms, and these firms are willingly cooperating with NSA
> for the capability of en masse data pull. It indicates that NSA can pull
> whatever data they feel like, and that NSA has such dark power that all the
> internet firms have to kowtow.*

That is correct.

> *B: On the other hand, NSA and these companies' statement is consistent to
> what most of us have already known, that NSA can request data from these
> firms on the basis of FISA. And the data pull is quite limited. (By the
> way, it doesn't really matter it's US or non-US citizens to me, there's
> nothing special about America).*

This sounds like semantic bickering. If the FISA order says to pull data
on your account, your account is pulled; Twitter did not automate it,
others did.

> Do you think the difference between the two is merely semantic? Also, if
> you believe in A, then everybody on the NSA/corporation side are liars, and
> we are truly living in a police state. This, is, not, semantic.

Yes. It is semantic. The reason is because under FISA, basically any and
all data is fair game. Thus, a FISA API may be only limited in what it
might say and as we see from Verizon, well, gosh, some limit! However,
UPSTREAM tells us how they complete the picture.

So in the case of the Verizon order, if they installed a tapping device
on a span port in Verizon's network - does that count as direct access?
I'd say yes.

> @Jacob, if your hypothetical FISA API thingy works only on the limited data
> the firms knowingly disclose to NSA, then it's not big deal. This "FISA
> API" thing is semantic, not substantive, to use your classification scheme.

The firms don't know it, perhaps some agent might know but say, the CEO
of Google? Is he read into the program and cleared? If not, actually,
I'd argue that the firm doesn't know it. Nor would the board.

> @Yosem, I always applaud the accurate disclosure of the AT&T and Verizon
> cases. That is one thing that we need to change.
> Let me stress it again, I am not rooting for B, I think it need more
> transparency and FISA need revision. But let's not pretend that the
> government is so powerful, that *is* paranoia.

FISA needs to be torn down. It is a disgrace.

The US Government is powerful and what we see is that the only thing
you're grasping at here is about "direct" versus "indirect" access
semantics. In good time, I think you will find that you were seriously
mistaken by your read on all of these things. I look forward to hearing
your suggestions on what to do next - once you accept the seriously
awful reality that is reflected in these leaks and in places like Bluffdale.

All the best,

More information about the liberationtech mailing list