The really odd thing is that 85% of the general public will say "well of course they spy on email" even today, after Snowden's leaks showed that the Obama administration had shut that down.
Setting aside the fact that the leaks you're referring to are over a decade old at this point, they also established that GCHQ buffered the entirety of the UK's internet traffic for 72 hours, bit for bit.
If you think there's no collection on e-mail, rather than just legal shell games being played with terminology and various compartments, then I've got a bridge to sell you.
In fact, the bridge is made of metadata and nothing else.
SMTP connections are wrapped in TLS these days, so even if you were to collect email transfers bit for bit, you wouldn't be able to read them, not even metadata.
IIRC there's been speculation that the NSA can/has brute forced TLS keys up through 4096 bit size. I read a paper once that crunched the numbers on energy cost and compute time and whatnot it comes out looking like a reasonable investment for them.
Obviously they'd have to keep such an exercise on the DL if they did do it because increasing key size is pretty trivial.
A 4096-bit RSA key is still well beyond the means of even a very capable state actor. The standard nowadays is 2048-bit RSA keys, cracking of which is also (probably) still beyond anyone's capabilities. Maybe a multi-year effort directed at a specific target might manage to crack a single key, but I wouldn't bet on it. RSA cracking efforts would almost certainly focus on smaller keys that are still being used despite the warnings.
However, even if they did crack a major infrastructure provider's RSA key, TLS nowadays uses ephemeral key exchange which provides forward secrecy. So it doesn't matter if an intelligence agency collected every packet, they could not decipher the contents after the fact. They would have to actively interdict every TLS handshake and perform a man-in-the-middle attack against both parties all the time.
It is extremely doubtful that this is happening en masse. Such a process would require an immense amount of online computing power directly in the path of all Internet traffic. Much of the compute available to intelligence agencies (and accounted for in back-of-the-envelope calculations by outside parties) is effectively offline due to airgaps. It's not like they want people doing to them what they're doing to others, after all.
It's much easier to send an NSL to Google to read your email than to try to intercept it over the wire. The latter capability would be reserved for high-value targets unreachable by the US legal system, not mass surveillance.
>It's much easier to send an NSL to Google to read your email than to try to intercept it over the wire. The latter capability would be reserved for high-value targets unreachable by the US legal system, not mass surveillance.
What? No it didn't, not at all. The leaks clearly showed email as being one of the many things being directly surveilled. Here is one of the many slides directly acknowledging as much. [1]
If you mean the rhetoric around it, then yeah - politicians lie, especially when engaging in what would be seen as deeply unpopular behavior. This isn't a shock. I assure you the admin that passed indefinite detention without charge or trial [2] wasn't some crusader for civil rights. Obama was just ridiculously charismatic and could sell a drowning man water, but he was no different than the rest in behavior.
I actually believed Obama when he spoke about ending the NSA's mass surveillance on the American people. He taught constitutional law. He knew exactly how wrong it was. I suspect that once he got into office he was either strong armed into changing his tune (and into ultimately giving the NSA more spying powers on the public) or he was shown enough secret evidence that it scared him into thinking it was necessary to violate the freedom of all Americans in order to keep us safe from terrorists. I'm not sure which scenario should worry me more, but at this point I don't think anyone in government has the ability to really stop the NSA.
> I actually believed Obama when he spoke about ending the NSA's mass surveillance on the American people. He taught constitutional law. He knew exactly how wrong it was. I suspect that once he got into office he was either strong armed into changing his tune (and into ultimately giving the NSA more spying powers on the public) or he was shown enough secret evidence that it scared him into thinking it was necessary to violate the freedom of all Americans in order to keep us safe from terrorists.
Man... When a bombastic politician promises something but doesn't deliver, the common response is "Oh, well, of course he just made an empty promise. What can you expect?". When a more genial politician that affects a more-typical reserved public face promises something but doesn't deliver, they get the benefit of the doubt. "Surely that wasn't an empty promise just to get more power! Surely something happened that convinced them against their better judgement not to do it.".
Respectfully, these are a class of people who have no problems saying trivially-verifiable lies to the public at large (as time has proven that there are no lasting consequences for lying to the public), and little problem with lying to members of Congress or even the courts (again, because here "lately" there are no real consequences for the act).
Don't believe what they say, believe what they do... because you're not privy to the conversations that they have that actually matter, so you have no idea what they actually intend.
The sayings about power corrupting date back to time immemorial. It's easy to say something is wrong (or right) when you are in no position to meaningfully impact, or be impacted, by what you're speaking of. It's another altogether different thing when you are in a situation to define the limits of your own powers, or that which even might affect you.
This, in many ways, is what made the Founding Fathers so unique. They were in a position to grant themselves effectively any and all powers they might ever desire. Yet instead, they sacrificed all of that in pursuit of a more free and just society, in many cases to their own detriment. In modern times I do not think there's any real comparable examples. Instead it's just endless power accumulation, tempered only by the oft liminal protest of the citizenry.
> In modern times I do not think there's any real comparable examples
There are real comparable examples, from South America and Africa, and America herself. You won't hear about them much, partly because they break important narratives and partly because often the US went to extraordinary lengths to smear, coup and/or murder those people.
> I actually believed Obama when he spoke about ending the NSA's mass surveillance on the American people
He did. Snowden's leaked documents showed that he has already ended mass email surveillance. He ended mass phone surveillance after the leaks. Do you have any evidence whatsoever that he didn't?
We were talking about mass surveillance. PRISM isn't that. They used to collect mass email metadata, using facilities like Room 641A. Snowden's leaks showed that they had already stopped. These days, it wouldn't even be technically possible, let alone legally possible, because pretty much all SMTP traffic is over TLS. Gmail won't even accept unencrypted SMTP connections.
> These days, it wouldn't even be technically possible, let alone legally possible, because pretty much all SMTP traffic is over TLS.
These days the government wouldn't need to decrypt email traffic going over the backbone. They'd march into the companies and ISPs who run the mail servers and monitor/collect everything from there directly, the same way they marched into AT&T and set up camp. The vast majority of the American's email can be obtained by controlling the servers of a very small number of corporations. We have Lavabit to thank for demonstrating that when the government comes knocking your only options are to comply or shut down (https://en.wikipedia.org/wiki/Lavabit)
There's no reason to think that there isn't a Room 641A at Google, Apple, MS, etc.
> They'd march into the companies and ISPs who run the mail servers and monitor/collect everything from there directly, the same way they marched into AT&T and set up camp.
This is illegal. If it were possible, they wouldn't have bothered with taps.
After the Church Committee, it is very difficult for the government to do illegal things and for it to remain a secret. That's why in all of Snowden's leaks, he revealed only a single extant illegal program, and its legality wasn't so clear that it couldn't be argued in court.
Beyond that, you ignored my previous argument. If they were already doing this, why bother to collect metadata from taps?
Oh this is such absolute misinformation. The reason court cases against the NSA spying (and other related issues) fail is because you need to prove standing which means you need to not only prove you were spied on but that it also 'materially' affected you. And in order to do so you generally need to have reasonable justification to engage in discovery - in order to get the data from the NSA themselves. At that point the NSA simply declares 'nah, national security or something', discovery becomes impossible, you can't prove anything, and the case is dismissed.
These programs all overtly violate, amongst other things, the 4th amendment, but the structure of our legal system makes it effectively impossible to legally challenge them.
> The reason court cases against the NSA spying (and other related issues) fail is because you need to prove standing. These programs all overtly violate, amongst other things, the 4th amendment.
This is pure ignorance. If it actually sucked up everybody's data, everybody would have standing. Snowden's leaks showed that they don't, that only the phone metadata program did.
What!?!? Yes PRISM is a mass surveillance program. And it's not metadata, it's piping entire content straight from the target to the NSA, in real time. This involves direct filtered data (such as Skype messages/videos) indirectly handed over by participating companies (which is probably all major tech companies in the US at this point), as well as raw upstream (essentially line tapping) data such as provided via STORMBREW. [1]
You're more than 11 years behind the news. Less than a week after Greenwald published his initial ridiculous description of PRISM, it was corrected by the people who actually built the systems at the tech companies. He stupidly thought that the DITU was a machine at the companies that could get any data, when anybody with half a clue could have told him that it's obviously https://en.wikipedia.org/wiki/Data_Intercept_Technology_Unit. The Wikipedia PRISM article's description is very clear and well-cited, and it includes Snowden's slides there to cross reference the description with. https://en.m.wikipedia.org/wiki/PRISM#The_program
The FBI tells the companies to forward the communications of specific targets to the FBI. PRISM is a data integration system that ingests that data from the FBI into NSA systems.
This is overt misinformation. PRISM works directly with the companies (well, "indirectly" to offer plausible deniability). The section you're linking to entirely quotes some random government organization which is obviously an unreliable source on such topics. As is the writing, as opposed to sources, on Wiki.
This [1] is one of the more telling leaks. It's a technical users guide for NSA employees on using realtime Skype surveillance for all modes including video and landline on arbitrary targets. [1] It even includes debugging guides like why an agent might be getting multiple copies of the same message, as happens when somebody being spied on boots up a new device and all of their messages are sent from Microsoft to them (and the NSA) simultaneously, resulting a copy of older messages (from the snooper's perspective).