I completely disagree. GCHQ, NSA, CIA, et al do serve a legitimate purpose. The world is not all roses and sunshine, there are rogue nation-states and rogue actors, and they do want to harm the public. It is the duty of the government to protect its citizens from attackers. These agencies exist to protect the public by identifying threats, and preventing attacks.
I know you are upset about the spying on private citizens for deceptive purposes, but lets not throw out the good with the bad. Yes, the agencies are overzealous and have overstepped their mandate, but that does not mean every single person working for them is an evil person out to get you. Real people work there, and nearly all of them probably have nothing to do with this. Reform, not harassing innocent bystanders, should be the aim here.
The question is - is reform even possible in organizations like these that have repeatedly broken the law with impunity? Is oversight possible at all when those who are supposed to have the power of oversight are unable to do so because these organizations are actively and intentionally hiding what they are doing?
When what they've done, effectively, is surveil everyone including the very people who are supposed to be able to exercise oversight and enact reforms how can oversight succeed?
I for one think the corruption is simply too deep to root out while keeping these orgs intact. They need to be torn down and rebuilt with clear missions consistent with our constitution (in the us), strict boundaries, and oversight. Reform is insurmountable when they still hold this wealth of illegally gathered surveillance data and retain their existing command structure.
The data must be destroyed. These orgs must be broken up and rebuilt so they are fit for purpose. Criminal, not overzealous is the word for what they've done. That in no way makes every person working there a criminal and I don't think demonizing the rank and file is productive or appropriate but we cannot keep watering down the severity of the problem for the sake of their feelings either.
History shows that the only way this is likely to happen is when the revolutionaries storm the building, such as the collapse of East Germany and the Stasi, or the Libyan security files blowing around in the street after the airstrikes.
Indeed. Complete destruction of the data is probably impossible. This is exactly why this kind of vacuum everything collection is so dangerous. There's no data access protection in the world bullet proof enough to justify the risk of storing it.
Here's the thing though. The reason there is even a debate about this is because the agencies serve a legitimate purpose that allows this to confuse our sense of morality. Without that rider, these methods would be roundly condemned in any other organization. A programmer working on unjustifiable programs should feel gross when they do something immoral.
Let's be clear here. This is the first time in the history of the world that nearly all ordinary communications by ordinary citizens, globally, are aggressively being monitored. The impact hasn't yet been fully felt by the global populace, but the power of these tools to rig the system and suppress dissent is very large and there is currently no effective check on these powers that is subject to public scrutiny.
Without reaching the Godwin point, actually it is not. The Soviet Union or East Germany were spying on their citizens on a similar scale, at least in respect of the technology available at that time.
The categorisation of "threat" is what we have a problem with. There was a scandal a while ago about the embedded deep cover agents in environmental groups: one had been there so long that he'd married and had a child with one of the people he was spying on. Further back there is the fairly terrible record of Special Branch et al in Northern Ireland.
Then there's the whole business of supplying intelligence to support the policy of invading Iraq, and the mysterious death of Dr. David Kelly. The Iraq invasion made us considerably less safe at the cost of about a million (non-coalition) lives.
What most people forget when they are sitting at home being scared about "rogue nation-states" from across the globe, or worry more about dying by the hand of people with dangerously fluffy beards instead of losing a foot to diabetes, is that complete security simply doesn't exist.
But what would we do if we wanted to provide total security? The naive and most popular approach is to give total control to the government. Not secure yet? More control then. Technology is the most promising way to achieve total control yet, and it's actually growing much faster than any global threat.
Anytime I read an article about some spying technology, I can imagine those developers looking at the existing infrastructure and internet technologies, thinking "we can totally do something to control this and that as well". That will actually be the "office culture" in places like the NSA. I know that's how I would think if I was sure my organization was serving a legitimate purpose. My colleagues would agree, and we'd high-five each other about redirecting yet another stream of information into our system. And whenever anyone has any doubts, group-dynamics or -think will take care of that. And if that's still not enough, maybe you need deeper philosophical help? https://boingboing.net/2015/08/11/the-failed-writer-who-beca...
With all those leaked documents, I've not even once heard about any limits. None. There's no "we'd like to know and control much more, but obviously we'll stop at that". If you gave the CIA the ultimate device that could provide them with all the information about every single human being on the planet and would also allow them to kill any individual instantly, they would immediately start using that. They don't want any oversight, they don't want anyone to control them, they don't want to have to respect anyone's privacy. They think they have a certain mandate or duty, and those things are by nature standing in their way of fulfilling it.
These developers absolutely should hang their heads in shame. Because every last one of them should understand that their organizations won't stop for ethical reasons, or deny themselves certain powers which should not be concentrated in the hands of a few people, no matter how well they think they mean. Being a "real person", not being out to get the average joe (but still spying on him), and generally meaning well - that doesn't make you any less guilty. At best it means you're a naive idiot who trusts authority too much, at worst you don't care and just want to play with your cool toys.
The world definitely isn't all roses and sunshine. Just because you think you're working for your country, making sure those who promise to protect it get all the help they could ever wish for and more, that doesn't mean the things you create will actually be used for "good". All it means is that someone further up now has more power than before, and they will use it the way everyone uses their power - to further their own interests. You simply hope your interests and theirs are the same and along the lines of "sticking it to those terrorists", but if history has shown anything, it's that power corrupts. I have zero doubt that those systems will be used against all of us eventually.
And what I don't understand is that people seem to be afraid of the bearbed terrorist who will strike the country once every few years, perhaps killing a couple of persons, but not by the local thugs who will kill, rape or injure a dozen persons in their neighbourhood every week.
Let's be honest. Secret services were always useful thugs. Using methods that would land them in jail in any other organisation. These guys make a career of spying, stealing, blackmailing, corrupting, sometimes killing. It's fair to argue that in certain circumstances they are useful and that a State should have the ability to commit these crimes. But let's not make the employees of these agencies anything else than what they are: hired thugs. And what I find worrying is that these crimes that were meant to be committed on an exceptional basis are now commited on a large scale against their own population.
Lieutenant General David Morrison of the Australian Army was giving a strong message[1] against against sexism when he said,
"The standard you walk past, is the standard you accept."
People working at GCHQ (or the NSA) may not be working specifically on an unsavory project, but they are still choosing to support the organization. Also, how do they know the real nature of their project? In a compartmentalized ("need to know") environment, it can be hard or impossible to know the real purpose of any particular task.
Jacob Appelbaum gave a very interesting talk[2] about a month ago where he specifically addressed[3] this problem (among other topics - the entire talk is worth watching). He even gets a question from someone from the NSA[4] who was in the audience, who also asked about this problem.
> In a compartmentalized ("need to know") environment, it can be hard or impossible to know the real purpose of any particular task.
There are definitely a lot of areas that wouldn't suffer from this problem. I'd be surprised if a cryptographer couldn't distinguish between working on civilian signals intelligence vs military (since the first will be using published ciphers).
Any how far does the scope of assisting the organization go? If you work for the FBI in a non-surveillance capacity, are you still part of the machine since the FBI and NSA cooperate on counter-terrorism? Should everybody at the FBI with a conscience quit because some in the organization have taken advantage of overextended surveillance powers?
People who worked for the SS in random roles like radio operator are still being prosecuted for murder. The precedent set after 1945 is that working in an organisation that breaks basic human rights is a crime against humanity in and of itself virtually irrespective of your role in the organisation.
Also it's not like the UK has conscription into GCHQ.
Then why don't they focus on that alone? If you worked for an organization that saved 10 babies a month, but used 90 women for sex trade, would you continue to work there because "you're helping save babies", or would you be disgusted with that organization?
I know my example is a little extreme, but it's kind of what GCHQ and NSA do, too. They use their powers maybe 10% of the time to look for terrorists and whatnot, and then the other 90% to get data on everyone, including people in power that they can blackmail and influence. Don't think this is just a theory. There have been articles in the UK press about MI5 for instance covering up child abuse by politicians because they wanted to blackmail them with that. Enough said?
Not everyone views the world the same way. Some people would willingly trade their privacy for safety ("myself included") and would not feel "ashamed".
However, my appraisal of "safety" markedly differs (like most people's appraisals of things) and I am more concerned with an overzealous government than a foreign attacker. I would trade my google search history for a bullet-proof vest if I was in a war-zone. However, I am not, and I don't think giving it to the government makes me safer.
However, people view the risk to the country and themselves differently and they also put markedly different values on their own privacy[0]. Also, this article should come as absolutely NO surprise to anyone in the HN community (or even anyone with internet).
edit:
[0] which they use as a framework to assess how others value their own privacy AND the value they themselves put on others privacy.
The problem here of course is you're not just trading your privacy for your feeling of security, it's that you are trading MY privacy for your sense of security, and doing so without my permission and against my direct wishes.
Look, I am pretty security conscious and while I am not going to list off my environment configuration, and it isn't perfect, I am sure I take privacy and security much more seriously (technologically) than most Americans.
The point I was sort of facetiously making here was that the people who implement these things don't think about it the way we do. They probably don't feel ashamed and do it out of a misplaced sense of patriotism, power or coercion(if they got caught doing wire crimes).
More granularly, if you believe you are protecting America from a 9/11 scale attack I could certainly see trading away some of your fellow countrymen's privacy.
These aren't my personal views on privacy or security I was making the point that some engineers won't be ashamed implementing this sort of stuff. I am pro freedom and privacy to be clear, and, I wouldn't make the above trade.
>There have been articles in the UK press about MI5 for instance covering up child abuse by politicians because they wanted to blackmail them with that.
It's sad that some people are downvoting the parent post. It makes a valid point in a reasonable way.
There certainly are problems with the excessive government surveillance -- it is also the duty of a government in any civilised, democratic nation to protect its citizens from itself, after all.
However, it seems unconstructive to go all gung-ho against people who are probably mostly just trying to do some good from what is inevitably sometimes an awkward position. It's like arguing we'd be better without a police force because sometimes bad people manage to become police officers and sometimes their colleagues can't just flick a switch and shut them off, or arguing that we shouldn't invest in military forces because it gives the government the power to kill people from afar and in any case diplomacy is preferable to violence. Those things may all be true, but that doesn't mean we'd really be better off if the organisations with a degree of corruption or inadequate safeguards were eliminated rather than fixed.
At least so far as police forces are concerned, they can't really be reformed. The police is fundamentally a paramilitary unit that serves the interests of a state, not private citizens. You can make the case that such an evil is preferable to abolishing it entirely, but ultimately the odds are stacked against it achieving any positive equilibrium, only trying to keep it as contained as possible.
> The police is fundamentally a paramilitary unit that serves the interests of a state, not private citizens.
This is not intrinsically the case; though modern general-purpose police organizations tend to be paramilitary (however, specialized regulatory law-enforcement bodies with police powers often aren't paramilitary in structure and operation the way most general police agencies working for the same government are.)
So, I don't think this is a situation that is fundamentally not subject to reform, though it might require rethinking fairly fundamentally the role of law enforcement, and redistributing much of what is now the role of general law enforcement agencies into domain specific agencies that are not defined by being enforcement agencies despite including enforcement functions within their domain as part of their brief.
At least so far as police forces are concerned, they can't really be reformed.
That seems pessimistic.
For one thing, any organisation made of real people is in reality affected by the views of those people. Even if there are some bad spies/cops/soldiers out there, a lot of people who get into that line of work do do it for the right reasons and because they genuinely want to make the world a safer place. If very bad things start happening, none of these organisations is going to universally side with a government that is doing those things.
For another thing, any organisation that requires funding is subject to influence by whoever funds it. As long as someone has to pay PC Smith's salary and there is enough civilisation left for essentials to require money to buy them, PC Smith is going to be accountable on some level because he or she literally can't afford not to be.
For a third thing, any organisation that enjoys special privileges that most people do not have, for example greater resources provided by the state or powers to do certain things legally when they would otherwise be illegal, is always under threat of having their special status revoked. The natural order is that everyone has the same rights and powers and resources, and the only ways that change are either through democratic acceptability as with policing by consent or through an actual dictatorship/police state scenario. And for reasons 1 and 2 above, it is highly unlikely we would ever actually reach the latter, which means the only way the police and security services get to keep doing what they're doing (and the only way the politicians get to keep their jobs) is by maintaining sufficient public support and trust. As we've seen in recent elections, there isn't a lot of that going around lately, so it seems unlikely that anyone wants to rock the boat unnecessarily.
Finally, it's worth remembering that we're talking about Britain here, which means the police very much isn't a paramilitary force in the way that many other countries have. Neither our citizens nor our police routinely carry firearms, for example, and while there are certainly specialist units in the police that do have that kind of equipment, they don't have anything like the numbers or equipment to put down a serious popular revolt. At the end of the day, there are still only 150,000 or so people working for the police, out of a population of well over 60,000,000.
This is why I think we're still a very, very long way from the kind of brutal dictatorships and police states that some people in the world still tragically live under today, and why I think despite the flaws of our various government organisations and the need to be mindful of their power and restrict it appropriately we are still a long way from any point of no return in terms of the balance of power between the state and its citizens. We've just let paranoia after a few high profile but actually relatively minor incidents tip the balance too far towards authoritarian tendencies in recent years -- which is, after all, why it's called "terrorism". At some point, we as a society are going to realise that this just plays into the bad guys' hands and stop putting up with it, and the balance will tip back again.
> If very bad things start happening, none of these organisations is going to universally side with a government that is doing those things.
If anything history has taught us that this isn't true. Oragnisations like the police and army of any dictatorhip get swept up in it and become part of it.
Oragnisations like the police and army of any dictatorhip get swept up in it and become part of it.
But we aren't starting from a position of dictatorship in the West, nor do we have things like an army formed primarily from conscripts or a police force whose members live in fear of some secret police force hurting their families if they don't comply.
Or, probably, somewhere in between. It seems likely both that the government publicity around the terrorism theme is vastly exaggerating the true threat but also that some level of danger really does exist and these agencies really do prevent some attacks from taking place.
The question is whether the true risk level is acceptable? If it is then we don't need any of the surveillance (which in and of itself is a massive risk to our democracy). The other question is whether the surveillance actually reduces the terrorist risk?
Exactly. These are the kinds of questions we should be asking.
If those with access to the relevant information were willing to give reasonably realistic and honest assessments of the risks involved, then everyone else could make their own judgement about what levels of risk they were willing to accept and our governments could act accordingly.
Of course, the problem is that with such obvious asymmetry of information and power, and with the biased perspective that often seems to result from working in an environment where your job is to deal with the worst of humanity every day, it's rather unlikely that we'll actually get an honest and realistic assessment of the situation and the true risks involved (both from the bad guys and from any unintended consequences of the measures that are supposed to protect us from those bad guys).
We elect our representative (partly) for this reason. One of the advantages of a parliamentary democracy is that members of the parliament could in theory be cleared for full access to information and then could in theory provide the needed oversight. One of the issues for me about the way that GCHQ in the UK and the NSA in the US operate is that this democratic oversight has either been absent or has been ignored. Furthermore the massive data collection programs that these agencies run will allow them to manipulate politicians (which I assume is already done). Also the oversight measures that have been proposed so far are in the UK are totally laughable.
I know you are upset about the spying on private citizens for deceptive purposes, but lets not throw out the good with the bad. Yes, the agencies are overzealous and have overstepped their mandate, but that does not mean every single person working for them is an evil person out to get you. Real people work there, and nearly all of them probably have nothing to do with this. Reform, not harassing innocent bystanders, should be the aim here.