It turns out it’s shockingly easy for the FBI or the Department of Homeland Security to get into your phone or your email account, even if you’ve committed no crime and done nothing wrong. I’m sharing two stories that are cautionary tales for all of us. Please watch and share.
Video by: Lawyer Oyer on Youtube
Doesn’t this flow from NSA to FBI and DHS? Or do even these organizations have their own capabilities?
Quick synopsis on the how: they served Google an administrative subpoena (not needing court oversight) for account contents in one case, and in another, they served a court subpoena compelling the person to unlock their device with biometrics.
No, NSA is for foreign intelligence collection. Data it collects is explicitly forbidden to be used for domestic criminal prosecutions of American citizens.
The FBI and other law enforcement have to use their own legal means to get the data for it to be admissible in court. Only time FBI and NSA share data is for counter intelligence and counter foreign terrorism where the targets are not Americans.
Thanks for clarifying. Makes sense.
But didn’t Snowden reveal this to not be true? I find it hard to believe these agencies are not doing what they are not supposed to do. I mean, who’d know for sure.
Snowden leaked the NSA’s collection activities that were aimed at foreign targets but scooped up a lot of American data in the process.
Nothing in the data he leaked, to my knowledge, had anything to do with intelligence agencies illegally sharing information with law enforcement that was then used against Americans in criminal prosecutions.
I know this won’t be popular but I don’t see Snowden as some principled whistle blower. I see him as traitor who belongs in prison. Yes some of the collection activities he leaked showed improper collection activities (by not having any safeguard for protecting American citizen data). But there are plenty of legitimate ways to address that which don’t involve running away to Moscow with hard drives full of state secrets.
And 99% of what he leaked had nothing to do with improper collection. He betrayed a lot of sensitive activities against actual terrorists and hostile governments who were then alerted to their vulnerabilities.
I see.
Thanks for clarifying. But weren’t you in favor of the 4th amendment?
Isn’t this also oxymoronic in that you’re expecting the authority to follow all rules by the book when no one outside can ensure they actually are.
But when agencies are hunting you to silence you and not to provide you with whistleblower protections (because I’m sure most people in these agencies believe the people who work there and the info they handle do not deserve such protections given the nature and the line of work), what other legitimate ways could have been explored where he would not have been made to “disappear”?
If I remember correctly, you work in one of these “agencies” so you’d know more but I’m not as clear on your stances here as I thought I was.
Also, pretty sure he was on his way to Latin America but got stuck in Moscow on his way from Hong Kong cause his passport was invalidated by the US. But I’m guessing you’re using this as an example more than anything.
Of course I believe in the 4th Amendment. Insinuating I don’t is unhelpful to this conversation and to be honest, a bit insulting.
The intelligence community dos not just police itself and faces extensive oversight. There are many ways to report wrong doing without dumping hundreds of gigs of classified data on the internet. Everything from simply noting the concern to superiors, filing IG complaints, or even going direct to your member of Congress.
I have seen these internal processes work, they’re real and effective. Not always fast but they do eventually address issues.
No one was hunting Snowden until after he stole hard drives and got on a plane to freakin China. He didn’t even attempt to report his concerns to his superiors, internal compliance, IG channels, or even Congress.
He just decided on his own to steal classified info and flee to America’s most dangerous adversaries with it.
Now there was a legitimate concern with some of the NSA collection activities. Specifically bulk collection that included American citizen data. This happened not because the NSA was even trying to collect that but as a side effect.
If you need the Gmail data of a foreign target and you realize Google is using unencrypted HTTP to transfer data between data centers, then if you siphon that data you’ll find your target’s emails. Bonus, you’ll get all your other targets emails too.
The improper part comes in that you’ll also get millions of Americans data and at the time, no process to safe guard it from unauthorized access. This was a real problem addressed with new rules/regulations/processes.
This being leaked alerted many really bad people that the NSA was reading their email. So they changed TTP and went dark. Worse, most of what Snowden leaked had nothing to do with collecting American data.
Most of what he exposed was on going collection programs for terrorists and foreign governments. Remember Markel’s cell phone? Leaking that had nothing to do with the 4th Amendment.
Finally, I am not an intelligence professional. But I am a customer of intelligence production. I got a front row seat to many valuable sources of intel vanishing overnight because of his leaks. Again, I’m talking about intel collection on really bad folks and adversary militaries. Losing that access put Americans in danger and likely directly cost lives in Iraq and Afghanistan as terror groups changed communication methods post-leaks.
First of all, you may choose to read it as you want but it was a honest question and I didn’t mean for you to infer anything more from what I said. Geez. I’m not a dick.
This is the only thing I was referring to and wanted to bring up originally.
Did not know this. TIL.
–
Thank you again for clarifying. I understand better now.
I apologize for misreading your 4th Amendment comment as something it wasn’t. I should have given you the benefit of the doubt and failed to so.
I also appreciate your patience with my soap box usage. I’ll do better in the future to stick to the facts and not editorialize so much on this issue.
No worries. More details and context is always useful even if not always warranted.
Yeah, this post is just full of blatant inaccuracies and pro-surveillance state propaganda. By your logic, if these internal processes “work”, that would mean the US government would no longer be doing anything unethical or illegal, and we know that they continue to do a multitude of things that are both unethical and illegal. People get fired all the time (or worse) for trying to use these “internal processes” that “work”.
Yeah, actually the point of most of the documents he released was to show exactly that the NSA was in fact trying to surveil Americans.
I encourage anyone reading this to do a simple search and you will find hundreds of sources that explain exactly what happened, which I can assure you is nothing at all like what @Quantum is claiming.
A bit clickbait description, but interesting case. Especially I learned that a warrant can force you to unlock a biometric-locked device. The lawyer says that’s why you should use a PIN. Or you know, use Graphene OS so both are needed.
I think the biometrics case show how important a good OPSEC is. The journalist might not have done a proper one. Also, I don’t know why the journalist wrote a story that she had received messages from hundreds of federal employees. Of course, it doesn’t mean she should have been searched, but saying outloud that you have hundreds of sources at the government, while the government is going after those ‘leakers’ at a unprecedented scale is unwise.
GOS requires the use of biometrics?
As a frequent traveler and with what happened to the WaPo journalist, I’m leaning towards never using biometrics since I might forget to turn it off and then get stuck in a situation at the border.
GOS has a feature where you can use both fingerprint + PIN.
Would it be advisable to use only a PIN with GOS?
It is generally recommended to use the Two-factor fingerprint unlock feature since it could prevent things like shoulder surfing.
Scrambled PIN keypad also works against shoulder surfing if the would be perpetrator is only memorizing the pattern of your PIN on the keypad as this way is easier to memorize I feel.
But of course, threat model it out. And use what you need to.
Good idea. I’m trying to balance privacy/security with convenience. When it becomes burdensome, it becomes hard to become a habit. The suggestion from GOS to use a string passphrase will make unlocking very annoying as I set the time to 30 seconds. A numeric PIN and biometric as you suggested sounds like a good idea now.