Re: PRISM: NSA/FBI Internet data mining project

[Owen DeLong <owen () delong com>]

Dan,

While the government has no responsibility to protect my data, they do have a responsibility to respect my privacy. 
While you are correct in that proper personal security procedures to protect my data from random crackers would, in 
fact, also protect it from the government, that's a far cry from what is at issue here.

The question here is whether or not it should be considered legitimate for the US Government to completely ignore the 
fourth and fifth amendments to the constitution and build out unprecedented surveillance capabilities capturing vast 
amounts of data without direct probable cause for that snooping.

I'm not so much concerned about them gaining access to data I don't want them to access. I am far more disturbed by the 
trend which reflects a government which increasingly considers itself unrestrained by the laws it is in place to 
support and implement.

Owen

On Jun 7, 2013, at 8:42 AM, Dan White <dwhite () olp net> wrote:

> On 06/07/13 11:11 -0400, Rob McEwen wrote:
> > On 6/7/2013 9:50 AM, Dan White wrote:
> > > OpenPGP and other end-to-end protocols protect against all nefarious
> > > actors, including state entities. I'll admit my first reaction yesterday
> > > after hearing this news was - so what? Network security by its nature
> > > presumes that an insecure channel is going to be attacked and
> > > compromised.  The 4th Amendment is a layer-8 solution to a problem that
> > > is better solved lower in the stack.
> >
> > That is JUST like saying...
> >
> > || now that the police can freely bust your door down and raid your
> > house in a "fishing expedition", without a search warrant, without court
> > order, and  without "probable cause"... the solution is for you to get a
> > stronger metal door and hide all your stuff better.||
>
> Hiding stuff better is generally good security practice, particularly in
> the absence of a search warrant. How effective those practices are is
> really what's important.
>
> From a data standpoint, those security procedures can be highly
> effective, even against law enforcement. But it's not law enforcement that
> I worry about the most (understandably, you may have a differing opinion);
> It's the random anonymous cracker who isn't beholden to any international
> laws or courts. I design my personal security procedures for him.
>
> That's why I don't, say, send passwords in emails. I don't trust state
> entities to protect the transmission of that data. I don't wish to place
> that burden on them.
>
> > You're basically saying that it is OK for governments to defy their
> > constitutions and trample over EVERYONE's rights, and that is OK since a
> > TINY PERCENTAGE of experts will have exotic means to evade such
> > trampling. But to hell with everyone else. They'll just have to become
> > good little subjects to the State.  If grandma can't do PGP, then she
> > deserves it, right?
>
> I believe it's your responsibility to protect your own data, not the
> government's, and certainly not Facebook's.
>
> > Yet... many people DIED to initiate/preserve/codify such human rights...
> > but I guess others just give them away freely. What a shame. Ironically,
> > many who think this is no big deal have themselves benefited immensely
> > from centuries of freedom and prosperity that resulted from "rule of
> > law" and the U.S. Constitution/Bill of Rights.
>
> Freedom is very important to me, as well as the laws that are in place to
> protect them.
>
> -- 
> Dan White