myself being one of them.

But, yes, I am bothered that basically any "Joe/Jane" that can pass a security clearance can see into the daily lives of law-abiding Americans. As I stated in another thread about this some time ago, this action means Osama Bin Laden and terrorism have won.

If I remember, I think it was disclosed that the determination of the clearance level was contracted out. And it was also disclosed that the gov't no longer has the expertise or resources to do the evaluation. In a different age Snowden would have never been allowed in the building, much less into the position he held.

So now we are at a position where the core functions, most critical functions, are no longer under the direct control of those who are responsible. We have managed to achieve the mandarin's wet dream...separating authority from responsibility.

The only lever available to make sure the subcontractor is doing an effective job is the payments. And, like the NSA data gathering business, the contractor makes money whether they are effective or not. In fact, they make more if they are NOT effective. More hardware, more people, better wages for their people, better wages for the contractor's boss...

welcome to the Reagan smaller gov't model.

Spending tons of money, none accountable, fewer gov't workers, no responsibility that can be pinned on anyone, and no one who knows how to do the oversight cause the guy who could have was let go 15 years ago and replaced by a contract officer...

etc.

contractors are employees. The problem comes because no man can serve 2 masters. A contract employee's check is signed by the contractor. He owes no allegiance to the agency letting the contract.

A gov't worker carrying a badge saying he's a gov't worker takes an oath to support the constitution and the United States and that oath supercedes the man standing in front of him giving him assignments.

The problem came about over the last 30 years because the guy giving assignments didn't like the idea -- and since he controlled the fund allocation, he got rid of anyone who might question his authority.

A contractor will do what he's told -- no matter how dumb an idea it might be. Or legal. Just shoveling stuff in the furnace. Gets paid the same no matter what he shovels. Or who.

Want to talk about security forces?

Spying on financials selling stock market information

so much pain here at home and repercussions abroad? The Sequester..the Lack of Prosecution for the Banks and those who run them. People losing their homes because the Banks can't find the title because they sold it off ...diced and sliced to make profit over and over. On and On. Yet the 1% and Hedge Funds are flush with funds. No one paid a price except Bernie Madoff and the citizens in countries who were raped by the Financial Manipulations of the "Too Big to Fail Banks" and the politicians who Deregulated them.

A whole roster of companies have your data anyway, and employ all sorts of contractors.

For example, your ISP is Time Warner and you send an email, via gmail, to a friend who is a Verizon customer who reads it on their iPhone by accessing their hotmail account. You friend uses Apple's cloud to back up their phone. Aside from Time Warner, Google, Microsoft, Verizon and Apple, there is a roster of other companies involved in running the things that tie those networks together and run the physical infrastructure - all of whom can read that email, and with whom you have NO contractual relationship.

You are constantly placing your data in the hands of strangers on the Internet. It wouldn't work otherwise.

...and along with our discussion of government surveillance, people are becoming more aware of it.

But still, the government is a different entity from private corporations. The government has legal authorities that private corporations do not have (so far). The government can arrest you. They can come to your door armed and drag you off. Yes we have legal protections but those are eroding by the day. So I think it is appropriate to be more hair-on-fire over government surveillance.

OTOH we also need to have the discussion about how much data corporations have on us and who they can share it with. Again, sure they have privacy policies and we have to accept terms of service and all of that. But it is a very one-sided arrangement, where the citizen has to choose: do I use this very necessary or very useful service and give up my information, or do I refuse to participate in our increasingly technology-driven society and risk becoming a disconnected Luddite?

We need balance and right now it's all distressingly out of balance.

It goes well past that.

My ISP has a privacy policy. Even while that policy has more holes than Swiss cheese, once my data is transmitted from their network to a backbone provider and into someone else's network, those other entities are not bound by the policy between me and my ISP.

"or do I refuse to participate in our increasingly technology-driven society and risk becoming a disconnected Luddite?"

You left out another option, and that is being aware of how the technology works and taking responsibility for your own privacy.

Prior to the US postal system, for example, "mail" was handled the same way - through a network of private operators. Conscious of that very fact, the people who WROTE the 4th Amendment didn't rely on someone else to protect the security of their communications, but used all kinds of codes and ciphers to secure their communications themselves.

This is Thomas Jefferson's encryption device:



Thomas Jefferson didn't sit around pissing and moaning about people reading his communications. He encrypted them.

But seriously, of course that is an important aspect of privacy. But the thing is, many people really don't understand just how transparent their communications are and how much is stored, and how much is available to others.

For example, if I go to an online retail site and create an account with a password, usually the site doesn't tell you how they store that password. So even if you made sure you were on a secure page, ensuring the password was not shown unencrypted in transit, sometimes at the other end the business would store the password in the clear in their database, and that means it could be compromised by a hacker break-in, and that many of their employees have free access to your password. That is only one small example of things that may not be crystal clear to users.

For another example, many people don't understand how many places an email message lands before it reaches its destination, and every place it lands it is available for any sysadmin to read it at will. Now of course the vast majority of the emails are never read by sysadmins, they've got plenty of other things to do. Still, it's like sending postcards rather than letters in envelopes. This is where we have the most control, we can certainly encrypt our messages -- but that introduces another level of complexity to simple communications, and most of us are not prepared to deal with the issues that encryption brings. I have friends and relatives that, if I encrypted my emails, they would never bother with the hassle of installing the appropriate software, doing the key exchange, etc. And even if they did, if anything went wrong along the way, they'd give up the first time it didn't work, which would usually be the first time they tried it. I continue to hope that someone will figure out a way to make this a simpler process.

Also, as I pointed out, if one wants to participate in online banking, online bill paying, online shopping -- you are not in control of the level of encryption used, if any is used at all beyond one's password. You can certainly choose to opt out for that reason, but then you are opting out of a lot of useful and convenient activities that are enabled in this electronically connected world we have built.

This technology has taken hold so quickly and so broadly, we really haven't sorted it all out yet. Technologically savvy people understand many of the issues, but it takes time for the realities to sink in for the broader population. That's why I say we also need protections.

Is that the internet wasn't really designed to do the things that people started doing with it.

Until recently, I thought it was common knowledge that internet communications are, as you put it, secure as postcards. What seems to have happened is that people became so comfortable doing things that the internet wasn't set up to do, that they developed a set of invalid assumptions about how it works.

I can remember the first time I used a credit card to purchase something on the internet - which was LONG after people generally were doing such things - thinking, "This is really nuts".

...and this NSA spying story has brought some of these issues into focus, among its other effects.

can't jail you, however.

The question was "even if you are okay with the NSA" having your stuff, do you care about the private contractors having your stuff. The private contractors, unlike the government, can't jail you.

As has been noted at various points in those discussions which are actually "discussions" here, one of the things about the 4th Amendment is that, aside from instances where searches do damage to person or property (like the strip searches in Texas), the normal remedy for 4th Amendment violations is to bar the use of evidence obtained from them in criminal prosecutions. There is not normally any legal remedy for a search that (a) you don't know about and (b) doesn't result in anyone jailing you. Now, please understand, I'm not saying that makes it okay. But the background context to all of this is that the thing we really don't want is the USE of private data to jail people or otherwise screw with their lives. That's why we draw the line at prohibiting illegal searches in the first place. But we do not have a legal remedy for searches that don't result in "jailing people or otherwise screwing with their lives".

It's sort of like why we have laws that require people to wear seatbelts in cars. In the ordinary course of events, there is no harm from not wearing a seatbelt. You can get from point A to point B without wearing a seatbelt just fine. The only time it matters is if you are in a collision. So, what we could do is have a law that fines you only if you are (a) not wearing a seatbelt and (b) get into a collision. Because what we are after is to try to reduce the harm that results from those two things in combination. It really doesn't matter if someone is not wearing a seatbelt and doesn't get into a collision.

Now, with respect to "private parties" who have access to your stuff, consider two scenarios:

1. A cop decides to wander through the hallways of a private condominium apartment building. He enters without a warrant, goes down the hall, and puts his ear against the wall. He hears someone beating his wife, busts in, and arrests the guy. The arrest will be thrown out, because his "probable cause" to bust in was the result of an illegal entry and search.

2. You live in a private condominium apartment building. One night, you hear a strange noise. You put your ear against the wall and hear your neighbor beating his wife. You call the police, they arrive, bust in, and arrest the guy.

Scenario 1 involved an illegal entry and search. Scenario 2 didn't.

Or, better:

1. A cop breaks into your apartment, finds a pot plant growing. He waits outside for you to come home, follows you in and arrests you. Clearly illegal.

2. Your landlord comes to your apartment to check out a water leak. While inside, he sees a pot plant. He calls the police, they wait until you arrive, and arrest you. Legal.

The difference between 1 and 2 is that there are a lot of things that private individuals can do and then tip off the police, giving the police probable cause.

The tricky question is this one:

3. A cop breaks into your apartment, finds a pot plant growing. He then goes to your landlord and says, "Hey, I think one of your tenants might be dealing dope, have you seen anything going on in apartment X?" Your landlord then, perfectly lawfully, enters your apartment as he is allowed to do under your lease, sees the pot plant, and then reports it to the police. The police, acting on that "tip" then bust you.

What happens as a practical result in terms of anything that anyone will admit, is that scenario 3, which involved an illegal search, ends up looking exactly like scenario 2, because there is no evidence of the initial illegal entry and search which precipitated the "hunch" that led to the suggestion for the landlord to generate the tip.

Now, clearly, the NSA is not going to risk getting involved with LE's for low level law enforcement, but I've always wondered about the process by which targets are selected for the "set up" operations where they find people who are willing to participate and engage in what they think is a terrorist operation. "Entrapment" involves a target who does not otherwise possess the requisite propensity to engage in the offense - i.e. if they had to cajole and convince you to do whatever it is. But there has been remarkable luck in finding people who have the underlying propensity in these types of sting operations.

But, getting back to the point, any private operator with access to your "stuff" can tip off law enforcement to things that law enforcement would not be able to lawfully obtain on their own. So, that's why these arrangements with telcos, ISP's and so on, have become fairly cozy.

"even if you are okay with the NSA" having your stuff, do you care about the private contractors having your stuff. The private contractors, unlike the government, can't jail you"

Being hand in glove with them is pretty much the same thing. I've been in the IT industry for over 20 years, and fully understand AT&T's position and ISP's positions. It is NOT THE SAME AT ALL as with a firm like Booz-Hamilton, or the various other IT security contractors. AT ALL. Anyone pushing that line of bull is pushing exactly that - a line of bull.

http://en.wikipedia.org/wiki/Room_641A

The private security contractors are getting the products of those cozy relationships.

But thank you for your considered response to something that took me a while to write, and which was not handed to me by someone to "push".

No. I did not. I just said that the relationships were very different, and they are. Hint: One requires security clearance to work for, the other one doesn't.

kinds of info. Very few leaks of information then because employees would lose their jobs and much more if they violated their security and good faith and trust oaths. Even one's family could be negatively affected. Contractors don't care and have little to risk...as current events prove. We have contracted out our military, intelligence (by contracting this out it is no longer "intelligence.&quot and in many ways, including secure jobs, patriotic, honest Federal workers, our social safety network, and financial oversight and by most standards even our Congress. This is exactly what the RW and some Dems wanted. Now they have it and they can't live with it.

There have always been security contractors like the Rand Corporation, etc.

In terms of your confidential information, however, the internet inherently requires your data to pass through the hands of a variety of strangers with whom you have zero contractual relationship, and who owe you no favors.

Yes, there have always been security contractors. But those contractors were responsible for delivering a vehicle (at least in communication terms) and were not involved in the content of what was being transported.

It's much like a truck produced to a gov't specification. The contractor supplies a truck, hands over the keys, and then where the truck goes and what it carries is outside his contract.

To equate what is going on to the internet and imply that there is no reasonable expectation of privacy is a false equivalency. When I send an email to my buddy across town the email is seen by my server and passed to his server. A guy with a sniffer along the way has to pick the right spot and be watching when that email flies by. If it takes a route he doesn't monitor, he'll never see it.

In the case of the nsa -- they see it all. They also see text messages. Voice messages. etc. And they store them all. Their sandbox is the whole sandbox -- except for some dedicated microwave links inside companies. (I hope)

And in the case of these contractors? They get to sit in the sandbox. They drive and load/unload the truck. Our gov't handed them the keys along with an openended credit card and said make us safe. (As if) And then told some COR with a business degree to make sure they didn't do anything wrong...oh, and the contractor gets to decide what's right or wrong.

BTW, I had a much better reply, probably would have been enshrined in the intertube hall of fame...but alas...lost...

In between you and your buddy are (a) your ISP, (b) the server of your email provider, (c) any number of intermediate network operators, (d) the server of his email provider, and (e) his ISP.

Please send your personal e-mail and password to me; I'm quite trustworthy.....

Might as Well...

You're not good enough to work for me.

It is more important whether you have a D or an R by your name. Politics has become a sporting event. The media has become the scorekeeper and the only thing that matters is who wins and who loses...

That's the scary part.

The Bush family can access all of your private electronic communication via their contractor corporation.

....is there any way that this surveillance was helping Karl Rove on election nights? We know he had a "war room" going with computers and stuff, and we know that weird things happened to vote counts in various precincts.

A quiet, little-known Anonymous missive discusses their having watched Rove and tracked his computers which were attached to the digital voting machines in certain states...which all shut down momentarily, presumably to upload Rove's data at that time. Anonymous claim to have blocked this procedure, resulting in Rove losing it on Fox news when the presumably expected results did not occur.