https://www.nytimes.com/2017/04/28/us/politics/nsa-surveillance-terrorism-privacy.html
The National Security Agency said Friday that it had halted one of the most disputed practices of its warrantless surveillance program, ending a once-secret form of wiretapping that dates to the Bush administration's post-Sept. 11 expansion of national security powers.
The agency is no longer collecting Americans' emails and texts exchanged with people overseas that simply mention identifying terms — like email addresses — for foreigners whom the agency is spying on, but are neither to nor from those targets.
The decision is a major development in American surveillance policy. Privacy advocates have argued that the practice skirted or overstepped the Fourth Amendment.
The change is unrelated to the surveillance imbroglio over the investigations into Russia and the Trump campaign, according to officials familiar with the matter. Rather, it stemmed from a discovery that N.S.A. analysts had violated rules imposed by the Foreign Intelligence Surveillance Court barring any searching for Americans' information in certain messages captured through such wiretapping.
Though I'm personally wondering why now.
(Score: 0) by Anonymous Coward on Monday May 01 2017, @05:47AM (18 children)
Seems like its more of a PR move.
Email is a lot more secure now, nearly all smtp connections are encrypted.
Lots of people are using encrypted texting apps rather than old-fashioned SMS.
So seceding their ability to wholesale collect those things when they cross the national border isn't really giving up all that much.
(Score: 2, Insightful) by frojack on Monday May 01 2017, @05:50AM (17 children)
Email is a lot more secure now, nearly all smtp connections are encrypted.
Chuckle....
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Monday May 01 2017, @05:56AM (5 children)
Only a chuckle? I'm ROFLMFAO at the idiot who probably thinks SMTP is encrypted because of HTTPS Everywhere.
(Score: 0) by Anonymous Coward on Monday May 01 2017, @06:04AM (4 children)
Because TLS isn't a thing...
(Score: 0) by Anonymous Coward on Monday May 01 2017, @06:09AM (3 children)
Because just by sending an email you have so much control over whether TLS is used between SMTP relays. Get a fucking clue.
(Score: 2) by Whoever on Monday May 01 2017, @06:24AM (2 children)
And you should get a clue.
TLS is becoming near universal for SMTP. And email doesn't travel between many relays.
(Score: -1, Troll) by Anonymous Coward on Monday May 01 2017, @06:35AM (1 child)
Wow! That's grrrreat! Now when you say "becoming near universal" you mean Gmail, right? Man, you're so right, just do all your email on gmail. In fact don't even call it email anymore. Call it gmail because that's what it is, it's gmail.
Tell you what, I tried to send some gmail to a blogger who runs his own gmail swerver, and you know what happened, my gmail was returned because mr blogger never set up a mx record for his gmail swerver. I guess that guy won't be getting any more gmail, huh?
Compatibility, what the fuck is it, I don't even.
(Score: 1, Interesting) by Anonymous Coward on Monday May 01 2017, @01:59PM
Maybe? I'm not sure exactly what you're saying so this is kind of long-winded.
Data in motion encryption for email at this point is mostly a solved problem. One site's relay hands directly off to the recipient's relay, and it's easy to verify encryption by checking the logs.
I understand. I'm one of those crypto nerds who wants to be able to use GPG and similar for everything, just because you can't be sure.
It's a lot better than 10 years ago when I started my current job. Back then I was warning everybody who wanted reports that might contain Protected Health Information protected by HIPAA that they needed to install GPG4WIN because "email is insecure." Now, I'm not a compliance person and my employer isn't a Covered Entity, so I'm sure somebody will tell me that server-to-server TLS won't protect somebody from getting in trouble with HIPAA/HITECH because of insert fiddly lawyer speak here (oh and btw, license this secure "email" service that's not even SMTP but some web-based jazz from $big_business to solve that problem!).
Once TLS became pretty much bog standard for everybody except, who was it?, Yahoo? some-odd big webmail provider that for whatever reason doesn't do TLS last I checked (but not AOL of all providers, they do TLS as well), there really was no reason to insist on a client-side solution anymore.
...as you might have been trying to say (hard to tell), the biggest problem is people using free gmail accounts (and I've even come across some AOL addresses!) to receive reports that may contain confidential information, especially if it's not PHI (and thus the HIPAA people don't give a fuck about it--why should they?). Sure, the data in motion is secure, but the data at rest is most assuredly not.
To attempt to address the article, perhaps what the NSA is saying in a weasel word way, is that the NSA itself is no longer doing the collection, but they've got new Room 641As installed at Google, Yahoo, M$, etc. Why bother with attempting to break TLS between MTAs when everybody these days is handily storing their emails on centralized services?
(Score: 2) by Whoever on Monday May 01 2017, @06:21AM
I think it's more a matter of scale. Yes, the NSA can probably get access to encrypted smtp sessions, but not all of them.
The most obvious attack against smtp is a MITM attack. Many STARTTLS sessions use self-signed certificates, so, in general certificates are not validated.
But MITM attacks require cooperation from telecom and Internet companies and the MITM attack can potentially be detected. So, probably, the NSA save this for targets that are more interesting.
(Score: 1, Interesting) by Anonymous Coward on Monday May 01 2017, @06:25AM (9 children)
Chuckle....
Once again frojackoff demonstrates his ignorance by smugly assuming his superiority.
https://www.eff.org/deeplinks/2014/06/new-gmail-data-shows-rise-backbone-email-encryption [eff.org]
https://www.google.com/transparencyreport/saferemail/ [google.com]
(Score: 0) by Anonymous Coward on Monday May 01 2017, @06:43AM (2 children)
Why the fuck do we even have email anymore. Doesn't everyone use fucking gmail already. We don't even fucking need smto because gmail can just deliver gmails between gmail accounts by dumping shit directly into the backend database. Why the fuck do we even have email anymore.
(Score: 3, Insightful) by kaszz on Monday May 01 2017, @09:17AM
Because we don't trust American corporations nor Google?
And being dependent on some far away server for personal communication is a bad dependence idea.
(Score: 0) by Anonymous Coward on Monday May 01 2017, @02:13PM
Ah, I think I see what you're complaining about.
At least gmail speaks SMTP, even if retards don't set up their server instances correctly.
In my long-winded comment up there I touched on it briefly. Hospitals wound up turning to proprietary solutions made by the usual suspects (Cerner & Epic). You're bitching about gmail. When you get a "Cerner," all you get is a notification over SMTP that there's an email waiting for you. Then you have to go to the hospital's server, sign up for an account (I think I must have 10 or 20 of those running around now that I've never used for more than a few mails), and then you can read and send mail.
It's as if somebody considered TLS, considered S/MIME, considered PGP/MIME, considered non-MIME PGP, and said to hell with it! We're gonna roll our own cloudy web-based shit because SMTP isn't hip!
I blame Outlook for it mostly with their piss-poor S/MIME support and NIH syndrome with PGP. In a better world, everybody uses KMail from KDE 3.5, everything is encrypted endpoint to endpoint in motion and at rest, and it's happy and everything is perfect.
So no, I don't like that idiots set up misconfigured gmail instances and then blame you because you're the only non-gmail person they're in contact with so it must be your fault. Just stand your ground, and yeah, you'll lose a little business here and there because of arrogant dumbassery. At least gmail speaks SMTP. It could be much, much worse.
(Score: 2, Interesting) by Anonymous Coward on Monday May 01 2017, @07:40AM (5 children)
Infomative +1, Flamebait -1, net zero.
I appreciate you taking your time to post things supporting your point of view.
But can we please refrain from flaming fellow Soylentils?
If you think Frojack came across as a know-it-all, you did not come across well at all with that childish name-calling.
I am just happy you posted AC, as I really hate to type stuff like I just did to someone by name.
From one AC to another... please cut it out... Inciting flamewars here is not cool at all. That's why a lot of us left the other site.
We like to think we have the professionals here... and they have the kids.
(Score: 0) by Anonymous Coward on Monday May 01 2017, @07:54AM
We like to think we have the professionals here... and they have the kids.
You wish. Soylentils are aging boomers going through their second childhood.
(Score: 1, Insightful) by Anonymous Coward on Monday May 01 2017, @08:05AM (2 children)
From one AC to another... please cut it out... Inciting flamewars here is not cool at all. That's why a lot of us left the other site.
Frojackoff is part of the contingent here more interested in turning this place into a pig-sty than productive discussion.
You'll note that his post was:
(1) Condescending
(2) Content free - he couldn't even be bothered to write a thesis that could be debated
The fact that I took his subtext and made it text just reveals what was there all along.
Your complaint to me is misdirected. If you want respectful discourse, aim your criticisms at the people who open the gates of disrespect.
And don't even try a "when they go low, we go high" rebuttal, anyone who says that without bothering to criticize the people who go low has no standing.
(Score: 0) by Anonymous Coward on Monday May 01 2017, @08:38AM
You're not worth my time to write a thesis that could be debated. From now on I'm only coming to SoylentNews for the obituaries and I want to dance a lively jig on each and every one of your graves.
(Score: 0) by Anonymous Coward on Tuesday May 02 2017, @05:25AM
I never claimed Frojack posted a useful post. Yours was a lot more informative, and it looks like his post caused you to post additional info.
He was the trigger. You did the good thing. Frojack's post was not worth a mod one way or the other. Yours was. Informative.
I only took issue to the name-calling.
(Score: 2) by Whoever on Monday May 01 2017, @04:03PM
Oh please, just please STFU.
The response to Frojack had some numbers to refute Frojack's snarky and content-free comment.
You (parent) might like to think that you are an adult, but by supporting posters in their trolling, you are being a child.
(Score: 5, Insightful) by frojack on Monday May 01 2017, @05:48AM (2 children)
Though I'm personally wondering why now.
I'm wondering why anyone would believe them now.....?
No, you are mistaken. I've always had this sig.
(Score: 3, Insightful) by Phoenix666 on Monday May 01 2017, @11:44AM
I'm with you there. None of it means anything unless they go to jail.
Washington DC delenda est.
(Score: 0) by Anonymous Coward on Monday May 01 2017, @02:40PM
Why believe them now? Because the whiny little bitch in chief threw a twitter tantrum about getting caught in the mass surveillance dragnet. Whiny little bitch doesn't understand why he and his shit stain buddies can't freely conduct covert communications with Russia so he told the NSA to knock it the hell off.
Mass surveillance is fine as long as it's not inadvertently shining a spotlight on the unethical and illegal shady dealings of those in charge. Can't have the plebs seeing how the world REALLY works now, can we?
I, for probably the first time in my life, believe them this time. Someone "high up" finally got caught in their own machine.
(Score: -1, Troll) by Anonymous Coward on Monday May 01 2017, @06:04AM
Linux Torfalds renounced his Finish citizenship when he became a loyal capitalist pig of the American Empire. When you fart in Linux direction on shithub you're not communicating with a foreigner. You're rubbing ducks with an all-American greedy scumbag who loves doing evil for money.
(Score: 4, Insightful) by Anonymous Coward on Monday May 01 2017, @06:11AM (2 children)
The extreme specificity of what is no longer being collected makes this read very much like a lie by omission. There is also a complete lack of any reason given it. There's also the fact that the NYT is reporting on it. If this were a genuine decision, it seems likely that the only impetus for it would be either an act of congress, or a major legal precedent being set somewhere. I'm aware of neither of these, and the article mentions neither of these. And in either case it would be something the NSA would likely be keen to keep under wraps. Also the tactic being reported is one of the very few I think most people would generally be okay with (though if you think about it, it implies an all encompassing dragnet to begin with). By contrast other things revealed about the NSA surveillance include tactics [theguardian.com] such as the ability to intercept every single domestic conversation (including video) in Skype with aid in undermining Microsoft's encryption, by Microsoft. Why would they get rid of something that actually makes sense, and then report about it to the NYT? I hate to use such a loaded term, but this really looks like propaganda designed to make our increasing surveillance state seem 'less bad.' "Thanks to those people complaining about surveillance, now the NSA can't even grab emails directly talking about the bad guys!"
(Score: 2) by inertnet on Monday May 01 2017, @01:33PM
lie by omission
Not that I believe so myself, but a cynical explanation using the above quote would be: this type of surveillance is now done by a different agency. The news article would not be a lie, but it would omit essential information.
(Score: 1, Informative) by Anonymous Coward on Monday May 01 2017, @03:50PM
exactly. and yes, the nyt is just a mouth piece for the intel community/supra national surveillance state.
(Score: 3, Informative) by kaszz on Monday May 01 2017, @09:26AM (1 child)
In other news Santa Claus is real.
Microsoft will produce bug free code and stop selling themselves to alphabet soup.
Also NSA has ended spying.. yeah right.
Let independent 3rd parties inspect all telecom equipment unannounced for a starter, like Room 641A.
(Score: 4, Insightful) by maxwell demon on Monday May 01 2017, @12:27PM
It's trivially easy to implement the new policy without reducing activities: Just declare everyone as target. Voila, no more surveillance of non-targets.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 3, Interesting) by AthanasiusKircher on Monday May 01 2017, @01:25PM (1 child)
Like others here, I initially wondered, "Why?" Is the NSA really doing the right thing here? Was the FISA court really reining in the NSA?
Assuming the NYT article is accurately reporting what happened, there is perhaps a potential explanation buried deep in the article. I first was alerted to something fishy in the antepenultimate paragraph:
Although one official initially suggested that the more recent problem was that analysts had improperly searched that special database, a senior intelligence official clarified that the problem instead stemmed from querying for Americans’ information in upstream data generally.
So, it wasn't just looking for terrorists through collection of Americans' emails: it was "querying for Americans' information." That rang a bell for me with a passage earlier in TFA:
under rules imposed by the intelligence court, analysts were not supposed to search for Americans’ information within that data set [i.e., the "upstream" database].
Analysts are still, however, permitted to search for an American’s information within another repository of emails gathered through the warrantless surveillance program’s so-called Prism or “downstream” system, which gathers emails of foreign targets from providers like Gmail and Yahoo Mail. That system does not collect “about” communications.
The change announced Friday eliminated the factor that made upstream collection more sensitive than Prism collection, and the agency said it was purging its repository of messages it had previously gathered under the old rules. The official said the intelligence court’s presiding judge, Judge Rosemary M. Collyer, has now authorized the agency to use Americans’ identifiers to query the newly captured upstream internet messages, too, for future intelligence investigations.
AHA! See, there's the upshot for the NSA.
Perhaps others can parse this differently, but the way I read this article is the following:
(1) This isn't about terrorists, it's about spying on Americans.
(2) The FISA court determined the terrorist "dragnet" was too large in the "upstream" collection, and ruled several years ago that the NSA couldn't directly query for Americans' info without a warrant.
(3) The NSA says "oops" to the FISA court: "We did keep searching for Americans' info."
(4) The FISA court says, "You need to fix that."
(5) Much handwringing at the NSA. Then, oh -- if we still want to put surveillance on Americans, maybe FISA will let us if we narrow the dragnet!
(6) NSA says, "We'll stop the 'about' collection from upstream!"
(7) FISA says, "Okay, now you're free to search the database for warrantless surveillance of Americans again!"
So, the cynical way to interpret this decision is that the NSA would rather have a more limited database to query for spying on Americans (i.e., limited to emails exchanged with foreign "targets"), rather than having more data allowing it to spy on actual foreign terrorists.
The even more cynical way to look at this is that the NSA will likely expand its definition of "foreign targets" quite substantially in the coming years, thereby enlarging the database of collected info again, though now with the freedom to search for Americans' information without a warrant.
(Score: 3, Interesting) by Yog-Yogguth on Monday May 01 2017, @04:30PM
"What does William Binney say?" or WDWBS? :)
The US government liars and thus the NYT liars and the rest all tried this back in 2015 (see second blockquote below). No one of merit bought it then so they have to try again, and again no one with a barely functioning brain will buy it if they pay any attention at all.
Here's the recent Washington's Blog entry [washingtonsblog.com] from April 30ieth 2017 (yesterday, relative date), I've added the bold emphasis and removed link clutter:
Visit the link to the post to get additional and clickable links.
I would add that while nothing has changed for the better that fact alone means that it automatically has changed for the worse simply due to technological progress (examples like how public civilian research now manages to copy the entirety of a voice in near real-time needing only a sample of one minute of speech and immense improvements in automated intelligence analysis (Snowden's old job) only come in addition to more mundane things like Moore's Law).
Another nitpick is that Binney says "could" when he ought to say "will". There is no "could" in "automated retrieval of everything" :3
Compare the above to Washington's Blog [washingtonsblog.com] in 2015:
Visit their site for the links and more (including how the content of all your phone calls also goes into the in-box), the above blockquote is just a snippet.
Whatever any US government or anyone under their control (all western governments, all western media, all "opposition", all ideology, all "quarrels", popular culture and entertainment) says or pretends is manipulation. One has to remember that every time one sees anything at all be it about Syria, Iran, North Korea, Russia, China, the US itself, anything at all in the "news".
Surveillance is the "IN box", manipulation is the "OUT box".
Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))
(Score: 2) by Geezer on Monday May 01 2017, @02:42PM
Lies, all lies, I tell you!