not only was there not "definitive evidence"; if you said that the companies did that sort of thing you were called a conspiracy theorist whackaloon. oddly 85% of the general public suddenly was like "well of course they spy on email" after all this came out.
That's not the general sentiment I recall. There was a general sense of 'the government's probably watching' (along with who knows who else: early internet protocols like email really aren't resistant to snooping by more or less anyone), just no public info on specifically how (and you might get some disapproving looks if you claimed any specific approach without evidence).
It depends. If you were a hacker who'd read Bamford and the news from whistleblowers like Klein, talking with other hackers, that general sense was common knowledge. But if the topic came up in conversation with, like, the guy you're subletting a room from in NYC, you could get a very skeptical look.
(I wonder if these people remembered those conversations after Snowden.)
I'm sure it depended on the audience, but I and others [0] guessed at broad electronic surveillance well before the 641A revelations. I was never called a conspiracy theorist for it either. In the 1990s if you had read Bamford's The Puzzle Palace [1] (published in 1982) and observed the government's legal fight against Zimmermann's PGP encryption software [2], you could make an educated guess close to the truth. If you phrased it as "I'm sure that the government is spying on everything," that went beyond the realm of what could be proved then, but airing suspicions about broad government snooping never elicited strong denials in my experience.
[0] Like the people on the Cypherpunks mailing list
> [1] (published in 1982) and observed the government's legal fight against Zimmermann's PGP encryption software [2], you could make an educated guess close to the truth.
what percentage of the US population do you reckon could "make an educated guess" about the technological capabilities of the US government in 2002?
please remember this is a technology discussion forum, not a general public forum.
> Zimmermann's PGP encryption software
"PG what? Encryption? like the cryptkeeper? I like hans zimmer music"
People suspected there was funny business going on since the Patriot Act was passed in 2001. By 2003 gangs were aware government spied on phones at scale. NSA regularly came up in my high school tech class in 2004, in connection with War on Terror. By 2005, the program was confirmed.
Lots of people know lots of things. The problem is those things aren't always true. And until there is a defacto public acknowledgement of something many people defer to the 'official position.'
Here's a present time one for you - all US based cloud providers, including Apple, are providing full (and probably indirect) real time access to everything stored on those servers to various organizations including, but not limited to, the NSA. Lawsuits around this issue are motivated solely by an effort to do away with parallel construction [1] and enable the evidence obtained through such means to be able to be directly used.
Lots of people know this, lots of people also think this is crazy talk. And prior to Snowden, and to a lesser degree Klein, the overwhelming majority fell into the latter camp regarding anything even remotely close to the scope and scale of what the NSA was doing.
That's a really charitable way of framing the fact that a 15% minority screeching about "the government would never" and "but there's no proof" was able to control the narrative despite people generally having doubt or believing otherwise privately right up until the point that the proof was public record and so ironclad that even mainstream media had to report on it.
(I assume the 85% number is made up, but for whatever the number is the point stands)
The really odd thing is that 85% of the general public will say "well of course they spy on email" even today, after Snowden's leaks showed that the Obama administration had shut that down.
Setting aside the fact that the leaks you're referring to are over a decade old at this point, they also established that GCHQ buffered the entirety of the UK's internet traffic for 72 hours, bit for bit.
If you think there's no collection on e-mail, rather than just legal shell games being played with terminology and various compartments, then I've got a bridge to sell you.
In fact, the bridge is made of metadata and nothing else.
SMTP connections are wrapped in TLS these days, so even if you were to collect email transfers bit for bit, you wouldn't be able to read them, not even metadata.
IIRC there's been speculation that the NSA can/has brute forced TLS keys up through 4096 bit size. I read a paper once that crunched the numbers on energy cost and compute time and whatnot it comes out looking like a reasonable investment for them.
Obviously they'd have to keep such an exercise on the DL if they did do it because increasing key size is pretty trivial.
A 4096-bit RSA key is still well beyond the means of even a very capable state actor. The standard nowadays is 2048-bit RSA keys, cracking of which is also (probably) still beyond anyone's capabilities. Maybe a multi-year effort directed at a specific target might manage to crack a single key, but I wouldn't bet on it. RSA cracking efforts would almost certainly focus on smaller keys that are still being used despite the warnings.
However, even if they did crack a major infrastructure provider's RSA key, TLS nowadays uses ephemeral key exchange which provides forward secrecy. So it doesn't matter if an intelligence agency collected every packet, they could not decipher the contents after the fact. They would have to actively interdict every TLS handshake and perform a man-in-the-middle attack against both parties all the time.
It is extremely doubtful that this is happening en masse. Such a process would require an immense amount of online computing power directly in the path of all Internet traffic. Much of the compute available to intelligence agencies (and accounted for in back-of-the-envelope calculations by outside parties) is effectively offline due to airgaps. It's not like they want people doing to them what they're doing to others, after all.
It's much easier to send an NSL to Google to read your email than to try to intercept it over the wire. The latter capability would be reserved for high-value targets unreachable by the US legal system, not mass surveillance.
>It's much easier to send an NSL to Google to read your email than to try to intercept it over the wire. The latter capability would be reserved for high-value targets unreachable by the US legal system, not mass surveillance.
What? No it didn't, not at all. The leaks clearly showed email as being one of the many things being directly surveilled. Here is one of the many slides directly acknowledging as much. [1]
If you mean the rhetoric around it, then yeah - politicians lie, especially when engaging in what would be seen as deeply unpopular behavior. This isn't a shock. I assure you the admin that passed indefinite detention without charge or trial [2] wasn't some crusader for civil rights. Obama was just ridiculously charismatic and could sell a drowning man water, but he was no different than the rest in behavior.
I actually believed Obama when he spoke about ending the NSA's mass surveillance on the American people. He taught constitutional law. He knew exactly how wrong it was. I suspect that once he got into office he was either strong armed into changing his tune (and into ultimately giving the NSA more spying powers on the public) or he was shown enough secret evidence that it scared him into thinking it was necessary to violate the freedom of all Americans in order to keep us safe from terrorists. I'm not sure which scenario should worry me more, but at this point I don't think anyone in government has the ability to really stop the NSA.
> I actually believed Obama when he spoke about ending the NSA's mass surveillance on the American people. He taught constitutional law. He knew exactly how wrong it was. I suspect that once he got into office he was either strong armed into changing his tune (and into ultimately giving the NSA more spying powers on the public) or he was shown enough secret evidence that it scared him into thinking it was necessary to violate the freedom of all Americans in order to keep us safe from terrorists.
Man... When a bombastic politician promises something but doesn't deliver, the common response is "Oh, well, of course he just made an empty promise. What can you expect?". When a more genial politician that affects a more-typical reserved public face promises something but doesn't deliver, they get the benefit of the doubt. "Surely that wasn't an empty promise just to get more power! Surely something happened that convinced them against their better judgement not to do it.".
Respectfully, these are a class of people who have no problems saying trivially-verifiable lies to the public at large (as time has proven that there are no lasting consequences for lying to the public), and little problem with lying to members of Congress or even the courts (again, because here "lately" there are no real consequences for the act).
Don't believe what they say, believe what they do... because you're not privy to the conversations that they have that actually matter, so you have no idea what they actually intend.
The sayings about power corrupting date back to time immemorial. It's easy to say something is wrong (or right) when you are in no position to meaningfully impact, or be impacted, by what you're speaking of. It's another altogether different thing when you are in a situation to define the limits of your own powers, or that which even might affect you.
This, in many ways, is what made the Founding Fathers so unique. They were in a position to grant themselves effectively any and all powers they might ever desire. Yet instead, they sacrificed all of that in pursuit of a more free and just society, in many cases to their own detriment. In modern times I do not think there's any real comparable examples. Instead it's just endless power accumulation, tempered only by the oft liminal protest of the citizenry.
> In modern times I do not think there's any real comparable examples
There are real comparable examples, from South America and Africa, and America herself. You won't hear about them much, partly because they break important narratives and partly because often the US went to extraordinary lengths to smear, coup and/or murder those people.
> I actually believed Obama when he spoke about ending the NSA's mass surveillance on the American people
He did. Snowden's leaked documents showed that he has already ended mass email surveillance. He ended mass phone surveillance after the leaks. Do you have any evidence whatsoever that he didn't?
We were talking about mass surveillance. PRISM isn't that. They used to collect mass email metadata, using facilities like Room 641A. Snowden's leaks showed that they had already stopped. These days, it wouldn't even be technically possible, let alone legally possible, because pretty much all SMTP traffic is over TLS. Gmail won't even accept unencrypted SMTP connections.
> These days, it wouldn't even be technically possible, let alone legally possible, because pretty much all SMTP traffic is over TLS.
These days the government wouldn't need to decrypt email traffic going over the backbone. They'd march into the companies and ISPs who run the mail servers and monitor/collect everything from there directly, the same way they marched into AT&T and set up camp. The vast majority of the American's email can be obtained by controlling the servers of a very small number of corporations. We have Lavabit to thank for demonstrating that when the government comes knocking your only options are to comply or shut down (https://en.wikipedia.org/wiki/Lavabit)
There's no reason to think that there isn't a Room 641A at Google, Apple, MS, etc.
> They'd march into the companies and ISPs who run the mail servers and monitor/collect everything from there directly, the same way they marched into AT&T and set up camp.
This is illegal. If it were possible, they wouldn't have bothered with taps.
After the Church Committee, it is very difficult for the government to do illegal things and for it to remain a secret. That's why in all of Snowden's leaks, he revealed only a single extant illegal program, and its legality wasn't so clear that it couldn't be argued in court.
Beyond that, you ignored my previous argument. If they were already doing this, why bother to collect metadata from taps?
Oh this is such absolute misinformation. The reason court cases against the NSA spying (and other related issues) fail is because you need to prove standing which means you need to not only prove you were spied on but that it also 'materially' affected you. And in order to do so you generally need to have reasonable justification to engage in discovery - in order to get the data from the NSA themselves. At that point the NSA simply declares 'nah, national security or something', discovery becomes impossible, you can't prove anything, and the case is dismissed.
These programs all overtly violate, amongst other things, the 4th amendment, but the structure of our legal system makes it effectively impossible to legally challenge them.
> The reason court cases against the NSA spying (and other related issues) fail is because you need to prove standing. These programs all overtly violate, amongst other things, the 4th amendment.
This is pure ignorance. If it actually sucked up everybody's data, everybody would have standing. Snowden's leaks showed that they don't, that only the phone metadata program did.
What!?!? Yes PRISM is a mass surveillance program. And it's not metadata, it's piping entire content straight from the target to the NSA, in real time. This involves direct filtered data (such as Skype messages/videos) indirectly handed over by participating companies (which is probably all major tech companies in the US at this point), as well as raw upstream (essentially line tapping) data such as provided via STORMBREW. [1]
You're more than 11 years behind the news. Less than a week after Greenwald published his initial ridiculous description of PRISM, it was corrected by the people who actually built the systems at the tech companies. He stupidly thought that the DITU was a machine at the companies that could get any data, when anybody with half a clue could have told him that it's obviously https://en.wikipedia.org/wiki/Data_Intercept_Technology_Unit. The Wikipedia PRISM article's description is very clear and well-cited, and it includes Snowden's slides there to cross reference the description with. https://en.m.wikipedia.org/wiki/PRISM#The_program
The FBI tells the companies to forward the communications of specific targets to the FBI. PRISM is a data integration system that ingests that data from the FBI into NSA systems.
This is overt misinformation. PRISM works directly with the companies (well, "indirectly" to offer plausible deniability). The section you're linking to entirely quotes some random government organization which is obviously an unreliable source on such topics. As is the writing, as opposed to sources, on Wiki.
This [1] is one of the more telling leaks. It's a technical users guide for NSA employees on using realtime Skype surveillance for all modes including video and landline on arbitrary targets. [1] It even includes debugging guides like why an agent might be getting multiple copies of the same message, as happens when somebody being spied on boots up a new device and all of their messages are sent from Microsoft to them (and the NSA) simultaneously, resulting a copy of older messages (from the snooper's perspective).