Social Question

Dr_Lawrence's avatar

If you resent the NSA reading all your messages would you use a legal method to defeat their snooping?

Asked by Dr_Lawrence (20019points) June 13th, 2013

The National Security Agency (NSA) is now violating its original mandate to check foreign communications for signs of threats to the USA. Under the PRISM program, they have admitted that all our texts, e-mails and tweets are now routinely read and checked. I don’t believe I am the only one who feels this is an egregious violation of our privacy and rights. Every e-mail allows for a signature, a short body of text that is automatically added to every message you send. The NSA has a list of words it uses to flag your messages as a threat to national security. If all of us were to use a string of such words to every totally harmless message, the NSA scanning would grind to a halt, overloaded by its own illegally of scanning domestic messages. The NSA requires a judicial warrant before reading or scanning your messages. If I prepare such a signature full of key words in some meaningless random order for everyone to add to all their messages, how many of you would want to use and share it with everyone you know so they could use it also? For me, its about reclaiming your *freedom of speech and protecting yourself from illegal search? . The US constitution protects these rights! Many other countries also guarantee such rights.

Observing members: 0 Composing members: 0

21 Answers

downtide's avatar

My partner is involved in a big way with military wargaming and re-enactment. I’m pretty sure that any emails coming from my houshold have been so chock-full of “key-words” over the past several years that we’re now on some list called These will be flagged up a lot, just ignore.

Aside from that though, I fail to see how adding the key-words to your signature will help. It will make your emails MORE likely to get flagged and read by a human, not less likely. Emails without any keywords will slip through, meta-data stored but content un-read.

If you think that they’ll grind to a halt and stop doing it, think again. They’ll just redirect other public money to the task. That which would otherwise have been spent on schools and medicare and firefighters and other public services. And when they run out of money from that, they’ll raise your taxes to cover it.

glacial's avatar

Interesting idea. That list has been floating around Facebook all day, so I suspect they are already overwhelmed. ;)

Dr_Lawrence's avatar

@downtide All my emails contain innocuous content so tasking an NSA agent to read my messages will waste their time and resources. If only I do it, they’ll soon ignore me. If I can get ten people to do it and find 10 others to do the same, and so on… the geometric progression results in millions or billions of totally harmless messages being flagged and handed off to humans to investigate. Wouldn’t this eventually render the NSA process a fruitless waste of time that quickly grows beyond their ability to continue reading the resulting avalanche of wasted effort require the NSA to redirect their efforts to the proper target, namely foreign targets rather than domestic citizens?

Bellatrix's avatar

If I was sure it would work, I would happily do it. I wish my own government would have something to say to the US government about them breaching my civil liberties. It isn’t going to happen though. If they’re going to snoop on my emails, the least they could do is answer some of them. No, you cannot have an extension because it’s your mother-in-laws birthday. No, you don’t have to resubmit if you followed my instructions. Yes, I do have your assignment. I suspect they may die of boredom if they read my emails too closely.

glacial's avatar

@Dr_Lawrence Yes, but what an interesting thought – a totally grass-roots founded stimulus program. It could put everyone back to work and save the US economy.

Seaofclouds's avatar

Personally, I think such a thing is a bad idea. If they are inundated with thousands of pointless messages just because someone purposely put the key words in their signature, they may miss the important messages that actually contain something they need to know. I think that puts us at the risk of greater harm. I understand the concern when it comes to e-mails and texts, which most people send with the thought that they will be private, but messages on forums, tweets on twitter, and facebook posts are not private and we all know that by now.

Not to mention, it would end up costing us taxpayers more money because they would just hire more analysts to read through all the messages.

RealEyesRealizeRealLies's avatar

I’ll allow anyone to monitor me 24/7… As long as I can monitor them 24/7.

Who is watching the watchers?

Jaxk's avatar

Frankly I think that misses the point entirely. If they can collect this data they will. Making it difficult to sort the wheat from the chaffe merely makes them hire more people and spend more on developing algorithms, etc. The issue is not to make them miss the terror messages but rather to keep the average citizen from being spyed on. It’s not the use of this data for the intended purpose but the misuse, that’s the problem.

Don’t try tho thwart them, stop them. If they want to put a camera in your house, is it OK as long as you can blurr the image?

SavoirFaire's avatar

@Jaxk I think it’s supposed to be more like “if you can’t get the camera out until tomorrow, blur the image in the meantime.” Or to be more accurate, it’s a matter of giving them so many false positives that even they realize the need to stop misusing their power and focus on the intended purpose. So really, it’s an attempt to achieve exactly what you say we should be trying to achieve. Not the only way, of course, but one way of increasing the motivation to refrain from spying on “the average citizen.”

rexacoracofalipitorius's avatar

If you don’t want the NSA reading your emails, then encrypt them. Many, many people and organizations do this already, and it provides other benefits besides defeating eavesdropping.
Everyone should have a PGP key, and encrypting email should be as easy as clicking a button. Unfortunately it isn’t yet, but we’re working on it.
If you want to secure other messaging formats, you can do that too. Cryptoparty.org has links and information about securing your communications. Also they do parties.
If and when you do set up a key, you can send me an email using this key.

Jaxk's avatar

@SavoirFaire

It only disourages the legitimate use of the data, looking for terrorists. It does nothing to address the misuse, looking for political enemies or other personal data.

Not to mention the logistics of trying to do this. I would be very surprised if a enough people would be willing or even know how to test their fate against the black helicopters. The government has no sense of humor and the NSA even less. You never want to test your fate against someone who can answer the question, “You and what army”.

SavoirFaire's avatar

@Jaxk The obvious thing to do when one’s signal-to-noise ratio is terribly unbalanced is to stop gathering data from sources that are almost certainly giving you noise. So if we increase the amount of noise that the NSA gets from the average citizen, the obvious thing to do is stop gathering data from them (or at least stop sifting through it). This puts the focus back on what some people think is the legitimate use of this data. In fact, it might even motivate the NSA to go about this in the right way: by only gathering data on people they have prior reason to suspect and can get specific permissions for. That’s a longshot, of course, since spies aren’t in the habit of giving up data of any kind. But it might at least shift the focus.

I’m also not quite sure what logistical problem you’re seeing here. Yes, it’s not quite as effective if very few people do it. As @Dr_Lawrence noted, the NSA would just block him individually if he was the only one. If only about 20 of us do it, then they just block all of us. That still keeps our messages from being read, though. I may not trust the government, but I have strong doubts they’re going to send any black helicopters after me for adding extra words to my emails. It would be an inconvenience and an annoyance to them, not a threat. At worst, it just forces them to change tactics a little. There far more likely to come after me with the helicopters for other things, frankly.

Jaxk's avatar

@SavoirFaire

Generally you would use a filter to eliminate/reduce the noise rather than just give up. You may be smarter than the NSA but they have more resources. And even if they blocked you (which I doubt they would) they still have your data for misuse purposes. You can play the ‘who’s smarter game’ if you choose but I won’t be joining you.

SavoirFaire's avatar

@Jaxk Perhaps I have been unclear: I don’t expect the NSA to stop collecting any data that they can collect. If they have the ability, they will do it whether it is legal or not. That’s just how agencies like that work. They are inherently not to be trusted. The point is simply this: there are things that can be done to make them pay less attention to you if that’s what you’d like. Whether they just stop looking at your segment of the data or filter it out, they’re paying less attention to you. And since black helicopters aren’t for the merely annoying, I don’t see what the problem is. Particularly since other things I do will get the helicopters sent after me before an annoying email signature.

Jaxk's avatar

@SavoirFaire

My experience has been that if you call attention to yourself, they pay more attention not less. And that being annoying exascerbates any issue rather than reducing it. If you scream ‘look at me, I’ve done nothing wrong’ loud enough, they will find something wrong. Pretending to be a terrorist to protect your privacy doesn’t seem like the way to go. And an annoying E-mail signature seems easy to filter out, even if it was a good idea.

rexacoracofalipitorius's avatar

@Jaxk Yes, a discrete block (like a sig block) is trivially easy to filter; even I could write that code, and I feel sure that NSA employs savvier programmers than I am likely ever to be.
With that said, “looking for terrorists” is not what the NSA does, and it’s not legitimate to globally scrape all transmitted messages for any reason. It’s illegal, as a matter of fact. “looking for terrorists” is a “legitimate purpose” only when probable cause exists and the agency in question has obtained the appropriate warrants from the appropriate court.

@SavoirFaire Please note that filtering out the sig block does not affect the data extracted from the rest of the message and can be done automatically and transparently. A scheme like the one proposed would not work at all, regardless of how many people use it; better just to encrypt your messages and blend in with the rest of the encrypted traffic. Pretty much the same scheme was tried during the 1990s when the cypherpunk movement was beginning and people were up in arms about NSA’s Carnivore program- and again in the early 2000s when we started hearing about the Total Information Awareness Office. It’s neither a new idea nor an effective one.

Encryption is known to work. Open-source encryption like GPG can be checked for backdoors and is trustworthy within the limits of the relevant mathematics (but remember that NSA is the world’s single largest employer of mathematicians.)

SavoirFaire's avatar

@Jaxk It’s not pretending to be a terrorist. It’s putting in a bunch of their ill-chosen keywords to drown them in false positives. If you get too many false positives, you have to change something about how you search, and I’m pretty sure that’s the point here.

@rexacoracofalipitorius You’re right, it couldn’t just be the same block. It would have to be something slightly different for everyone. As to whether or not it is effective, that depends on what sort of effect you are hoping to have. You seem to think that the point of @Dr_Lawrence‘s suggestion is supposed to be analogous to encryption. It’s not. The suggestion is a form of protest, not a form of data protection.

rexacoracofalipitorius's avatar

@SavoirFaire Yes, I get that, but I’m trying to push encryption as an option anyway because I think everyone should use it.
Even if the sig blocks are unique per-person or per-message, it’s still trivially easy to filter them out. If you wanted to work your “attention-getting” keywords into the body of the message, then that might succeed in getting the message flagged- but it would also annoy and/or confuse your correspondents. Also, NSA could implement a (relatively) simple Bayesian filter (a probablilistic filter analyzing word frequency) to strip out the noise. This assumes they don’t have some sophisticated lexical analysis going on. I’m not yet sophisticated enough to guess at what the possibilities are there.
tl;dr:

It’s pointless to protest to a machine, and there’s basically no chance that it would ever affect anything beyond the initial filtering stage.

SavoirFaire's avatar

@rexacoracofalipitorius It is only pointless to protest a machine if you think directly changing the machine is the point of the protest. It’s not. Nobody protested the banks on Wall Street thinking their board members would recognize what terrible people they were. That’s not how protests work, or how they are even supposed to work.

Regardless, I do agree with the value of encryption. Here’s a bit of relevant copypasta that’s been going around:

Don’t ask your government for your Privacy, take it back:

• Browser Privacy: HTTPS Everywhere, AdBlock Plus + EasyList, Ghostery, NoScript (FireFox), NotScript (Chrome)
• VPNs: Private Internet Access (US), BTGuard (Canada), ItsHidden (Africa), Ipredator (Sweden), Faceless.me (Cyprus / Netherlands)
• Internet Anonymization: Tor, Tor Browser Bundle, I2P
• Disk Encryption: TrueCrypt (Windows / OSX / Linux), File Vault (Mac).
• File/Email Encryption: GPGTools + GPGMail (Mac), Enigmail (Windows / OSX / Linux)
• IM Encryption: Pidgin + Pidgin OTR
• IM/Voice Encryption: Mumble, Jitsi
• Phone/SMS Encryption: WhisperSystems, Ostel, Spore, Silent Circle ($$$)
• Google Alternative: DuckDuckGo, StartPage
• Digital P2P Currency: BitCoin
• Live Anonymous/Secure Linux: TAILS Linux

If you have any problems installing or using the above software, please contact the projects. They would love to get feedback and help you use their software.

Have no clue what Cryptography is or why you should care? Checkout the Crypto Party Handbook or the EFF’s Surveillance Self-Defense Project.

Just want some simple tips? Checkout EFF’s Top 12 Ways to Protect Your Online Privacy.

————————————————————

If you liked this comment, feel free to copy/paste it.

rexacoracofalipitorius's avatar

@SavoirFaire Not “protest a machine” but protest to a machine. The machine does not care what you think, or about anything else. It’s just a machine. You might as well shout down a carburetor.
Protesting against a machine, on the other hand, can be quite worthwhile. People protest against all sorts of machines, sometimes by taking direct action against the machines. This is usually illegal, and I can’t endorse that sort of behavior- but it has sometimes known to work.
Feeding a string to a spam filter is not “direct action”. It’s a pointless waste of time which could be better spent talking to people using the methods you outline in your pasta.
Here’s some copypasta of my own so folks have something to talk about:

[from reddit]

Yes, you can make a difference!:

Make it clear to your representatives that you support the actions of Ed Snowden and ask that he be treated as a whistleblower and patriot. A phone call or written letter is effective. Sending a letter and then following up with a phone call is best.

Make it clear to your representatives that you are against the NSA program and all others like it that we don’t know about (and explain exactly why). Having talked to people who have worked on the staff of Congresspeople I know that a phone call makes a good amount of impact, an email you wrote helps but is less effective, but if you know you are too lazy for that click here and do this. I’ve been informed by /u/secondlogin that “as few as SEVEN personally written letters to a representative can turn their attention to a given subject. NOT EMAIL SPAM. A personal, written letter will be put on the top of their mail stack and taken directly to the Rep.”

Find out who your representatives are and post a tasteful, well-written message on their Facebook profiles. This is somewhat effective because it is “public.” It raises awareness of the issue and if there are enough concerned people commenting they (or someone from their staff) will often respond so you can have an actual dialogue. I did this during the CISPA uproar and actually had a conversation of sorts on the issue with my Congressman. Tell your representatives you support this bill.

Contact the “Intelligence Gang of 8” and let them know their actions are a reprehensible betrayal of the American people’s right to privacy: Representative Mike Rogers, Representative Dutch Ruppersberger, Senator Diane Feinstein, Senator Saxby Chambliss, Representative John Boehner, Representative Nancy Pelosi, Senator Harry Reid, and Senator Mitch McConnell
Call and/or fax the office of POTUS: President Barack Obama Phone:(202) 456–1111 Fax:(202) 456–2461
Follow up. Call back and ask what progress has been made or what new information they have available to you regarding your last call. These people represent you — it is okay to hold them personally accountable to you (but don’t overdo it or you’ll be dismissed as psycho and your opinion will matter less).

Watch how the government handles Ed Snowden. If he is mistreated we should organize and protest.

We should organize and protest against the NSA spying program (among other issues). I am a supporter of /r/Occupy because I believe it is the movement with the most steam and potential. It isn’t perfect but I’d rather not sit around and wait for something better to come along.

“Sign” the petition to repeal the Patriot Act . “Sign” the Avaaz petition about PRISM. “Sign” the whitehouse.gov petition to pardon Edward Snowden. While this is better than doing nothing, it’s not doing much so don’t give yourself too much credit. Contacting your reps is much more effective.

Snowden plugged /r/restorethefourth and if we support him, we should participate in that in his honor. Don’t consider this having actually done anything to help but subscribe to /r/restorethefourth to stay aware in the future.

Talk to other people about the issue as you go about your day. Inform people of what happened and make sure you explain why it is wrong and how it can be misused. Encourage them to take the actions above.

Feel free to copy and paste this post whenever you encounter someone on Reddit [or Fluther] who says, “But what can I do about it?”

BONUS: Fight these thoughts (that lead to powerlessness and inaction):
* “I can’t make a difference because I am one person.”
* “Someone else will fix it.”
* “It’s too late.”
* “I’ll worry about that when it effects me personally.”
* “There is nothing I can do about it.”
* “I am a lazy, selfish human being.”

SavoirFaire's avatar

@rexacoracofalipitorius I figured you’d respond the way you did, pointing to the word “to” in your response. The thing is, though, we’re not protesting to a machine. People have to notice to change the search algorithm, so it really is protesting a machine—which you concede can be worthwhile. Moreover, it’s not the engineers we’re trying to change either. In any case, much of the opposition to the idea presented by @Dr_Lawrence seems to be predicated on the assumption that adding the signature block would be the whole of our resistance. Yet there is no indication of anything along those lines. Moreover, just getting this sort of thing started and trying to spread it around is the beginning of a conversation with people. It presents the opportunity to move on to your copypasta and mine. In other words, stage one of the mission is already complete.

Answer this question

Login

or

Join

to answer.
Your answer will be saved while you login or join.

Have a question? Ask Fluther!

What do you know more about?
or
Knowledge Networking @ Fluther