Panel - The ACLU Presents NSA Surveillance
This is a modal window.
Das Video konnte nicht geladen werden, da entweder ein Server- oder Netzwerkfehler auftrat oder das Format nicht unterstützt wird.
Formale Metadaten
| Titel |
| |
| Serientitel | ||
| Anzahl der Teile | 112 | |
| Autor | ||
| Lizenz | CC-Namensnennung 3.0 Unported: Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen. | |
| Identifikatoren | 10.5446/38969 (DOI) | |
| Herausgeber | ||
| Erscheinungsjahr | ||
| Sprache |
Inhaltliche Metadaten
| Fachgebiet | ||
| Genre | ||
| Abstract |
|
DEF CON 2135 / 112
3
6
8
9
13
14
15
16
17
22
23
24
25
29
32
33
36
37
39
42
45
47
49
53
60
61
64
65
66
71
76
79
80
82
89
103
106
108
00:00
Algorithmische ProgrammierspracheSoftwareentwicklungEntscheidungstheorieGefangenendilemmaTelekommunikationMereologieDatenmissbrauchRechter WinkelArithmetisches MittelSweep-AlgorithmusMultiplikationsoperatorIndexberechnungGesetz <Mathematik>AutorisierungExistenzsatzTeilbarkeitZahlenbereichFlächeninhaltTypentheorieService providerClientComputersicherheitAssoziativgesetzSpider <Programm>Mooresches GesetzCASE <Informatik>InformationTabelleOrdnung <Mathematik>Prinzip der gleichmäßigen BeschränktheitAusnahmebehandlungProjektive EbeneMathematikEreignishorizontAutomatische HandlungsplanungSprachsyntheseSchreib-Lese-KopfInstantiierungElement <Gruppentheorie>ZeitreiseInformationsspeicherungEinsStrategisches SpielDickeEbeneAdressraumVersionsverwaltungImplementierungE-MailQuellcodeUmsetzung <Informatik>Physikalische TheorieEinflussgrößeExogene VariableSchlussregelBesprechung/Interview
09:45
Projektive EbeneSystemaufrufZahlenbereichGefangenendilemmaWeg <Topologie>StandardabweichungDatenmissbrauchEinfach zusammenhängender RaumParametersystemKryptologieUmsetzung <Informatik>SoftwareentwicklungInternetworkingSoundverarbeitungInformationCodeDatensatzTelekommunikationSweep-AlgorithmusAnalysisChiffrierungPunktKontextbezogenes SystemEinfache GenauigkeitTypentheorieMetadatenBasis <Mathematik>Ordnung <Mathematik>SensitivitätsanalyseNetzadresseDatenbankGarbentheorieDienst <Informatik>PerspektiveSprachsyntheseMultiplikationsoperatorProgrammierparadigmaVerschiebungsoperatorDickeArithmetisches MittelFilter <Stochastik>ComputervirusVorlesung/Konferenz
16:25
CASE <Informatik>SoftwareMultiplikationsoperatorTelekommunikationMetadatenSchedulingReelle ZahlParametersystemSoftwareentwicklungNotepad-ComputerService providerInternetworkingSystemaufrufInformationKryptologieOffice-PaketPunktHilfesystemBaumechanikDatenmissbrauchVideokonferenzPrädikatenlogik erster StufeVerkehrsinformationHackerExogene VariableSprachsyntheseArithmetisches MittelE-MailRuhmasseDatenbankNichtlinearer OperatorGanze FunktionRechter WinkelGrundraumSuchverfahrenObjekt <Kategorie>ZahlenbereichVorlesung/Konferenz
23:04
Quick-SortMomentenproblemDatenmissbrauchVerkehrsinformationMultiplikationsoperatorUmsetzung <Informatik>Twitter <Softwareplattform>Spannweite <Stochastik>SoftwareentwicklungEntscheidungstheorieProjektive EbeneRahmenproblemAssoziativgesetzNormalvektorMAPSnake <Bildverarbeitung>CASE <Informatik>GoogolBasis <Mathematik>InformationFamilie <Mathematik>BenutzerbeteiligungPhysikalischer EffektE-MailFrequenzFacebookVerschiebungsoperatorZehnTelekommunikationAdditionDigitale PhotographieKomplex <Algebra>ZweiSelbst organisierendes SystemStellenringGruppenoperationSummengleichungDatensatzSchaltwerkBesprechung/InterviewVorlesung/Konferenz
30:32
AggregatzustandOffice-PaketBefehl <Informatik>ComputersicherheitPhysikalischer EffektInformationMAPSummengleichungAusnahmebehandlungStellenringSelbst organisierendes SystemDatenmissbrauchTwitter <Softwareplattform>Quick-SortTabelleDatensatzDatenbankRechter WinkelDienst <Informatik>Einfache GenauigkeitBasis <Mathematik>CASE <Informatik>Physikalisches SystemZellularer AutomatSprachsyntheseWeb SiteZweiFlächeninhaltE-MailPunktNotepad-ComputerElektronischer FingerabdruckTelekommunikationMustererkennungLeistung <Physik>URLTreiber <Programm>BinärdatenVerkehrsinformationSpannweite <Stochastik>MultiplikationsoperatorAuswahlaxiomAssoziativgesetzFigurierte ZahlDiskrete UntergruppeRepository <Informatik>FacebookBesprechung/Interview
37:40
Physikalisches SystemSelbstrepräsentationURLExogene VariableSpannweite <Stochastik>SprachsyntheseSystemaufrufTelekommunikationFlächeninhaltBaumechanikMessage-PassingTabelleService providerFreier LadungsträgerMereologieAbstimmung <Frequenz>SpieltheorieMultiplikationsoperatorWeg <Topologie>Wort <Informatik>ElementargeometrieGrenzschichtablösungAssoziativgesetzSoftwareentwicklungMomentenproblemStatistische HypotheseLeistung <Physik>Besprechung/InterviewVorlesung/Konferenz
40:51
Cloud ComputingMathematikKryptologieDesign by ContractSelbstrepräsentationMereologieAbstimmung <Frequenz>DatensatzEinfügungsdämpfungBesprechung/Interview
42:05
MathematikPunktVollständiger VerbandQuick-SortHidden-Markov-ModellDifferenteE-MailBesprechung/Interview
43:11
BaumechanikSoftwareentwicklerSoundverarbeitungSelbst organisierendes SystemAffiner RaumBesprechung/Interview
44:01
Umsetzung <Informatik>Besprechung/Interview
Transkript: Englisch(automatisch erzeugt)
00:00
Thank you all so much for coming to spend 45 minutes with the ACLU. We appreciate it a lot. This year there are not Q&A rooms, so we hope that those of you who want to continue the conversation will come to our table in the vendor room where you can become members or renew your membership, get our new DEF CON special edition ACLU Fourth Amendment
00:25
T-shirts. We would love to see you there. My name is Ben Wisener. I direct our national project on speech, privacy and technology. The women and men at the table with me work on surveillance, national security,
00:42
technology privacy, both in our national office and in some of our affiliates around the country. So when we heard that the NSA had been disinvited from DEF CON this year, we kind of scratched our heads a little, because since when has the NSA needed to be invited?
01:04
We had planned to do a review that we were going to call a year in surveillance and talk to you about the breadth and scope of the work that we do on privacy and surveillance. And then Ed Snowden got on a plane to Hong Kong and really changed everything.
01:23
So maybe we should give him a hand. And what he revealed is something that many of us were anxious about, knew about, had worried
01:40
about for years, which is that the NSA's strategy has been to collect everything and worry about the law later. That as technology has developed, as the cost of collection and storage has gone down, the NSA has begun to construct the most comprehensive surveillance time machine ever created and
02:08
then hope that the law could be twisted in order to justify what it was already doing. I feel that we say it so often it's a cliche that the law has not kept pace with technology.
02:24
We believe that Americans' privacy should be protected by constitutional law, not by Moore's law. So my colleagues here are going to talk briefly.
02:42
There's five of them. We have only 45 minutes and we do hope to have time for a couple of questions to give you a taste of the kind of work that we're doing with regard to NSA surveillance. And we hope that many of you will join us at our table. We also have one of the parties tonight on the pub crawl party like it's 1986.
03:03
That is ACLU ECPA humor. So we hope to see more of you all later and to kick us off, this is Alex Abdo from our national security project. Hi, everyone, and thanks so much for coming. So I want to talk just for a few minutes about the PRISM program, which was revealed
03:24
a couple of months ago by Ed Snowden. But before I get to the PRISM program, I want to talk about what there was before the PRISM program and what we were doing beforehand, because it's a really fascinating change of events in the last two months. In 2008, Congress passed the most sweeping surveillance statute that Congress has ever
03:43
passed called the FISA Amendments Act of 2008, and it essentially gives the NSA and the government unfettered access to Americans' international communications. And we challenged the law at the time because we didn't think that the fact that someone is communicating internationally means they should sacrifice their right to
04:02
privacy, that in today's interconnected world, you can't often control the way your packets are scurried around the world, and your right to privacy shouldn't depend on the paths they take and the friends you choose to associate with. We brought that challenge in 2008, and for the next five years, we didn't actually
04:22
litigate the merits of whether the government can collect our international communications. We spent five years debating with the government whether our clients were allowed to sue. And our clients were lawyers who represented Guantanamo detainees, human rights researchers and activists who worked in areas of the world where there was significant violence
04:44
and counterterrorism interest on the part of the U.S. government, and journalists who reported on those areas, the very source of people who would find themselves trapped in an international NSA surveillance dragnet. And for that reason, these individuals,
05:00
our plaintiffs, our clients, took significant and burdensome measures to protect the confidentiality of their communications. Some of them had ethical obligations to do so, others just thought it was good professional responsibility. Despite that fact, the government argued that we couldn't sue unless our clients could prove that their communications were surveilled. And if you know anything about the NSA, you know that's a vicious
05:24
catch-22. Nonetheless, the government prevailed in front of the Supreme Court in February in a decision, a 5‑4 decision, holding that the government's most sweeping surveillance statute ever enacted is essentially immune from judicial review unless the NSA in its
05:43
benevolence chooses to disclose who it's surveilling. I don't recommend you hold your breath. So that all changed two months ago when Ed Snowden disclosed the existence of the PRISM program. And the PRISM program is essentially one version of an implementation
06:02
of the FISA Amendments Act. It is a small part of the way the government conducts its international surveillance. But it's authorized by this very same statute that was passed in 2008. And some of the most important disclosures that Mr. Snowden made are of the procedures that the government uses to select its targets and to protect the privacy in
06:23
theory of Americans who find themselves ensnared in the international dragnet. And having seen those procedures now, we know that they never should have been secret in the first instance, but they reveal a number of really critically important things about the way the government conducts its surveillance. The government's main defense, if you've been reading the news about the PRISM program, is that it's a program directed at
06:44
foreigners, not Americans. And I think that's an extraordinarily misleading defense of the program. When the government was pushing for the passage of this act, actually to a predecessor of the statute, it argued that some of the communications of most interest to the NSA were the ones that had one terminus in the United States. And you can
07:04
imagine for obvious reasons why that would be the case. But the government used the fact that Americans were communicating internationally, essentially to bootstrap away their rights to privacy. So even though foreigners have to be the targets of the government surveillance, Americans' communications are inevitably swept up into them. And you
07:23
might think that because the government calls the collection of Americans' communications incidental under these programs, you might think that they would treat them as incidental and delete them when they get them. We now know, thanks to Ed Snowden, that's not the case. The government is allowed to keep even Americans' communications in the
07:40
course of targeting foreigners for five years in any event and indefinitely if any of a number of sweeping exceptions apply. One of the exceptions, by the way, is if the information is encrypted. So ironically, as we are now seeing a push in the industry for greater use of HTTPS and encrypted communications, we are actually handing the NSA
08:04
more authority to retain those communications indefinitely until a time that they can decrypt them if they can't already. The second big problem with the government's targeting of foreigners is that it presumes its targets are foreign unless it has a reason to believe otherwise, which is a really bizarre way of going about it, you can
08:22
imagine. So if the government has any doubt as to where you are and they don't have any positive indication that you're an American, they'll treat you as a foreigner and targetable and they'll retain your communications even if they later discover that they were wrong. So they think you're a foreigner, it turns out you're not, but they keep your
08:41
communications anyway. And you can imagine the types of services available digitally now that would give the government the doubt they need about your foreignness to allow them to keep your communications. You can think of services like Tor or VPN services. The final problem, major problem I find with the government's defense of its
09:02
prison program is that it says the program is supposedly limited to foreign intelligence information, which is this phrase they bandy about, which really has very little meaning. It includes things as broad as the foreign affairs of the United States, which essentially makes a target out of everyone who is a foreigner. And we know that in part
09:22
because the procedures that were released by Ed Snowden confirmed that two of the broadest factors the government relies on in determining whether someone is exchanging foreign intelligence information are, one, if you're communicating with a foreigner, and two, if your phone number or email address appears in a foreigner's contact book.
09:45
And these two rules and the presumption that you are a foreigner is that virtually every international communication is susceptible to NSA surveillance and they can keep those communications even if they later discover that you're an American.
10:01
Just two quick additional points and then I'll hand it over. First that the government is not actually limited to directing its surveillance at targets. It can direct its surveillance at third parties to collect information about its targets. And it can do so using IP filtering and country code filtering. And the example that I think has
10:20
been thrown out is that they might decide that Osama bin Laden is a target and then decide to IP filter internet traffic for everything going into or out of Pakistan as their filter and then collect everything. So the PRISM program allows the government to do broad geographic surveillance in a way that ensures that countless people's right to privacy
10:41
are unjustifiably intruded upon. And secondly, the government considers that any extensive use of a IP range or cryptographic service by foreigners allows the NSA to target that IP range or cryptographic service. So if there's a service like Tor, for example, that
11:03
is used extensively by foreigners and who knows what that means in the context of terrorists. You know, there are not so many terrorists in the world, we hope. So if a dozen of them are using Tor, that might justify the government in collecting everything that's going on over Tor to allow traffic analysis and maybe later decryption. So the irony is
11:24
that those who seek to protect the sensitivity of their communications the most are engaging in communications that are born targetable. Whether or not the government has any specific reason to collect those individuals' communications. I think there's an
11:41
easy fix to this problem but maybe we can discuss that later and I'll hand it over for now with that vague teaser. Well, hello. My name is Katherine Crump and I'm a staff attorney with the ACLU's speech, privacy and technology project. I've been at the ACLU for about eight years and I've been
12:02
primarily litigating challenges to government surveillance programs and that length of time has given me a little perspective on this because for years members of Congress have been saying things like if the American people knew what was actually going on with some of the NSA related spying programs, they'd be really outraged but there was no way to
12:20
have an honest conversation about what was happening until just recently when Edward Snowden finally disclosed some of these programs. But there has been such a torrent of information about the different programs that I think it can be often difficult to try to figure out, you know, what the different specific programs are and what they're doing. So Alex talked about the PRISM program and now I want to spend a few minutes talking
12:42
about the NSA's domestic collection of all telephony metadata, why the ACLU thinks there are serious privacy problems with this and then what we're doing to try to rein in the NSA's surveillance. So we know now, thanks to reporting by the Guardian and Ed Snowden,
13:02
that the NSA is collecting all domestic telephony metadata. It has gone to the Foreign Intelligence Court, the secret court in Washington, D.C. and it seems that every three months it gets an order authorizing it to collect telephony metadata from all major U.S. telephone communications
13:22
company. So at the end of every day, every telephone call that you make, every telephone call that you receive and how long those telephone calls last get handed over to the government. This is true for domestic communications. This is not about international communications and I think sometimes in some of the government's counter messaging, that fact is being lost.
13:44
The government has also tried to argue that metadata isn't sensitive and has made the point, for example, we're just getting telephone numbers, we're not getting anyone's name but I think the people in this room certainly see the flaw in that argument without anyone having to point it out. It's not just that the government is getting this information, it's that they're also storing the metadata going back five years. So that's
14:06
really a truly vast amount of information about all of the communications all of us engage in. So what is the government doing with this information? The government says that whenever it has a reasonable, articulable suspicion that there is a selector, which
14:22
is probably a telephone number, for example, associated with terrorism, it can query this database for that number and track connections going out three hops. So the telephone number that calls the telephone number that calls the telephone number. When you think about that, it ends up being a sweeping amount of data because if the typical person has,
14:42
for example, 40 telephone numbers in their phone, that can sweep in as many as 2.5 million phone numbers. This, by the way, isn't actually being approved on an individualized basis by a court. The FISA court has simply approved this general programmatic approach to surveillance but there's no supervision of individual pieces of surveillance along the way. I want to step
15:04
back for a second and talk about what a major paradigm shift this is. As my colleague Ben mentioned at the beginning, this is about collecting it all. We haven't previously lived in a world where every single thing we say and do is capable of being recorded but that's now the world we live in and that's exactly what's happening when it comes
15:23
to telephony metadata. The government's argument is that it essentially doesn't implicate a privacy interest for the government to merely collect the data. That only happens when you look at it. But I think having a record of essentially everyone you call can have a real chilling effect on who people are willing to communicate with. The standard
15:43
under which the government says ‑‑ what is the government's legal argument here? The government is relying on a section called 215 of the Patriot Act which says it is authorized to collect information that is relevant to certain types of investigations generally foreign intelligence or terrorism investigations and on that relevant definition
16:04
the government has argued that every single phone call all Americans make are under that definition relevant. Now, that's a pretty broad and sweeping definition of relevance, one we haven't really seen before. And I think it also poses an interesting conundrum too that I think is coming up a lot in the ‑‑ in the era of big data. Does
16:22
the fact as the government ‑‑ if it is true that to understand the meaning of one piece of data you need to have the entire universe, does that make the entire universe of data relevant? Now, you won't be surprised to hear that the ACLU objects to this program. We think it raises real privacy problems. And one of the first orders that was disclosed
16:40
about the court giving the government access to this information dealt with Verizon Business Network Services which is pretty startling to us because do you know who provides the ACLU's telephone communication? Verizon Network Business Services. And we sat in our office and we thought ‑‑ talked about all of the people who call us, right? All of the whistle blowers who call us, maybe seeking legal help or protection. Everyone who calls
17:04
our offices for help with reproductive freedom services, right? Or reporting any number of abuses. And you can see some real problems with the idea that all of this information is being monitored and logged by the government. And because we think that poses a real threat to the longstanding right of Americans to be able to associate with one another and also
17:23
our Fourth Amendment freedom to be free from unreasonable searches and seizures, we filed a lawsuit in federal court very quickly after the program was revealed and we've asked the court to enjoin the government from engaging in this mass collection program and also to delete all of the data from the ACLU in this because we know that it's sitting
17:43
in a database every phone call we've made for the last five years. The court has scheduled a briefing schedule for the ‑‑ going through the fall. There's an argument in November and so hopefully by the time we're all back here next year, we'll be able to report a little more. I don't know if any of you had the privilege
18:07
to hear Chris Segoian this morning in the Penn and Teller room. I made the mistake of getting there at 5 to 12 and you all had the seats already. So next up, Chris
18:21
Segoian. Hi, everyone. So I'm the principal technologist with our speech privacy technology team. I joined last fall. For those of you who caught my talk earlier, the FBI is now in the hacking business. If you didn't catch the talk, hopefully the video will be available at some point. I want to talk ‑‑ for the
18:42
few minutes that I have, I want to talk about how the government spies. There are not enough FBI agents to follow every person. There are not enough NSA employees to read everyone's e‑mail or to go and directly acquire everyone's communications. The government
19:02
doesn't have the resources to directly monitor every American or let alone every foreigner. But they want to read the communications of every foreigner and they want to be able to collect information about every American. So they have this problem, particularly for dragnet style searches where you want to do a keyword search or you want to do social
19:22
network analysis, you need everyone's communications. What do you do when you don't have the manpower to collect everyone's communications? You deputize the telephone and Internet companies. In some cases with their willing assistance and in other cases against their
19:41
will that you force these companies to help out. Sometimes paying helps to get them to agree. We learned, for example, one of the documents that Ed Snowden released is a 2009 inspector general report from the NSA showing that about $100 million in voluntary assistance
20:01
payments were made to telecommunications companies to get them to participate in some of the domestic metadata programs. $100 million goes a long way when you're buying the goodwill of companies who are going out of their way to help the government with its mission. So I want to talk about the role these companies play. Every Internet company, every
20:24
telephone company has a team of people who do nothing but respond to surveillance requests. I'm not going to talk about how many requests they get because my colleague Nikki will be talking about that. But I want to emphasize that these companies provide assistance that enables surveillance that wouldn't be possible without their help. There
20:53
wouldn't be a program of monitoring the communications of foreigners talking to Americans if the NSA couldn't get the undersea cable operators to provide access to the
21:04
communications that are flowing through fiber optic cables. Those with a foreigner and one end with an American or those where both ends are foreigners and the communications are passing through the United States. The NSA program depends upon American communications
21:21
companies. What's been good is that as communications have shifted in the last few years from telephone companies to Internet companies, we're starting to see companies that aren't as happy about being deputized. We're starting to see companies that are deploying crypto, whether it is HTTPS to protect data over the wire or in some cases end to end crypto.
21:45
And really what this is doing is making dragnet surveillance difficult. I don't think that we're ever going to be able to put the government out of the surveillance business. I would personally like to, but I don't think we're ever going to get there. But I do think we can make dragnet surveillance impossible. We just have to raise the
22:04
cost. We have to make it difficult enough to target one person that they simply don't have the resources to collect everyone's communications. Crypto can help us get there. Moving from companies that say yes to dragnet requests to companies that only say yes to
22:22
targeted requests can help too. But I really think we need to be thinking not about making it impossible for the government, but making it expensive. You know, Chris Rock has this joke in which he says that he believes that guns should be legal and bullets should be a million dollars apiece. And I think surveillance should be expensive too.
22:44
And the problem right now is that the cost of surveillance is that it's just too damn low. Thank you very much. I'm Nicole Ozer. I'm the technology and civil liberties policy director for the ACLU
23:04
of California. So very nice to be back with many of you today. I just wanted to take a sort of bigger picture for a moment to understand just how Edward Snowden's impact has rippled out much farther than NSA spying. Much farther than the docs that he
23:21
released or the revelations. And just to give everyone a sense of just how important these revelations have been to getting out the truth about what's really happening and ongoing efforts by the ACLU and other organizations to really reestablish some desperately needed and long overdue balance between government surveillance and all of our
23:43
personal privacy. So Edward Snowden's actions in addition to really giving us a sense of what the NSA has been doing has finally given us all our real first information on just how often as Chris was talking about that the government from the lowest levels of police on
24:02
the street to all the way up to the highest echelons of the NSA, how often the government is really taking advantage of anachronistic Supreme Court decisions from the 1970s, outdated privacy laws that haven't been updated since the 1980s from before the web
24:21
even existed, from when our cell phones were the size of bricks and no one could even imagine that people would actually store email for longer than six months. And they've been taking advantage of these outdated laws and things that really haven't been properly reconsidered for decades to engage in what we have known for a long time to be a
24:45
largely unsupervised shopping spree in the treasure trove of data that online companies are collecting every day about who each of us are, where we go on a daily basis, who we know what our concerns are, our habits, our hobbies, and are keeping that for extremely long
25:07
periods of time. The ACLU first really started to sound the alarm about this sort of surveillance industrial complex that had been growing and growing largely in the dark way back a decade ago in 2003. We knew for a long time that this was happening, that the
25:27
government was really reaching into these treasure troves and largely getting at this data without a warrant, without a judge's permission, but we never had the facts. The government doesn't need to tell the American people how often they're demanding
25:44
electronic communications that are being held by these companies, unlike the fact that they have to report how many wire taps they issue. They're not required by law to do that, so they weren't doing it, no surprise. And the companies weren't very interested in
26:00
telling us either how many times the government was knocking on their door and asking for really personal data about people. They didn't really want to give us pause and wonder and worry, are we really having sort of a three‑way conversation every time we e‑mail a friend or pick up the phone. So we knew it was happening, but the facts just weren't there. The
26:21
companies largely didn't want to come forward and the government didn't want to give us this information voluntarily. But post‑prism, a lot of what we had known for a long time was finally confirmed. The companies, in an attempt to actually defend themselves against being said that they had given a back door to the government and to actually try and
26:45
assuage the fears of the public, many of them for the first time released transparency reports that gave some contours of just how many demands were coming from local law enforcement all the way up the pike. We had had some companies like Google and
27:02
Twitter come forward with these reports before, but post‑prism was the first time that folks like Yahoo and Apple and Facebook actually came out with this information as well. And it really confirms what we had long known, that tens of thousands of requests are coming into these companies, you know, just in a six‑month basis that's
27:26
affecting 80, 90, 100,000 different accounts. And if you think about all the information that Google might have in a particular account, it could be tons and tons of emails or photos, sort of the whole range of data. So we know from some of the
27:42
reports, Google and Twitter are actually doing a breakdown of how many of these demands are actually coming with a warrant and how many of these demands are really just coming with a subpoena, which a judge often has never seen. And as we expected, subpoenas are sort of much ‑‑ take the bulk of these things. You know, Twitter
28:04
recently reported just a couple of days ago that 56% of the demands for the government are subpoenas. Only 23% are warrants with probable cause. And Google has gotten over 5,000 demands that are subpoena demands just in the past six months that accounts
28:23
for over 10,000‑plus accounts of people. So we're finally starting to see a glimpse into how often the government is demanding this information, which finally gives us some of the facts to talk to Congress about how important it truly is to update these
28:40
laws and make sure that they do keep pace with the technology that we're all living in, the fact that we are living our lives online and the government shouldn't be able to reach in and spy on that personal information without having a very good reason and going to a judge and explaining it. Thank you.
29:05
So we have one more speaker. We have 15 minutes. We probably will have time for a couple of questions. So maybe while my colleague Cade Crockford is speaking, if some of you want to gather at the microphones, we'll try to take a bunch of questions at once and
29:21
use our last ten minutes or so to answer those questions. So go ahead, Cade. Hey, everybody. My name is Cade Crockford. I work for the ACLU of Massachusetts where I direct something called the Technology for Liberty Project. And I just want to say to sort of frame what my colleagues have talked about and what I'm going to say that over the past 12 years since 9-11, we've really seen a dramatic shift in the relationship
29:41
between the governed and the government. And that is marked by two really problematic features. One of them is that now we're basically guilty until proven innocent as these bulk records collections programs demonstrate. And the second is that, you know, the way that a democracy should work is that the government is transparent and people have
30:00
privacy from the government. Unfortunately, that situation has been radically flipped. So now the government is incredibly secretive, as we know, about its surveillance policies as well as even about the law in some cases. And the government can, if it wants to, know nearly everything about us, even if it doesn't have articulable suspicion, probable cause, show evidence to a judge, all of the sort of, you know, traditional
30:25
American norms of justice. So having framed the conversation in that way, I just want to talk very briefly about how some little brothers have sprung up over the past 12 years. So we've heard a lot about Big Brother and some of the corporate surveillance or
30:41
the facilitation of surveillance by corporations. But also, you know, the Department of Homeland Security and the Department of Justice have over the past 12 years given billions and billions and billions of dollars to state and local law enforcement to build up a really robust surveillance and sort of militarized police infrastructure at the state and local level. And they've done this by funding, you know, the procurement of things like
31:06
electronic fingerprint readers at state and local police departments nationwide, face recognition technologies, as well as something called automatic license plate readers. Can I just get a show of hand of how many people in this room know what those are? Great. Y'all are awesome. All right. Yeah. So we just put out a huge report on this,
31:23
actually. You can see it at ACLU.org. Basically what we found is that the state and local police departments as well as private corporations are operating under the same methodology that the NSA is. They want everything. They want to collect it all. They want records of where everyone has driven, you know, going back, depending on the police department,
31:41
either months or years even in some cases. We found that the regulations are all over the map. There are only five states that have laws in the books about this kind of technology. So in every other state it's really up to local police departments to decide how long they want to keep records of where everyone has driven. And right now, as I'm sure you know, these cameras are not as ubiquitous as surveillance cameras, as CCTV,
32:06
but they will become that ubiquitous. In fact, I'm sure that within the next 20 years these cameras will be on every single police cruiser. They'll be at every single intersection in urban areas. So really it's going to be a situation where the government is going to be able to warrantlessly track our driving habits retroactively for, you know, however
32:22
long they keep this information. So I also just want to tell you very quickly about, so okay, on the license plate reader tip, private companies, there are these private companies, one of which is called Vigilant Solutions. Vigilant Solutions maintains a database called the National Vehicle Location Service. That database has at this point over one
32:43
billion discrete license plate reads, probably actually much more than that. Those are slightly dated figures that I'm working off of. And that information is accessible not only to state and local law enforcement as well as the FBI, immigration, customs enforcement, likely the U.S. military, but also to other private companies, insurance companies, repo
33:02
men, tow truck drivers. So, you know, the corollary between the NSA's surveillance and collusion with companies like Google and state and local cops colluding with private companies like Vigilant Solutions is really a very serious problem that, again, as my
33:21
colleagues have said, in the vast majority of cases, state legislatures have not really stepped up to the plate to deal with. So that's some of the work that we're trying to do in the states is to pass discrete legislation that would, for example, ban the police from retaining this data for a long time. You know, the ACLU, Chris maybe is the
33:41
one exception to this, but the ACLU as an organization does not oppose law enforcement surveillance if they go to a judge and get a probable cause warrant, right? I mean, there are murderers in the world. There are rapists. People do bad things. If there's evidence to show that somebody's involved in a criminal activity, then, you know, the judge should give cops a warrant to invade that person's privacy. You know, I personally
34:02
don't like it either, but I think it's a reasonable balance to strike between privacy and security. But we're seeing a really ‑‑ what we have now is that that probable cause warrant practice barely exists anymore. The DOJ has said to Congress that it doesn't think it needs a warrant to read our emails. The DOJ has also said to Congress and to
34:24
courts that we have no privacy interest in information showing where we go 24 hours a day that is communicated through cell site information, through our cell phones. And I just want to give you really quickly a very brief example of how not only the collect it all sort of theme has trickled down to the state and local level, but also the
34:44
state secrecy itself has really trickled down in a very dangerous way. And that is a case that we had a couple years ago during Occupy Boston. Somebody decided to pick a fight with the cops and put together a pace bin with information about Boston Police Department officers that was all publicly available. This person didn't do anything illegal, but
35:03
just put it all together in one sort of database and put it on pace bin. Well, the DA in Suffolk County where I come from did not like that whatsoever. So they went after this person. They sent what's called an administrative subpoena to Twitter. This is not a warrant. No judge ever sees this piece of paper. Subpoenas are just pieces
35:21
of paper that prosecutors fill out and give to companies like Google, Microsoft, Twitter, Facebook. So Twitter is one of very, very few companies that actually stands up for its users on a routine basis when they get these subpoenas. And they do that by informing the person who's targeted that a subpoena has been filed, that prosecutors are seeking information about them. So what happened was this person came to us at the ACLU of
35:43
Massachusetts and said, you know, the DA in Suffolk County wants my information and I'd like to remain anonymous. So we took the case. It was incredible what happened after that. You know, this is a very low level issue. This is not some like, you know, al-Qaeda national security issue. But we had a, you know, pipsqueak, I'm just going to say that,
36:02
we had this like pipsqueak assistant DA, right, in Suffolk County telling a judge, you know, holding ex parte hearings which essentially means that the government is giving information to the judge in secret that not even our attorneys could see, right? So secret proceedings and to this day, two years later, those records are secret. They
36:21
were sealed. The prosecutor asked that these records be sealed. So I mean, it's just incredible abuse of power is going on at all levels of government. And I think that's it. People probably have a lot of questions. I would just say, please support the ACLU if you care about these issues because we're really working in every state. We work on a range of issues, as my colleague said, from choice to privacy and everything in between.
36:42
So thank you for coming. I appreciate it. So I see six people standing. We have nine minutes. Maybe seven. The only way we're going to make this work is if people speak for 30 seconds and ask a question. If you have
37:05
statements for us, we'll be at the table this afternoon. You will not believe my ability to violate your right to free speech if you go beyond 30 seconds. I'm really good at it. So let's start here. But really we don't want to hear your story. Is the mic on? I'm Mike from Atlanta. I was going to ask you about the judicial system.
37:24
I'm under federal investigation for data security practices. Go to the devil inside the bellway.com. You'll see my book coming out. It is amazing. And the judicial system I find incredibly, incredibly behind. And judges don't a deal. So how do you deal with
37:42
the judges that don't a deal in the judicial system that is so far behind and just looking the other way? Okay. Let's hear the next one. We're going to take them all and then we're going to answer. Go ahead. My name is Dana Morrow. I'm from San Antonio, Texas. These issues come up. I'm concerned. So I write my congressman and my representative like I'm supposed to or I'm told to do.
38:02
I make phone calls. I leave messages. All I get is the ‑‑ excuse me? Okay. The question is ‑‑ what can I do? How can I get a better response than thank you for being a concerned citizen? We'll get back to you. I don't ever get a response.
38:20
Citizen empowerment. Next. Quickly. So what about me? I'm not American. I'm a foreigner. Obviously I use American services all the time. Am I suspicious just because I'm a foreigner? That's my question. Go ahead. We're going to go over here.
38:41
Any thoughts or remarks on Senator Wyden's recent speech and his frequent allusions to a potential or hypothetical geolocation tracking program? Okay. Hints of geolocation tracking by the NSA. Quickly. Next. 2006, 2007, I assisted most of the telecommunications companies in the country installing Cisco
39:03
TapMibs and NARIS probes as part of the communications act for law enforcement also known as CALEA. That was all done on their dime. And I believe one of the speakers mentioned that they were being subsidized. So I'm curious to know how we know that that's being subsidized by the federal government as opposed to being picked up by the carriers. Come talk to us at our table, please. Yeah. Go ahead.
39:25
How can people get access to this stuff through ‑‑ for civil matters, civil lawsuits? Okay. And again, most of these answers are going to be provided at our makeshift A part of the Q&A at our table in the vendor area. But go ahead.
39:43
I didn't hear anything on LexisNexis or fusion centers. Yeah. Come talk to me at ‑‑ yeah. Well, okay. So fellow panelists, there are a range of things that you can weigh in on. I hope someone at least will say something about the feeling of helplessness that citizens have who write to their legislators.
40:02
It seems to me that we are in a pretty unique moment where we are being heard. But go ahead. So I will respond to two of the things. If Wyden could ‑‑ so Senator Wyden has been warning about the NSA's abuse of its surveillance powers for several years and most recently he's been specifically highlighting
40:20
the issue of location. He gave a speech last week in which he said the word location five times. If he could signal any more clearly, I don't know what it would look like. Right now he's basically standing on a stool waving his hands jumping up and down. So I think there's something location related that he's trying to tell us about. And I hope we will find out what that is. To Miko's question about foreigners, it's not that
40:42
you're suspicious. It's just that you're fair game. Foreigners don't vote in Kansas. And so U.S. law doesn't protect the communications of non‑Americans. That's really unfortunate. I think if we ‑‑ if we were going to see change there, it's not going to be because individuals are writing to their members. It's going to be because companies
41:02
are complaining they're losing out on contracts in Europe and Asia. If the cloud computing companies want to salvage their foreign business, we're going to need to see a big change in the law or they're going to need to start using end to end crypto where you don't care about government access to data.
41:21
Alex? So just quickly on what you can do, a week and a half or two weeks ago there was an incredibly important vote in the house about whether the government was going to rein in the NSA's bulk collection of our phone records. And surprisingly, unsurprisingly the vote lost, but surprisingly it was very close, 217 to 205 votes. And a big
41:41
part of the reason why the vote was so close is because literally thousands of people called their representatives and urged them to vote in support of the bill that would have reined in the NSA. That support matters more than you know, more than I knew up until a few weeks ago. If you have any questions about it, you should really talk to Kevin Bankston at the Center for Democracy and Technology who has been doing some incredible
42:00
work on this and can speak to how effective it is for you to call your representatives. And I'd just like to say for those of us who are in California, we know how difficult Feinstein has been on these issues. She's been a huge supporter of the NSA and it's just been intractable for years and years. A couple of days ago, Feinstein actually said,
42:20
hmm, maybe there need to be some changes. So, you know, and we also saw President Obama meeting with top legislators just a couple days ago saying that he's open to suggestions. So, you know, we have finally sort of started to turn the tide in Washington, D.C. based on the fact that members of the public have picked up the phone, have responded to
42:42
those emails from the ACLU and have started to meet actually with their members of Congress. So it is making a huge difference. We've talked a lot about sort of how we got to this point and the problems that we're seeing. But we're at a really crucial point to turn the tide on these issues. And I really hope that anyone in the audience who has not
43:01
picked up the phone and called their members of Congress or stopped by our booth and filled out the action alert, please do it because we can change this. We really can. This is a predictable and self‑serving note to end on. But it matters a lot for you to become members of the ACLU. And I mean it. I mean it. You know, we have between
43:21
six and 700,000 ACLU members nationwide. The NRA has over 4 million members. If all of you who had an affinity for the ACLU were members of the ACLU, we would have a lot more voice, a much louder voice in Washington. I'm not saying that to denigrate the NRA.
43:40
For those of you who are supporters, they're a very effective organization in support of what they do. We can be even more ‑‑ Help us be that effective. No, seriously, it matters a lot to have a large civil society counterweight to the kinds of developments that we've been talking about today. So please come by, get our special edition DEF CON Fourth Amendment t‑shirt,
44:01
join the ACLU, continue the conversation. Thank you so much for joining us today. Thank you so much.