“It was a total waste of time,” Jerrold Nadler , D-N.Y., said of the secret session. “Frankly, we think the whole thing was a bluff. But we called it. They thought, ‘We’ll call a secret session and the Democrats will reject it, then we can say they didn’t want to hear all the information.’ ”

...

A dispute broke out when an unnamed Republican started to talk about a topic that Democrats considered off limits under the ground rules for the session, since it was at a higher security clearance level than the discussion up to that point. But one Republican lawmaker said the discussion was in bounds. “We tried to give them the information, but they didn’t want to hear it,” the lawmaker said.

Ding!

Tom Price , R-Ga., said he was disappointed by the partisanship on the floor during the closed session. “There were two different camps in the approach. One camp was interested in talking about issues. The other camp was talking about . . . politics,” Price said.

Will someone please tell me where Republicans have discussed the issues? Have they explained why President Bush thinks the Electronic Frontier Foundation sees "a financial gravy train" in these lawsuits? Is there a place where they describe just exactly how the system they have established prevents their domestic surveillance apparatus from being abused for domestic political purposes? Have they explained why amnesty will not create perverse incentives for telecoms to comply with unwarranted surveillance in the future?

CQ Politics | Secret Session Brings House Members No Closer Together on Surveillance

Title 2: Litigation Procedures for Telecommunication Company Liability

• Does not confer retroactive immunity on telecom companies alleged to have assisted in the President’s warrantless surveillance program.

• Provides telecom companies a way to present their defenses in secure proceedings in district court without the Administration using “state secrets” to block those defenses.

Title 3: National Commission on Warrantless Surveillance

• Establishes a bipartisan, National Commission – with subpoena power – to investigate and report to the American people on the Administration’s warrantless surveillance activities, and to recommend procedures and protections for the future.

Its very rare that I see a proposal in Congress that genuinely makes me happy. This is one of those moments.

House Dems Proposing Commission to Investigate Warrantless Spying, Still Reject Amnesty | Threat Level from Wired.com

They ran every American through their algorithms, searching for targets in our phone calls and internet searches, trying to make sense of who called who, in order to find some sleeper cell inside the United States.

That is to say the Bush Administration ordered NSA turned its formidable capabilities upon Americans.

And now the Congress is set to legalize, bless and grant amnesty to this drift-net program.

There's been no real debate in Congress or in the press about whether the government should be allowed to track every Americans phone calls, emails and web browsing.

The debate shouldn't be about whether the government can wiretap purely foreign to foreign phone calls without court approval, since as we've just learned, that's never been the case.

Report: NSA's Warrantless Spying Resurrects Banned 'Total Information Awareness' Project | Threat Level from Wired.com

noteworthy wrote:
DNI certainly intends to include the greater Internet. They seem willing to start off with the government systems. But McConnell also said that "95% of the problem lies with the private sector." The implication with this entire initiative is that the private sector isn't competent to handle this on its own, but the government is.

Its really hard to square that perspective with Republican rhetoric about how the Government isn't competent to do anything. I'm being a bit histrionic, but clearly, "socialized" managed security services will seriously diminish or eliminate the existing competitive market for these services. If its not OK for healthcare how could it be a good idea for firewalls? The Internet doesn't even kill people!

Furthermore, if we have to have the discussion, there are obviously serious civil liberties concerns with having the federal government impose a monitoring system on all private networks that examines domestic traffic without a warrant. Clearly these people believe that the word "reasonable" in the 4th amendment means anything that they want it to mean, and while there is a perscription for what is required to obtain a warrant, warrants themselves need never actually be required. This view is extremely radical and is unlikely to withstand judicial review. You won't even be able to appoint conservative lawyers who will accept it.

Both of these problems are elminiated by simply making this a private sector endevour motivated with the right economic incentives.

federally operated, highly centralized operation was not scalable

I don't agree with this. There are a number of companies who provide managed security services for thousands of customers from centralized NOCS, customers who include Fortune 500 companies who have extremely complicated infrastructures. I think its practical, particularly if you have billions at your disposal.

and in any case would be duplicated by the customers who take their industrial security seriously.

Unless they feel like the government is doing an adequate job cleaning their pipes. If the state posted armed guards in front of your Bank would you hire your own guards too on the presumption that the ones the state hired are incompetant? I think its unlikely that their level of incompetance would allow enough fraud to justify hiring private equivelents.

Nevertheless (at risk of being considered provocative) I can see why a vendor would salivate at the prospect of such a windfall, especially if, as a market leader, they would expect to win the competition for such services. How much better to sell 30B in systems and services at one fell swoop, instead of going about all onesy-twosy for years on end!

And what of the vendors who loose? Is this to be a one size fits all solution, wherein the government selects a single... [ Read More (0.2k in body) ]

RE: WSJ | Bush Looks to Beef Up Protection Against Cyberattacks

Rattle wrote:

President Bush has promised a frugal budget proposal next month, but one big-ticket item is stirring controversy: an estimated $6 billion to build a secretive system protecting U.S. communication networks from attacks by terrorists, spies and hackers.

Could it be related to this?

RE: WSJ | Bush Looks to Beef Up Protection Against Cyberattacks

Don't just tell Congress to stop the spying -- show them.

Countless citizens have told Congress to reject telecom immunity, but the Senate is still threatening to pass a bill giving immunity to lawbreaking phone companies. It's time to get creative and move beyond words. Let's show our elected representatives who supports the rule of law -- ordinary Americans from across the country.

These photographs are fun but doesn't taking a picture of yourself alongside your political opinion violate the privacy these people are fighting for? Clearly, the ones in this flikr pool will be the first rounded up when the panic begins.

(For an interesting opposing view, see this.)

Stop The Spying

dc0de wrote:

The puzzle is how AT&T thinks that its proposal is anything other than corporate seppuku.

Scary article, really important stuff, but I LOVE the line above... :)

What if, instead of filtering out copyrighted material, they used an IPS to filter out exploits instead? Are the civil liberties issues the same when the same sort of filtering is done but in a way that helps, rather than hurts, the user whose traffic is subject to the filtering?

RE: Why does AT&T want to know what you're downloading? - By Tim Wu - Slate Magazine

Now, under traditional FISA rules and the Restore Act, the NSA can listen in on phone calls of foreigners outside the country without a warrant. They can also wiretap internet fiber optic cables outside the United States without a warrant. They can bribe a foreign ISP to help them read foreigners' emails without a warrant. After much back and forth, Hoekstra's spokesman admitted as much.

So how could Hoekstra defend Klein's writing that the Restore Act "would require the surveillance of every foreign-terrorist target's call to be approved by the FISA Court."

Well, Hoekstra (and the National Review) didn't tell you that they weren't using the dictionary definition of surveillance. They aren't using the term as you and I and the rest of the country (excepting a handful of D.C. lawyers) understand it.

Instead, Hoekstra was using FISA's definition of surveillance, which, as one of the law's oddities, says that listening in on foreigners' phone calls from taps outside the country or wiretapping the internet in a foreign country isn't surveillance.

Surveillance Doesn't Mean What You Think It Means | Threat Level from Wired.com

The nation's centralized watch list has grown to include 755,000 names suspected of having terrorist ties, resulting in nearly 20,000 positive matches of persons against the list in 2006, according to a new report from Congress's investigative reporting arm. Since the list is now used in nearly all routine police stops and for domestic airline travel, Americans made up the bulk of those matches.

The numbers appear to be a bit fuzzy, but there is now a centralized federal list of people who are not suspected of a crime that is checked everytime you have an enounter with a police officer. The size of the list is rapidly growing as are the places it is used. Inevitably the sort of people who are placed on it will evolve as well.

(For those who don't get it, yes terrorism is a crime, but there is a significant difference between a most wanted list that looks for people who are suspected of having committed crimes in the past and a watch list that looks for people who are suspected of being capable of committing crimes in the future. What is required to establish such suspicion? Could it merely be adherence to a particular political view?)

860,000 Name Long Terror Watch List Scrutinizes Americans Most on Threat Level

Although AG's offices obviously need to outsource software development, there are obvious problems with outsourcing the identification of criminals to an external service provider.

A private company that's under contract to collect information for law enforcement investigators has a financial incentive to produce results...

This is already a serious problem with prosecutors. In the hands of a private company the risk of abuse is even greater because the incentives are greater and many of the counter-incentives are removed.

"No software can determine whether a person (in a picture) is 17 or 18," Douglas says, so there are bound to be a lot of innocent IP addresses collected by MediaDefender and sent to the AG, before further investigation weeds out innocent suspects from actual lawbreakers.

Most people can't tell whether a person is 17 or 18 regardless of whether or not they are in a picture, which underlines the absurdity of sending people to prison for years and permanently tracking them as sex offenders in such cases.

San Francisco public defender Adachi says the relationship also conceivably gives MediaDefender the power to decide whom to collect evidence against and whom to let go.

"Say I ... find a web site that's run by my sister-in-law and decide that, 'Geez, I'm not going to turn that over,'" Adachi says. "There's no sworn duty by the private company (collecting evidence for law enforcement) to prosecute people in a fair, evenhanded manner."

Not that such a sworn duty stops AGs from doing exactly this all the time.

Defense Lawyers Cringe at MediaDefender's Child-Porn Patrol Plans