Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Boundless Informant: the NSA's secret tool to track global surveillance data

fukami f at foo.io
Mon Jun 10 16:43:38 PDT 2013


Heu! 

On 11.06.2013, at 01:11, x z <xhzhang at gmail.com> wrote:
> I argue that direct access or not is is substantive, not semantic. We have
> the following two versions of the story:
> 
> *A: The Guardian story alleges that NSA has direct access to user data from
> major internet firms, and these firms are willingly cooperating with NSA
> for the capability of en masse data pull. It indicates that NSA can pull
> whatever data they feel like, and that NSA has such dark power that all the
> internet firms have to kowtow.*
> 
> *B: On the other hand, NSA and these companies' statement is consistent to
> what most of us have already known, that NSA can request data from these
> firms on the basis of FISA. And the data pull is quite limited. (By the
> way, it doesn't really matter it's US or non-US citizens to me, there's
> nothing special about America).*
> 
> Do you think the difference between the two is merely semantic? Also, if
> you believe in A, then everybody on the NSA/corporation side are liars, and
> we are truly living in a police state. This, is, not, semantic.

Taking a look how this works in other countries, I'm sure it works pretty
much the same way in the US. I.e. in Germany there is traffic duplication 
at provider level where the data gets send over so called SINA boxes - 
nowadays even without any sort of real safe guards, and providers simply 
don't know anymore what's really going on in their networks (so far for the 
Upstream part for LI and homeland secret service). 

For direct data access there are in fact known APIs for everything, be 
it Swift, PNR or whatever. You shouln't need much fantasy to get an idea 
of the actual implementation at service level. So I agree 100% with Jake.
And really: At the end it doesn't matter how exactly it works - it just 
does and it is widely used. 

As a side note: An interesting story popped up today in the German press 
where a 18 year old Au Pair got send back home because of her private Facebook 
conversations. So it seems that even the DHS has this kind of capabilities. 
Giving the fact that there are thousands of people entering the US every day,
do you really think they don't get this information in an automated fashion
via API? I seriously doubt that.  

> @Jacob, if your hypothetical FISA API thingy works only on the limited data
> the firms knowingly disclose to NSA, then it's not big deal. This "FISA
> API" thing is semantic, not substantive, to use your classification scheme.

Jake made the most important point already: The laws doesn't allow the 
companies to even tell the whole story. Although it might look like a weak 
argumentation, it is in fact a strong one. 

Also do you *really* believe a guy like Zuckerberg more than internal training 
material of the NSA? I don't for a simple reason: Why should they lie on these 
slides? It makes no sense at all. These were not made with a public audience 
in mind. This has nothing to do with paranoia of any sort but common sense.


Take care,
  fukami





More information about the liberationtech mailing list