Back to: Cameron v Churchill | Forward to: Not a Manifesto

Parallel Reconstruction and the new Stasi

Retired NSA director William Binney explains what the Snowden leaks really mean. This is an indispensable read if you're trying to understand the shape of the flypaper we're collectively stuck to. It's quite long, and it's a transcript of a lecture (with slides), but it's well worth persisting. In particular, do not give up before you get to the explanation of the term "parallel reconstruction" and see what certain agencies are using it for. I don't want to sound alarmist, but? Be alarmed, be very, very alarmed.



The repeal of the HRA is contrary to EU law, the Court would strike this down. GB should get rid of this government and this PM, asap.


Remember Cameron wants to renegotiate terms of UK's membership of EU framework, and will campaign for a referendum to get the UK out of the EU if he doesn't get it?

If the EC struck down UK's attempt to repeal HRA, that'd be exactly what the europhobic loons want. BRExit would then probably run on rails (right up until the inevitable train smash.)


Wasn't this 'parallel construction' described (if not named) when it was explained exactly how the NSA guys used the backdoored elliptic curve algorithm without mentioning that they have the backdoor?


The parallel reconstruction sounds excatly like what was being reported a while back when the NSA was sharing data with the FBI and DEA. Because that surveillance data was illegal, the investigating officers had to acquire the evidence for the courts by other means. I recall a lawyer being aghast that this was happening and how difficult it was to do anything about it. It is the moidern equivalent of having informants to guide an investigation.

So what is the solution? Haven't we already unbottled the genie? If we asume privacy is essentially dead, are we left with the only protection being model, compliant citizens, not doing anything that might attract teh state's attention in regards to some perceivable "wrongdoing"?


Joyous. It means we have NSA domestic surveillance. And they used it to prosecute drug crimes and then lied about it in court. Systematically. So, fuck. We have multiple cases, probably some prominent ones, that all came from illegally obtained evidence. And we have an agency that's wandered off the reservation.


"Parallel reconstruction" was first disclosed (in this context) when someone leaked a manual for the DEA surveillance-laundering groups which explained how to do it.

This news broke at about the same time as it became widely known that NSA had rigged the EC-DSA algorithm, but neither piece of malfeasance has a whole lot to do with the other, besides the same organziations being involved.


Just because the Stasi would have loved a particular technology, doesn't automatically make its implementation a "Stasi wet dream".

After all, the Stasi had a system where between 2% and 10% of all adults had at some point been informants. That, for me, is the real terror - thoughtcrime, not actual crime.

I've lived in a country where we were bugged (according to Dad, stereo in the bedroom and quadraphonic in the bathroom), and our car followed - in Eastern Europe in the 1970s. Apparently as an eight-year-old, I could play spot the tail quite well... we aren't there by a long way.

A far bigger scare for me comes from the SNP's insistence that the principle of corroboration be removed from Scots criminal law.


The problem being that it isn't so far until we are like that; indeed it appears that you could run the NSA exactly like the STasi and nobody would notice, after all who listens to agitators and protestors complaining about being bugged etc. The point about these systems and methods are that they make obvious stuff like tailing cars obsolete, and unlike a tail, you've got no chance of knowing that they are following you, whether or not you deserve it.


Do you mean DualEC_DRBG?

I thought that no one knew whether EC-DSA was rigged.


"Just because the Stasi would have loved a particular technology, doesn't automatically make its implementation a "Stasi wet dream"."

Pretty much, it does.

"After all, the Stasi had a system where between 2% and 10% of all adults had at some point been informants. That, for me, is the real terror - thoughtcrime, not actual crime."

Please note that the sweet thing from these guys' viewpoint is that they **do not need all of that manpower***.


It's nothing new. The FBI was doing the same thing in the 1980s with illegal phone taps and sharing information with local PDs and prosecutors. Of course they wouldn't even consider such a thing nowadays... when they can get better and deniable sigint from the NSA.

People who advocate the panopticon society forget every panopticon has a focal point, and it's not likely to be them, or anyone they like.


What I get from this interview is that Binney's more ticked off about the suppliers/contractors not earning their billions than the fact that there's wholesale domestic, illegal spying going on. He's got a point there ... the DEA could just sign up with all of the commercial web site monitoring services, get them to boil down most of the info, plus get a better cross-sectional comparison of their targeted key words tracked and cross-referenced for a whole lot less.

I mention the comparison because one never knows when somebody's tweet, blog, video goes viral and then .. poof ... there go your numbers!


Considering this has been the subject of episodes of the American lawyer drama, The Good Wife, I think we can safely say the stasi-fication of the US has become mainstream.


Errrrmmmm... right: it's DualEC_DBRG that's bugged. (And also, the term used in the memo I quoted is "parallel construction", not "reconstruction". So it goes.)


Errrmmm... right; it's DualEC_DBRG that's bugged, not EC-DSA. (And the term actually used in the memo I cited isn't "parallel reconstruction"; it lacks the "re". Though cutting off that "re" seems to get you to a word that's on the blog's spam blacklist...)


Monsieur l'Eminence, Cardinal Richelieu knew that we don't have to have 'something to hide': everyone's got something to find.

Start with the statement: "If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged", and consider applying it to people we "know" are villains... What of it?

Well, if another whistleblower and a civil rights lawyer can get a case together on a 'parallel reconstruction' conviction, the outcomes are:

1: They lose the case.

2: Nothing happens: evidence inadmissible and there's no case, or no court will hear it, or the witness and the legal team are forced to withdraw (by financial exhaustion, or by legal threats, or by arrest, or by foul play up to and including secret trials or a trawl of all their documents and recorded utterences discovering a viable prosecution on a real criminal offence... ) And any of that could happen so early in the process that it never gets started.

3: They win the case, and nothing happens. Or retrospective legislation makes the problem go away. And nobody cares, and it's a non-event in mainstream media and politics.

Any of those outcomes is a marker for a society that is a real 'Police State'. That is to say: no legal or political constraints apply to the security services and they - not the courts or elected officials - are the highest power in the land.


It's interesting, because this leads into the debate on how security and intelligence are structured by the state. The Stasi was police, security service, party loyalty, signals intelligence, and foreign intelligence service combined - no dividing lines, and that's what made it dangerous. Combining some or all of these various roles is common in smaller countries, as far as I can see.

In the USA, the FBI holds both "serious crime police" and "counter-intelligence" role. Homeland Security operates as both "domestic intelligence" and "state security". Both have powers of arrest and detention. Having said that, in 2002 or so the Economist produced a wiring diagram of some 40-odd US intelligence agencies, identifying the fragmentation and inefficiency of the system; apparently, you're not a real department unless you have your own intelligence and SWAT organisations :(

In the UK, the counter-intelligence role is a small and completely separate organisation from the police, and separate again from the foreign intelligence and signals intelligence services. The fact that the various UK intelligence services do not have powers of arrest, is reassuring. The fact that UK domestic counter-intelligence is sufficiently small that they can't even track the terrorists that they know about (see: London bombers being noticed but low-priority), makes me think that they haven't got time to go building a police state.

For me, while the surveillance powers are scary if abused, that type of traffic analysis is necessary for (say) the FSA to be able to prove collusion in the City between traders trying to rig the market; without it, no prosecution would be possible. So it isn't the mechanism, it's the scale - and while Richelieu was talking about thoughtcrime, in reality we're looking for ways to combat theft, fraud, corruption.

My suggestion is to separate the roles involved, and only allow the information to flow at higher, not lower, levels. This is why Chelsea Manning was able to do what she did - the whole system was open to all. If you give people that level of access, some will abuse it.

It's a recurring meme in US fiction - "I've got a firend in the police / FBI who can look person X up on the system". The nearest in the UK is the Police National Computer, and that is all access-logged (with prosecutions for misuse). Even then, the various Constabularies, even the various departments within each Constabulary, can't access each other's data; having seen the internal hoops required to walk a Firearms Certificate application through the system, it is in no way joined-up to the level of "Police State".

So: I'm less concerned for the UK than the USA. As I've pointed out before, we had the "Stasi wet dream" in the UK, in Northern Ireland during the Troubles - look up VENGEFUL, or read Mark Urban's "Big Boys' Rules" and "UK Eyes Alpha". But we dismantled it voluntarily, because it was so damn expensive...


Martin @ #7 A far bigger scare for me comes from the SNP's insistence that the principle of corroboration be removed from Scots criminal law. Yes, nasty little collection of snoopers, aren't they? Learnt it from Calvin, too .... Tend to agree with you @ #17, though maybe you are a little optimistic.

However, there is a defence against all of this ( perhaps ) And that is David Brin's "Sousvellance Society".




In the UK, the counter-intelligence role is a small and completely separate organisation from the police, and separate again from the foreign intelligence and signals intelligence services. The fact that the various UK intelligence services do not have powers of arrest, is reassuring. The fact that UK domestic counter-intelligence is sufficiently small that they can't even track the terrorists that they know about (see: London bombers being noticed but low-priority), makes me think that they haven't got time to go building a police state.

Disagree. One thing to note is that the US system -- with all those agencies -- is hypertrophied and balkanized; it's like the way the EU spends 60% as much on the military as the USA, but gets far worse value for money, largely because it's supporting about 30 defense ministries and procurement bureaucracies (fixed back-office overheads which need to exist and be of a minimum size before you can have a modern military at all). A lot of those organizations are duplicating one another's work (as witness them all having their own intel and SWAT subsidiaries).

Meanwhile, the UK does have secret police units doing counter-subversion and counter-intelligence work. If you're not directly involved in protest in the UK you probably missed the existence of Police Forward Intelligence Teams -- which are arguably a misnomer: they're not just conducting intelligence (in advance of any criminal activities, as well) but in some cases actively disrupting activists and intimidating dissidents. FITs are visible and uniformed; on the non-uniformed side you have undercover police spies infiltrating any group the Police consider to be subversive -- including actively discrediting peaceful climate and animal rights activists. (Remember the McLibel case? Turns out the offending pamphlet was drafted by police spy Bob Lambert. Again, the Animal Liberation Front activists jailed for firebombing department stores are mounting an appeal due to the involvement of undercover police in the bombings.)

The British establishment has alternative mechanisms for dealing with subversives: see the odious history of the Economic League (still exists today as the Consulting Association); outsourced private-sector anti-communist/anti-unionist blacklist databases. On a similar basis, ACPO (incorporated as a Limited Company specifically to render it immune from Freedom of Information Act constraints) has a long history of running intelligence and counter-subversion operations on behalf of the Home Office (even though it's officially just a talking shop for senior police officers).

TL:DR; the UK operates a bottom-up police state. There aren't any big overarching Stasi-like bureaucracies, or melting-stovepipe mazes of TLAs, but a curious mixture of shadowy private companies running blacklists, and FITs targeting activists, keep the lid down and deter many people from getting involved in overt dissent: and the system can be ramped up rapidly in event of large-scale trouble (as happened in NI during the troubles), with a lot of very scary infrastructure permanently lurking in the background in London (the #1 terrorism target and home not only of government and banking but of a lot of poor, disenfranchised 1st/2nd generation immigrants).


Planet Earth calling: Swinney's attempt to get corroboration ditched got kicked into the long grass. He'll probably try again, but it's not his most popular policy.

Meanwhile, there's no requirement for corroboration in England. Indeed as I understand it the whole SNP idea of ditching it in order to make prosecutions easier was an attempt to copy the way English law works.

Anecdote: homosexual acts between consenting adults remained illegal in Scotland until 1981, despite being (under tight limits) decriminalized in England/Wales in 1968. However the conviction rate in Scotland in 1980 was vastly power than it was in England, where the charge was "gross public indecency". Reason: an English policeman's witness statement was sufficient to convict, and the terms of legalization stipulated that it was only legal for two adult men aged over 21 in private, which in some cases was interpreted by police and courts as meaning "in the bedroom, with drawn curtains, of a house owned outright by one of the participants, with nobody else in the building". (A legal travesty, basically.) "Gross public indecency" could therefore apply if a cop witnessed an act taking place otherwise "in private", because: third person present.

The reason the conviction rate was lower in Scotland was because of the corroboration requirement, otherwise jokingly known (in the gay community) as "the two cops under the bed law". Corroboration required either evidence in support of a witness statement, or two witness statements, before an act could be recognized.

Why is the corroboration requirement bad? Well, consider CCTV evidence, for example. It's a single piece of evidence. If a shoplifter is caught on CCTV stealing an item but escapes without apprehension, there's no corroborative evidence (although if a store detective grabs them then (a) you've got a witness statement, and (b) the CCTV footage is corroboration). Again: speed cameras -- where's the corroboration?

Corroboration as a requirement rests on the fragility of human memory and the cupidity of potential false witnesses. It's actually an obstacle to some cases where there may be compelling forensic or recording-based evidence. Hence Swinney's desire to cut a procedural Gordian knot.


Corroboration as a requirement rests on the fragility of human memory and the cupidity of potential false witnesses. It's actually an obstacle to some cases where there may be compelling forensic or recording-based evidence. I'm not too concerned about corroberation in a case of video-based evidence (well except in the case where the aledgedly stolen goods can't be seen in the aledged thief's posession), but DNA testing can throw false positives.


DNA testing doesn't so much throw false positives as it only gives a statistical probability of a match; and alas, many barristers and judges appear to have no training in statistics whatsoever beyond what they picked up in 'O' level mathematics 30 years ago. (Study in mathematics beyond age 16 is not a requirement for a law degree in the UK, as far as I know.)


There were several distinct O-level maths syllabuses back then—no magic National Curriculum—and sod-all statistics in any of them. It's still hidden away, but, with any luck, some of them might have played Dungeons & Dragons

No, I doubt they had the time.


Yeah, the US has always had a sort of uncomfortable attitude about intelligence agencies. We ended up with so many overlapping ones because we didn't want any one organization to have too much power. So we have these 17 different agencies:

Plus other groups that have law enforcement and investigatory roles like local police, Federal Marshals, Secret Service, the SEC, Postal Inspection Service....


Well, the guys I know who describe DNA testing as "delivering false positives" are a mixture of degree to PhD qualified in biology and/or mathematics.


In Scotland, Statistics wasn't "hidden" for the most part, but at certificate level it was a separate subject as well as Arithmetic and Mathematics.


If anyone wants to take one of the ol' chill pills, here's a notion: According to Weiner's history of the FBI (Enemies), Good ol' J. Edgar Hoover was using the pre-computer equivalent of parallel construction back in the 1930s against anarchists, just as he was in the 1940s against the OSS/CIA, in the 1950s-70s against the dirty commies, non-whites, and dirty ol' hippies. It only ended when he died and the whole sorry mess he created came crashing down after him. And the post-Hoover era of sort of relative sanity (when the FBI was known as the "Feebs") came to an end in 2001.

J. Edgar had a huge program of illegal wiretaps. When he got something actionable, he'd pass it along to the legal side of the FBI, so that they could act on it, find corroborating evidence, and take it to court. When he couldn't legally use the evidence gathered, sometimes he illegally used it for blackmail and such. This was, of course, in that mythical glory time of the current right-wing, the late 1940s and 1950s, when everything was just and right and the world, and no right wing heroes blackmailed congressmen, passed intelligence on to Sen. McCarthy, or anything underhanded like that. Of course not.

So am I worried by the US government spying on everyone on the planet? Yes, but only because they've never proved very adept at it. I'm quite sure that the #1 use for all the information the NSA is gathering is finding dirt on lawmakers and regulators to make sure that they aren't put out of business, following the old J. Edgar model. Other uses are strictly secondary. Still, inept bureaucracies can cause a lot more damage than competent ones can, and I doubt that empowering careerists and subcontractors with a bunch of hacker-tools will anyone's life easier.

The other problem, as many have noted, is that the basic net-hacking technology is being sold all over the world. As far as intellectual hazardous waste goes, this is up there with paramilitary training in improvised explosives and urban warfare, and it causes about as much trouble when it gets out to the gangs and script-bunnies. It might even end up breaking the internet, if it gets bad enough, and that would be too bad.


You can certainly get false positives in many of the classic ways - unexpected contamination somewhere along the line. And with PCR in the loop a tiny bit of extraneous human DNA anywhere is going to show as a nice strong signal by the end.

That is, you'll DNA ladders that seem to match strongly when they shouldn't, simply because there's the same contaminant in both the sample from the crime scene (or similar) and the sample taken from the suspect. There was a real case in Europe somewhere in the mid-Noughties. Although it's fictional, one of the CSI-franchise did a show that pretty accurately depicted the story too. I think the CSI story had someone contaminating their swabs, the actual case had someone contaminating the eppendorfs but the basic processes were right (my memory is kinda hazy but I remember reading it at the time).

After that, the science says there's an 1 in x chance that you match this by chance. How that's presented in court as a "so it must be them, ladies and gentlemen of the jury" is not necessarily a matter of science, it's rhetoric.


Yup, good catch, thanks. Looks like I got the fact and fiction the wrong way round.


It was one of those stories that sticks in your mind. (Along with chimeras and similar things that show us that face value is not always the whole story.)

and more recently this:

There's nowt so queer as folk!


Nothing NEW under the sun?

I first encountered the fact the the FBI might just possibly not be the shining model of excellence as it was portrayed in “ The Untouchables “ on TV in the TV of my childhood in the UK.

( Come on Now...wouldn't you like the title... “MAD DOG ..." and to be portrayed as wielding a Tommy gun? )

When, a little latter, than that TV series, I came upon the F.B.I. as it was described in...

“Fred James Cook (March 8, 1911 – April 4, 2003) was an American investigative journalist whose prime years of reporting spanned from the 1950s to the late 1970s. His 1964 exposé, The FBI Nobody Knows, was central to the plot of one of Rex Stout's most popular Nero Wolfe novels, The Doorbell Rang (1965). “

“The FBI and the Doorbell Rang Researching his book Dangerous Dossiers: Exposing the Secret War Against America's Greatest Authors (1988), journalist Herbert Merging discovered that Stout had been under FBI surveillance since the beginning of his writing career. Most of the heavily censored pages he was allowed to obtain from Stout's FBI dossier concerned The Doorbell Rang: About one hundred pages in Stout's file are devoted to the novel, the FBI's panicky response to it and the attempt to retaliate against the author for writing it. The FBI's internal memorandum for its special agents told them that "the bureau desires to contribute in no manner to the sales of this book by helping to make it the topic of publicity." Orders came from headquarters in Washington that any questions concerning the book should be forwarded to the Crime Records Division, thereby putting book and author in a criminal category. An internal memorandum by Special Agent M.A. Jones (name surprisingly not censored) summarized the novel and went on to write a critique for the FBI's top command — a rare "literary" honor accorded to few books in its files ... Following the review came a series of recommendations — first, Stout was designated as a person "not to be contacted" without prior approval by FBI headquarters in Washington ...[17] In April 1976, the Church Committee found that The Doorbell Rang is a reason Rex Stout's name was placed on the FBI's "not to contact list," which it cited as evidence of the FBI's political abuse of intelligence information.[18] “

It’s well worth looking for that novel and I’d be bloody amazed if O.G.H. hadn’t read it long ago ..Though come to think of it he might not have encountered the TV series ...

A Nero Wolfe Mystery - Series 1 - 3-DVD Box Set ( A Nero Wolfe Mystery - Series One ) ( The Golden Spiders / The Doorbell Rang (The Door bell Rang) / Champagne for One (Champagne for 1) ) Timothy Hutton (Actor, Director, Host), Maury Chaykin (Actor, Host), Bill Duke (Director, Host) Rated: Suitable for 15 years and over Format: DVD

Price: £11.98 & FREE Delivery in the UK.

Ever so inexpensive for my favourite fictional detective series.

Sorry for the Large South American River Co link but ... in haste whilst waiting to be collected by vile Motor Car that I Deeply Green disapprove of... err, except whilst the same avoids wear and tear on my diseased and arthritic joints.


With all forensic labs the weak link is chain of custody. In the 1980s I was working with a university lecturer to interest the lab I worked in to move into sports drug testing. One of the requirements was a secure chain of custody for samples. I contacted the then police forensic lab at Wetherby asked what tamper - proof containers they used and ordered some samples from their supplier. I then sealed some of the containers passed them to other lab staff and asked them to open the containers, remove the contents and reseal them. Everbody succeeded in doing this. My confidence in the integrity of police evidence took a nosedive.


Isn't it interesting how the Sciences Refer to, and quote from, the Arts?

" "It is by my order and for the good of the state that the bearer has done what has been done."

Cardinal Richelieu, in The Three Musketeers by Alexandre Dumas "

A quick look for the exact phrasing of a particularly favourite quotation - I could have used a card like that once upon a time when I was a Public Servant in the U.K. - gave me this ...

" Short abstract

Recent advances in biology and medicine, from the sequence of the human genome to the cloning of mammals have made many lay people profoundly uneasy about the future of humanity.

"It is by my order and for the good of the state that the bearer has done what has been done."

Cardinal Richelieu, in The Three Musketeers by Alexandre Dumas

In the largely liberal circles in which I, and most other academic scientists, travel there is a perception that the present US government is slowly eroding - or at any rate would like to erode if it thought it could get away with it - many of our basic civil liberties. There is also the concern that, eventually, in the name of 'national security' or 'the war on terrorism', 'they' will be allowed to get away with it, because the public is afraid. Regardless of one's politics, we can probably all agree that people are more fearful than they were, say, ten years ago, but I don't think it's just terrorism that the public is afraid of. Another big component of this swelling fear is the rapidly accelerating pace of scientific and technological progress.

The unknown usually provokes anxiety, and the closer the unknown comes to touching us directly the greater the anxiety becomes. Recent advances in biology and medicine, from the sequence of the human genome to the cloning of mammals to the engineering of bacteria and viruses for biowarfare as well as for therapeutic purposes, have made many lay people profoundly uneasy about the future of humanity. In this climate of unease, the public seems willing to accept restrictions on many things, including science. President Bush's decision to limit the supply of stem cells available for medical research was one such restriction.

In an attempt to forestall more of them, on 9 October 2003 a panel convened by the National Research Council (NRC), a component of the US National Academy of Sciences, recommended voluntary prior review, at both the university and federal levels, of experiments in seven areas of genetics, biochemistry and microbiology. These areas were chosen because they represent types of research that could conceivably provide terrorists or hostile nations with information or material useful for the creation of biological weapons."


And did I mention that at the moment I am suffering from a particularly bad attack of Pneumonic Plague?

" .. These areas were chosen because they represent types of research that could conceivably provide terrorists or hostile nations with information or material useful for the creation of biological weapons." Hamm make you think doesn’t it?


There is even a Wikipedia article on that one:

Strange thing is, one of the murders is now liked to the Neo-Nazi NSU; even if you look just at the number of crimes and the fact nobody suspected a right terror group, it's clear that one is something of a Worst Case Scenario. And now imagine that some of the guys who supported them with money and weapons were on the pay of our internal intelligence agency as informants. And now imagine one of the politicians tasked with investigating was caught with child porn. And now...

Mind you, it's one of the things the "usual suspects" are having fun with for years...


That's just a STAGGERING amount of data. I don't know if I'm more paranoid about carrying a phone as a lifeline or not as a tracking device.


That's your safety escape, actually. The probability of getting a true "hit" is so small, because of false positive & false neagatives & surveilling everyone simply swamps the data you want (real terrrists) in all the other data. And, it is now becoming known that these trends exist, so any attempt to frame up a conviction is going to be that much harder. The disgraceful case of Sally Clark has troubled & alreted people to this sort of thing.

OTOH, it is said that "US security" (unspecified, but probaly the NSA/CIA ) are deperate to get their hands on quantum-computing kit as soon as it becomes available.


something bothers me alot: - post about scotland not to be independant 333 comments - post about world wide new stasi : 37 comments It looks like nobody cares about the end of democraty and everybody is stuck with 20th century nation-state... We are mostly intersted in our small backgrounds and don't care at all about world changing for the worse. And the comments come from peaople who read science-fiction, are aware of Orwellian distopy, have heard or read abaout thousands of end of the world. My neighbours who don't read at all, mostly watch TV for information will not believe any of this and one day will wake up in a tyranny without noticing any change. And probably my children will learn to shout "Hail Hydra!" in school...


$act must be proven to have been done by $defendant beyond reasonable doubt. I'd suggest that otherwise uncorroberated totally statistical evidence must deliver P(someone else) < 1 / 7E9 to meet that test.


Or maybe, just maybe, I have less difficulty getting my head around something that I've been thinking about for 40some years than something I saw for the first time 24 hours ago?


Oh I agree. But, you're smart and a critical thinker applying calm, sensible logic to the situation sitting at home and thinking about it.

There are people that think the Daily Mail publishes factual news, and believe what they hear on Fox News if they're on that side of the pond. If they have a good lawyer telling them what's going on based on (wrong) DNA evidence and a suspect that matches their prejudices... are you so sure justice will actually be done?


I think partly it's a tone thing. The Scotland thing was very much a "please speculate" piece, from it's title onwards... This is a "here's a technical document."

I don't quite know what to make of the document. The overview of it... I'm not surprised. I wasn't particularly surprised broadly, before Snowdon, although some of the details like spying on Merkel's phone did surprise me - you're not meant to do that to allied leaders. The technical nitty-gritty, frankly I was bored. I understand for many people it's fascinating but it's just not my cup of tea. They can tell where I am, what I'm doing online and what I say on my phone. OK. I knew and or assumed that.

They shouldn't be allowed to - yes, for sure, but they had the capacity to. They were doing it anyway and they weren't and aren't being properly controlled and supervised. I should be outraged - but I've expressed that before. And honestly although I'm not happy about it, I also took from the document that the NSA is kind of overwhelmed with the sheer volume of data they collect, to the extent they're not as effective as they ought to be with it. Protection by anonymity.

The US government needs to get its act together. It needs to sort out how it regulates the NSA and its activities. You never know, it might even mean it does its job more effectively rather than running around as a data-collector's wet-dream and collecting so much it can't actually find the relevant data. I'm sure they're quaking in their boots that a stroppy British liberal writes such things...


From Rick Perlstein's The Invisible Bridge, a passage about the 1975 Church Committee and Pike Committee hearings on activities of the CIA and other intelligence agencies:

"[Rep.] Bella Abzug of New York… publicized two government surveillance projects, code-named “SHAMROCK” and “MINARET,” run by... [the NSA, which had]… been monitoring both the phone calls and the telegrams of American citizens for decades… private-sector executives responsible for going along with the programs… admitted their companies had voluntarily been turning over records and cables to the government at the end of every single day for more than forty years. The NSA said the programs had been discontinued. Abzug claimed they still survived, but under different names.

Sen. [Frank] Church… called the NSA’s director to testify before Congress for the first time in history. Appearing in uniform, Lieutenant General Lew Allen Jr. obediently disclosed that his agency’s spying on Americans was far vaster than what had even been revealed… He admitted that it was, technically, illegal, and had been carried out without specific approval from any president. But he declined to explain how it worked. He added that thanks to such surveillance, 'We are aware that a major terrorist attack in the United States was prevented.'...”

"More than forty years" above takes it back to pre-1935... and almost certainly to J. Edgar Hoover.


Greg the Sally Clark case was just the tip of the iceberg. You don't read about similar ands worse cases because the family courts can and do ban the parents of children who have been taken into care from talking to the press. Flouting these orders can lead to a prison sentence. There is no freedom in these cases and innocent parents have their lives and reputations ruined with no possible comeback.


Para 1 - Thank you. That's the nicest thing anyone's said to, or about, me all week.

Para 2 - Agreed totally about the Daily Heil, and about Faux News (which term I first heard from a USian conservative).


"The probability of getting a true "hit" is so small, because of false positive & false neagatives & surveilling everyone simply swamps the data you want (real terrrists) in all the other data."

For political repression, who cares?

If you ID a target, and dredge up some data, that's good enough.

If you ID 10 false political targets for every real one, that's likely to be acceptable.


Only too aware of the "family courts" secret fiascos. About the only good thing Christopher Booker does [ The rest of the time he's an anti-Global Warming conspiracy nut ] is highlight these. Slowly, very slowly , people are beginning to realise the enormity of this, coupled with the general annoynace at "gagging orders" which are now, gradually being ruled illegal. My opinion is that it will take time, but the end of this particular injustice will come. I note that the current "Private Eye" refers, openly toa "Trumped-up prosecution" of a medical expert who thinks (with good professional justification) that "Shaken Baby Syndrome" - which has been behind a lot of these cases - is a load of foetid dingoes kidneys. Sone "authorities" seem to be determined to waste her, professionally, because, otherwise, it would be too, too, embarrassing. Now it's out in the public domain, however, their "show trial" may not work. Please note all the quote-marks & hedgings in this set of comments, though! Here is the header ONLY: { SHAKEN BABY SHAME Why Dr Waney Squier, an expert baby brain neuropathologist, is facing trumped up charges and a show trial thanks to the GMC and Met police. } & - please remember that this is a quote from a public-domain document.


Contaminated DNA swabs should be detected in the procedure. This is just sloppy technique. There should be a negative control with each sample ie an unopened swab with each test. I'm not saying this is normal procedure but it should be. I worked for a lab testing trace metals in blood for a short time. Whenever a new batch of blood tubes was issued we filled empty tubes with acid to check for trace metal contamination.


Happily, the government has privatised forensic services in the UK and thus destroyed any possible attempts to actually improve them.


The forensic services may have been privatized, but according to this site, there is government oversight re:quality.

About the original topic for this thread:

I'm mostly with EI (Comment #43) regarding this: not pleasant to learn this, a surprise occasionally as to who's being snooped and by whom, and the tech details have sailed right over my head. Not being a visible minority, seeking political office, or rolling in scads of money, I'm not at all worried that the government will collect a pile of damning data on me.

I am however bemused about a society that kicks up a fuss that their/civilian personal space is being 'threatened' while at the same time they are posting their entire lives online. You'd think that after about a century of in-your-face journalism and high-speed, real-time mass electronic communications (starting with the telephone), that we'd have figured out basic rules for personal privacy.

Seriously, I don't think it's a 'government' problem, it's a social/interpersonal problem, and there doesn't seem to be enough interest in finding a culturally/socially acceptable set of rules for this.

Then again - what happens if the fear of government snooping stops people from exchanging news and opinions online? The result could be even worse: it would bring the world back to its pre-Internet size - large and alien. Thanks to the Internet, I have a better understanding of and care more about what's going on elsewhere on the planet.


I agree it's troubling, but it's about power, rather than about privacy. It's like the whole problem with women having their naked selfies posted online. They want the freedom to take those pictures, plus the ability to control who sees them naked. I agree with those who say this may be a problematic desire with today's technology, but I also totally understand the desire to have power over who sees what of you and your life.

Not having the power to say what people see in your life is something we associate with un-free people, prisoners and slaves for instance. Putting people in that position without their consent is always a problem.

My bigger problem is that no government (AFAIK) that's claimed these powers has done much useful with them. Usually absolute spy powers end up corrupting them and destroying trust in the institutions they think they're protecting, and it generally ends very badly for that government. That's actually the whole point (IMHO) about the idea that "gentlemen do not read each other's mail." It's not exactly naive, it's a statement of confidence that one does not need to stoop to being a spying, amoral creep in order to retain power. Trust matters, odd as it may seem.


Usually absolute spy powers end up corrupting them and destroying trust in the institutions they think they're protecting Yes. There's a fascinating series of 15-minute slots on Radio 4 at the moment: "Germany, memories of a nation" - presented by the director of the BM.... In the first programme, at Der Brandenburger Tor, he says that, you could almost be in any capital or major city in the developed world, & then you realise that you have to be in Germany. Because there are NO CCTV cameras at all, anywhere visible.


Free speech and personal privacy are orthogonal rights. They simply apply in different dimensions.

Usually they're not opposed, but we get conflicts when someone invades someone else's personal privacy and cites freedom of speech as a defence, Or when someone tries to shut down freedom of expression citing privacy.

There is no one-size-fits-all solution for these conflicts. Sorry. There just isn't: unless you place limits on the extremal application of both rights and then judge each case on its relative merits, you're going to land up in a world of hurt.

This shouldn't be difficult, but too many of us have difficulty understanding when we've stubbed our toes on a wicked problem.

A secondary, aggravating issue is that the scope of both free speech and personal privacy has changed over the past 2-3 centuries. It's only in the past century that we in the western middle classes have an expectation of occupying personal domestic space without hazard of random intrusions by servants. And it's only in the past 2-3 decades that the internet have handed all of us the potential for mass communication. Domestic appliances replaced servants in the home and acted as a privacy amplifier; the internet replacing letter-writing and the phone has acted as a speech amplifier. None of the drafters of the US Bill of Rights -- the prototype document encoding freedom of speech -- had any conception of the environment that would arise; none of the drafters of the US Constitution even imagined that life without servants (or slaves, for that matter) was viable and that people would value isolation the way we've come to.


The trouble with that particular example is "when someone invades someone else's privacy and then cites freedom of speech as a defence."

If they've genuinely invaded their privacy that sounds to me like there's a criminal act. Certainly in the naked selfies case that's the current one, and the phone hacking cases that are working their way through the courts that's the case. In which case the next bit just shouldn't apply because they just shouldn't have the material to freely speak with.

I agree there are a whole host of other conditions - if you've infringed privacy got close to invasion without committing a criminal offence, it's a different kettle of fish. Paparazzi taking long pictures of people on private land but from public roads for example.

Although I agree it's a case by case basis to some extent, you need some really compelling reason to be forgiven for an actual criminal offensive before your right to freedom of speech is that important. Like, for example, you legally find evidence they've committed a serious crime and do something dubious to find more.


"After all, the Stasi had a system where between 2% and 10% of all adults had at some point been informants."

I think that is an excellent point: mass electronic surveillance does not make a huge number of people into snitches. Conversely, the electronics cannot intentionally make a false accusation.

I don't know what it all means, but this is something different, something new.


"Do you think it would be much better to have the prisoners operating the Panoptic apparatus and sitting in the central tower, instead of the guards?"—Michael Foucault


"Parallel Construction" is the version of the term they've used more commonly. And if the purposes aren't immediately obvious to non-US readers, they're partly to hide the NSA spying, which may be illegal, and partly to hide the fact that the police are obtaining evidence illegally (since NSA spying without warrants can't be used in court cases), so they're covering it up by calling it "anonymous tips" or "stuff we found at a random traffic enforcement stop" or things like that.

About 50 years ago, the US Supreme Court issued the "Exclusionary Rule", which says that evidence obtained without proper search warrants can't be used in court. The year before that, the NY City Police didn't bother getting any search warrants; the year after that, they got lots of them.


So something to think about is the re-framing of some of these issues. Basically, I think that we (as a society, and as individual users, & providers) are too used to thinking about most topics along a single continuum anchored by 'opposite' end-points. Instead, I think we need to approach this as independent continua - one per concept (privacy, public safety) and see where they intersect. That intersection point is where we need to do more thinking, because that's where our problems lie.

Feeding public paranoia is not helpful, educating the public might be, starting with dis-entangling these two ideas. A key feature in a lot of social engineering is immediate convenience/reward ... which does seem to show an age-skew/correlation *. Stuff/actions that are perceived as being more convenient get adopted a lot faster, therefore become more 'normal'. So a quick fix to one type of personal privacy issue could be an app that is able to correctly identify a nude vs. clothed image, and ask the potential poster a bunch of questions to give that individual time to (1) re-think this act; (2) set up a bunch of conditions (safeguards - maybe a self-destruct?) for the transmission of such content; or (3) add-in some data that would automatically track this content for forever. (There may be other fixes/solutions.)

(* - Yeah, yeah, I know ... correlation does not equal causation ... however, correlation is where one starts building a theory that eventually may establish causation.)

For the paranoia junkies ... a parallel scenario is DNA profiling. The technology is relatively cheap for being able to positively identify an individual based on a few selected gene snippets. Further, fast food restaurant revenue/units sold market data shows increases in the number of individuals dining out ...


Wearily points at Snapchat and the piracy-detecting software that killed the 2012 Hugos stream These are not new ideas. Unfortunately they don't work. For why, see Cory Doctorow on the war on general purpose computing, and XKCD on detecting what a photo is of. (Fun game: define "skin tone.")

For bonus points, see Evgeny Morozov on solutionism: technology finds it very hard to solve problems caused by social issues. Leaked nudes is a problem caused by asshole exes and privacy-invading bastards that's compounded by technology, not caused by it.

You're right about the equivalence with DNA profiling; do you suggest people who worry about their privacy in that should wear whole-body condoms, or that we establish a social norm against promiscuous DNA sampling?


As aneomouse points out there's issues, certainly with the technological implementation of solutions such as you're suggesting.

I think we need to work at a cultural change on a variety of levels. One is the shaming of women by releasing nudes they've chosen to take for their private sharing, although that's a big, big change.

But, a smaller change would be creating and enforcing a right to privacy, even for (perhaps especially for) celebrities. Anything they do, just as anyone else, that is illegal, cannot be covered by this right of course. So however embarrassed Hugh Laurie is about his arrest for his time with a prostitute, it was a crime, it's in the public domain. Photos you want to share with your partner, safely privacy tagged. Anyone that breaks in and releases them commits an offence against your right to privacy and loses the protection of any other claim such as a "freedom of speech" unless they can claim "public interest" or have a warrant and it's proof of a crime OR evidence it was sent to them and they choose to share it. (That is one there is a move to change for the 'revenge porn posting' laws that are being bruited around in the UK.)

Social solutions.

And social education. Without splashing nudes of JLaw around, you can talk about her as a textbook case of what can wrong. The Emma Watson countdown too, after her speech to the UN.


EI 61: I agree with you re: social solutions.

As an actress/celeb, Lawrence earns her living by controlling the distribution of her image. This is a good basis of a civil suit which is typically a lot easier to win than a criminal (privacy) suit. Plus, it appropriately targets the motivation for this privacy breach, i.e., $. (Haven't been following this story but hope it goes to court soon so that it can set precedent.) I imagine that most agents would as part of their services now include training and/or services for protecting their client actors' personal (and therefore highly marketable) information. For that matter, anyone considering a career in the public eye should take an Online Privacy 101 course. (Behavior courses for public figures aren't new: etiquette, public speaking, anger-management, etc.)

I think that what Google is being mandated to do by European authorities - 'Right to be Forgotten' is probably going to figure in this long-term. If Google can figure out the mechanics of chasing down and deleting selected images/files, then this type of crime can be more easily contained.

To anonemouse: Thanks - just watched the Doctorow youtube video - got the general gist.

Not that this relates to the video, but ...

I disagree with the position that 'We once tried to find a fix but it didn't work, so we should abandon the search for a solution to this problem ...'

Similarly, I disagree that 'If 'something' can create problems down the road, then that 'something' is inherently flawed therefore should be abandoned.'

Even water or air can kill you -- the issue is to discover the boundaries between safe and unsafe for that 'something' and educate people accordingly. Persuading people to be more careful in using 'something' they like/use because it can harm them is the heart of the issue. To do this, means being accurate in how you describe a 'something' and building trust. (The actions, obfuscation and/or hyper-salesmanship of some governments/authorities are making this difficult.)


So however embarrassed Hugh Laurie is

Err, check your Hughs?

I disagree with the position that 'We once tried to find a fix but it didn't work, so we should abandon the search for a solution to this problem ...'

It is in fact literally impossible to create a Snapchat that you can guarantee prevents unauthorized sharing of a user's photo. Even if you broke the current nature of computing (which you would need to, this was Doctorow's point) the photos need to be displayed to the recipient, or else why have the app? At which point all that's required is to take a photo of the screen. To have a chance to prevent a single photo being leaked, you would need to change the entire structure of the internet to include a copyright scanner at every router. And you'd STILL fail. This is how hard a problem this is.

I have not advocated abandoning anything; I am saying that by the very nature of computing these problems are very hard to impossible to solve with technology, and they're not technology problems to begin with. Leaked nudes are tell-all memoirs updated for the new millenium: invasions of privacy for the aggrandisement of the leaker.


I liked the reaction of Feminist Twitter to the leaks: "If you are looking at these photos, you are perpetuating the abuse" - making it explicit that this is not victimless, and that people's desire to see these photos is why this leak happened: a social solution. (See also: Reddit users who attempted to donate to a charity as some kind of morality offset for having viewed the pics having their donations rejected.)


anonemouse ... err. maybe mentioning XKCD wasn't such a good idea given the premises of this discussion?


Oh yes, Mr. Grant, not Mr. Lauriie, sooty.


Gah, iPad typing in bed. Laurie, and sorry.


I disagree that the motivation for the privacy breach is money. It's about power and abuse.

Actors, particularly female actors but male actors too, are under a lot of conflicting pressures about how much of their body they show off. I don't know anything about you, but imagine every few weeks since you've been 18 someone's come along and said "here's a job, but it means been photographed nude to get paid." Some people are clearly more comfortable with that, some are not comfortable with it - at least not in public.

As the same time, of course, most of these people have a (somewhat) normal private life, and want to share sexy times with their lovers.

Making the decision to be filmed or not filmed naked for public dissemination isn't about money, it's about a whole host of personal choices, about if you're comfortable being filmed naked and sharing that with the world. Certainly most of the names of the victims of 4CHAN's abuse aren't hurting for a penny or two so deciding not to do naked scenes hasn't hurt their careers or their bank balances.

In the rest of the world there are fans, mainly male I suspect, who hope to see their favourite fan naked or topless. They're probably not the same fans who say "OMG have you seen how big her thighs are" and the like, but you never know... When an actor decides not to, as many have, the bulk of these might grumble about it, but they accept it.

However, a few of them, as we've seen, don't. And when given the opportunity, they decide to invade the privacy of their victims and abuse them by distributing private pictures across the internet freely, violating their body, their privacy and their choice for, so far as I can see no financial gain, the kudos they gain from their scumbag friends and whatever vindication they get from the act.

It's an act of saying I have power over you, your privacy, your intimate moments, your memories. It's abuse, pure and simple.

The courts may, eventually, settle on redress through the almighty dollar. But criminal courts are the right place for abuse cases to be settled.


Let's stop here and analyse who the copyright in a photograph belongs to.

If the photograph is taken in a public place (which includes places which charge admission but do not restrict the carriage and use of cameras) then the copyright belongs to the photographer except in the case where they have commissioned $model to pose for them. So if I take a candid nude of $celeb in public then I own the copyright and can dispose of that photo as I choose.

However, if that photo is taken in a private place (includes homes but not gardens which can be overlooked without taking unusual measures (so if you have to climb a tree with a 1000mm lens that's a private place, but if you just have to look over a 3 feet tall hedge that isn't), art and photographic studios, film sets, hotel bedrooms but not hotel public areas) then the copyright belongs to the model unless I have a signed release for it.

So existing law means that $celeb's selfies belong to them even if they e-mail someone else a copy, or post it on their public friendspace profile.


The problem with applying copyright law in this situation is that it assumes a batch of things that aren't necessarily true: things about the value of the work, particularly that the person infringing copyright is making money from their action; that copying is relatively hard work, which is certainly not true any longer; that the host or disseminator of the copied work cares about being on the right side of the law.

I'm not advocating a complete demolition of copyright laws - they do a lot to protect authors and their work and help them get paid for example. But when the damage to the victim is not financial they're not really useful.

And, while I think you're right in your analysis, what do you imagine the reaction will be to the following notice, in suitable legalese of course?

Dear $4CHAN_A$$HOLE, This is your DMCA takedown notice for items... to which the copyright holder has asserted their ownership rights.


"I think that is an excellent point: mass electronic surveillance does not make a huge number of people into snitches. Conversely, the electronics cannot intentionally make a false accusation."



" if you have to climb a tree with a 1000mm lens that's a private place, but if you just have to look over a 3 feet tall hedge that isn't..."

IANAL, but I think that privacy laws and customs are still based on some limitation on technology. For example, taking a photo in the dark using night-vision devices might be considered a violation of privacy.


Let's stop here and analyse who the copyright in a photograph belongs to.

Yeah, let's define first which country's laws should apply here. In Finland, the photographer basically has all the rights to the photo (which is not copyright, as not all photos are protected by copyright in the sense that for example short stories or paintings are). For example, there is an exception for portraits where the subject has more rights to the photo, if the photographer has not denied this. (The subject has the right to allow the publication in a journal, for example.)

Just to show that the copyright of a photo is not that easy, especially when you have to take into account different jurisdictions.


Commenting on my own comment, yes, this is a blog based in Scotland, but there are readers from different countries, where there might be different laws.

Especially the copyright laws, or sometimes "maker's laws" as they are for example in Finland, can cause problems.


Retired NSA director William Binney explains what the Snowden leaks really mean.

That sentence would lead the casual reader to believe that William Binney was once a Director of the NSA. Binney was director of the NSA’s World Geopolitical and Military Analysis Reporting Group, but he was never the NSA Director.


I thought that in Ms Lawrence's case, the relevant photos were published in a pay (or at least for profit) format?

Otherwise, I agree with your issues, but at least we've established ownership and liability without actually needing any new laws.


And #75.

I believe Finnish law is an exception here. Certainly my comment applies in USian, Canadian, UK, Irish, French, Dutch, German, Italian and Spanish law (based on discussions with models and other photographers).

Actually, in the case here, where the photo is a selfie, Finnish law is the same in practice because the model and photographer are the same person!


I thought they weren't published on a pay site but I didn't go to check and have no intention of doing so.

I'm not generally in favour of new legislation just for the hell of it but I think there's already a clear need, probably of adding to the universal declaration of human rights so it becomes rapidly spread around the world, for a right to privacy becoming enshrined in law. The bits and pieces of legislation we've got sort of protect bits and pieces in scraps and get muppets arguing their rights supercede copyright law and all the rest. A very clear right to privacy, with one or two people that are stupid enough to challenge it metaphorically kneed in the testicles in court just to demonstrate that they're wrong in their belief that their right to freedom of speech supersedes it might do a hell of a lot to change the remaining attitudes of the cave trolls.

It will, for example, be interesting to see the effect of the prison sentence for one and the suicide after exposure of another troll on the troll population and behaviour in the UK.


One of the latest things: it is being reported that the US Government has claimed that running a particular piece of software is evidence of criminal intent, and this justifies hacking into a non-US server to gather evidence, without need of a warrant.

They had other reasons, but "Indeed, the fact that the [Silk Road] Server was running 'phpmyadmin' would have further corroborated that it was hosting Silk Road, since 'phpmyadmin' is used to administer PHP databases – which are commonly used to run online businesses – and Silk Road's reliance on PHP databases was readily observable from the website itself during the time of its operation," is one of the claims.

This is pretty slipshod thinking, since all they're saying is that a lot of businesses use PHP databases, and that was evidence the server was running Silk Road. The Register goes on to explain the technical flaws in that statement.

Maybe the lawyer is making every claim they can think of, and hoping one of them sticks.



About this Entry

This page contains a single entry by Charlie Stross published on October 1, 2014 6:13 PM.

Cameron v Churchill was the previous entry in this blog.

Not a Manifesto is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Search this blog