You can find his bi-weekly radio show on international affairs, Takes on the World, archived on the website of radio4all.net. That's radio, numerical 4, all, dot net. You can download this program for free from TUC Radio's website, tucradio.org. There you can also subscribe to weekly radio podcasts. And it's two minutes after seven o'clock, two minutes late, for Off the Hook here on WBAI New York. And because we're so late, we're going to start early. Talk over the theme a bit. This is Emmanuel, joined tonight by Mike. Hi, I wasn't ready. Rob T. Firefly. Good evening. Alex. Good evening. Kyle. Hi, what's up? And Bernie S. Greetings from Pennsylvania. Well, we are not going to be talking about the NSA tonight. I'm just kidding. Come on. How could we not talk about the NSA? It's in all the papers. It's everywhere. They're just every week. They dig themselves in even deeper. And this week, the National Security Agency's searches of a database containing the phone records of nearly all Americans violated privacy protections for three years by failing to meet a court-ordered standard. That's according to court documents that were released yesterday. The documents show the violations continued until a judge ordered an overhaul of the program in 2009. And since the breadth of the phone records collection came to light through leaks by our friend, former NSA contractor Edward Snowden, U.S. officials have said that for all queries of the database, the NSA must show a reasonable, articulable suspicion that the phone number being targeted is associated with a terrorist organization. Now, between 2006 and 2009, of the 17,835 phone numbers checked against phone records, only 1,935 were based on that reasonable suspicion standard. That's really a very tiny minority. In a March 2009 order that was declassified on Tuesday, Judge Reggie Walton of the Foreign Intelligence Surveillance Court, that's that secret court we all know and love so much, said the government had so frequently and systematically violated the procedures it had said it was following that a critical element of the program never functioned effectively. The judge criticized what he described as repeated inaccurate statements made in the government's submissions. And while the government previously acknowledged errors in handling phone and Internet data collected by the NSA, Tuesday's revelations show the extent to which the errors permeated the phone data collection in particular and led to the previously undisclosed denunciation by the judge. They call into question the NSA's ability to follow the rules governing the sweeping domestic surveillance programs it introduced more than 10 years ago in the wake of the 2001 terrorist attacks exactly 12 years ago today. Officials said the violations were inadvertent because NSA officials didn't understand their own phone records collection program. In a 2009 declaration to the judge, NSA Director Keith Alexander said that from a technical standpoint, there was no single person who had a complete technical understanding of the record system architecture. Yeah. The ACLU's Alex Abdo said the documents offer further evidence that secret and one-sided judicial review is not an adequate check on the NSA's surveillance practices. The so-called compliance incidents are troubling, but this is a program that should never have been authorized to begin with. And James Clapper, Director of National Intelligence, said the NSA's discovery of the problems with the phone records program and its reporting to the court show that oversight of the NSA surveillance programs works as designed. The documents released Tuesday are a testament, he says, to the government's strong commitment to detecting, correcting, and reporting mistakes. He blamed errors on the complexity of the technology. However, James Clapper is a liar, so we can't really believe anything he says, right? He's a documented liar. He's proven to be a liar, right? Yes. Okay, Bernie, you'll back me up on this. Absolutely. He can put it on his business cards. He lied to Congress, which is a felony. He got away with it. And also wiretapping is a felony. Illegal wiretapping, it carries under Section 2511 of the United States Criminal Code. Illegal wiretapping is a felony with a sentence of several years in prison. This was done, like, what, 15,000 times by the NSA that we know of now? Why isn't anybody going to jail? I think, Bernie, you know the answer to that question, and it's because they're in power. We see that these crimes, which were committed by the NSA, by people who really ought to know better, like, they have all the education, they have all the lawyers, they have all the advantages, and they break the law 15,000 times anyway, and there are no consequences for them, whereas Chelsea Manning, formerly known, of course, as Bradley Manning, broke the law, like, once or twice and is in prison for a sentence of decades. And the reason for this is, of course, not the relative magnitude or severity of the crimes. The reason is who is harmed by the crimes. In the case of the NSA, it's the American people and the people of the world who are harmed. In the Manning case, it's powerful people who are harmed, and, I mean, the results are obvious. You know, and to go back to this disconnect between Alex Abdo of the ACLU and James Clapper, you know, I tend to agree with Clapper to an extent here, and I think that this takes away from the notion that we should consider the Foreign Intelligence Surveillance Court a complete rubber stamp, because here we see some absolutely meaningful review of these government surveillance programs, yet on the other hand, they're the ones that authorized the program to begin with. So this raises a very, very interesting question. What were the government's submissions at the time when they put in their first order, their first request for this information? Because something had to convince the court. Are they lying to the courts as well? What are these submissions? Let's take a look at them. And the second point here is 18,000 people being monitored, about 18,000 people, really stretches the limits of this concept of relevance, and something is supposed to be relevant to a terrorism investigation. So how could 18,000 people and their data, their metadata, whatever you want to call it, be relevant to a terrorism investigation? It's one thing to say one phone number or several phone numbers are relevant to an investigation, but it's a completely different concept of relevance to claim that 18,000 could be or could at one time in the future be relevant to an investigation. Relevance should be the here and now. It shouldn't be the hypothetical future. Well, let's just be clear on something. 18,000 people, that's not the total amount of people the NSA has their eye on. Oh, absolutely, yeah. That's a fraction. Right. What gets me most about this whole thing is the NSA, they have basically built this system. They put the tech together. They built the workflows around it. They've set up their own systems for using it. They basically, they've time and again demonstrated their talent for getting the rules built in their favor, and still they messed up. They have a stack of blank checks, and they still got caught forging one. By a secret court. By a secret court. That takes skill. It really does. I do want to disagree, Alex, with something you said. I think you're almost missing the forest here for the trees. Sure, it would be interesting to read the NSA's submissions to the secret court and see exactly how they pulled this particular duplicity off. But the system is designed to enable this sort of duplicity. And knowing exactly how it happened in one instance is sort of interesting. Sure, why not? But what we really need to do is dismantle the system in one way or another, and prevent this sort of thing from happening again in a much broader scope. Well, we might have the first steps in that. Probably not, but let's be optimistic for a change. After various disclosures, I'm not sure which ones in particular. There have been so many. But basically the NSA's stealth campaign to counter Internet privacy protections. Let's say it's that one. A congressman has proposed legislation that would prohibit the agency from installing, well, back doors into encryption. Electronic scrambling that protects email, online transactions, other communications. Representative Rush Holt, a New Jersey Democrat, who also happens to be a physicist, that makes him a very dangerous man, said on Friday he believed the NSA was overreaching and could hurt American interest, including the reputations of American companies whose products the agency may have altered or influenced. We pay them to spy, Mr. Holt said, but if in the process, they degrade the security of the encryption we all use, it's a net national disservice. Now, Mr. Holt, whose Surveillance State Repeal Act would eliminate much of the escalation in the government's spying powers undertaken after 9-11, was responding to news reports about NSA documents showing that the agency has spent billions of dollars over the last decade in an effort to defeat or bypass encryption. Those reports, by the way, were published last Thursday and came from Edward Snowden's leaks. The agency has encouraged or coerced companies to install backdoors in encryption software and hardware, worked to weaken international standards for encryption, and employed custom-built supercomputers to break codes or find mathematical vulnerabilities to exploit. That's going to those documents. They also show that NSA cryptographers have made major progress in breaking the encryption and common use for everyday transactions on the web, like Secure Sockets Layer, or SSL. We've talked about this many times. As well as virtual private networks and many businesses use for confidential communications among employees. Now, a statement from the Director of National Intelligence, James Clapper, criticized the reports saying that it was not news that the NSA works to break encryption and that the articles would damage American intelligence collection. However, Mr. Clapper is a liar, so we can't really believe anything that he says, right? So, I mean, in this case, I almost agree with Clapper. That's two of you agreeing with Clapper in one show. Yeah, I mean, it is not, in fact, news that the NSA tries to break encryption. It is sort of news that they have done so to a great extent. What is unfortunately missing from the news, and this makes me very sad, is what exactly they have broken. I want to know so I can stop using it. What I don't want to do, what we mustn't do, is just sort of give up and stop using crypto at all because then the NSA will be able to read everything. So I would really like to know what they have broken and how the entities involved in creating that stuff are going to fix it. So I think this is a really interesting proposition by Mr. Holt here. I don't think it would necessarily fix the problem that Mike has identified, and I agree to an extent that it's broken just because it's an ex parte system here through FISA, and this system is not necessarily going to fix it. This legislation won't necessarily address that, but what it does address, and what I think is very, very interesting, are the commercial consequences of encryption or breaking the encryption that the NSA is doing here because people here are starting to point the finger now at these U.S. companies for permitting backdoors, for weakening encryption algorithms, and one of the main suspects is Microsoft, and I think in the information security community, I think Microsoft has lost a lot of credibility within the last week because of these revelations, and I think the same holds true for Intel. Intel supposedly, and Bernie may know more about this, was going to integrate some kind of random number generator into its forthcoming chip sets, and I think that people are going to be a hell of a lot less likely to trust that technology now that we know that the NSA has been social engineering backdoors into their security. So my fear here, though, is that in two years, when the majority of these people in Congress who allowed these programs to exist and to persist are up for re-election, this is going to be old hat, it's going to be old news, and we're going to just re-elect them. Now, I think Mr. Holt brings us up at an interesting time, and I think we need to keep it at the forefront of the debate because we can't get away from the fact here that all foreign policy is always dictated by domestic politics, and if our domestic politics don't demand change, then we're just stuck with the status quo, but if these major corporations, who in a very large part drive the economy, if they're hitting the pocketbook, well, then campaign contributions may cease to these particular politicians, and then those economics, that might actually drive political change, and I think that's what Mr. Holt is rightly recognizing here, that this is affecting U.S. businesses, so I applaud him, I think it's wonderful, I'd like to see it go a little further, I think we should really watch it, and we should give him our support. Well, I mean, it's interesting that it's the business argument that's being made and not so much the individual privacy argument, which I wish there was more emphasis placed on that. Absolutely, yeah, and it's just, it's not something that people really mobilize about, it's hard to talk about this stuff, it's hard to get people involved in it, it's something we always go back to, it's hard to point your finger on what it is about this surveillance and breaking encryption and this erosion of trust on a pervasive level that is necessarily going to affect us. It's very, very difficult. All right, so what have we learned in the last week? I've basically been seeing news stories almost every day now about something new that NSA has cracked, and it seems like everything, it seems like they've gotten their hands on everything at one point or another, and as Mike said, there is a temptation to just give up, which I'm sure many in the mainstream will do, and that's kind of the desired effect that I think many in control want, but what is it that's been revealed? Maybe we can address it case by case. I know, well, text messages have always been unencrypted to start with, but I'm hearing things, things that were supposed to be encrypted, NSA just has access to. So we've seen two stories this week on this sort of topic. One is that the NSA can decrypt certain encrypted communications, and the other story is that the NSA can get data from some smartphones. Both of these stories are woefully short on details. As I said before, I don't know what products not to use. In the case of the smartphone story, it was revealed that the NSA can get data from three brands of smartphone, Apple, Android, and Blackberry, which is basically the entire market, and Microsoft was out of this story, but I bet they can get that data too. Kyle's making faces at me. Yeah, it was really suspiciously absent from some of the press on that is that Microsoft's phones weren't in it, but they're all on a bit of a marketing blitz with the Nokia deal and stuff too. So there's three ways I can think of that this could work. These are all remarkably different from each other, and I'm really disappointed in the press not giving us the clues we need to distinguish at least among these three options. One is that if the NSA has physical possession of your phone, they can get data out of it. That is totally not surprising. Local law enforcement can do that, so that wouldn't be news at all. Another possibility is that if they think you're up to something, they can target you specifically, get some malware onto your phone, and get the data out that way. That would be bad. I really wish they wouldn't do that, but again, not terribly surprising. The third possibility is that they have some sort of mass surveillance capability where they can go into the servers of Apple or Google or Blackberry and get everyone's data all at once and search that, and that would be terribly frightening, and I don't know which of these three possibilities is what's going on. Well, there's also a fourth possibility, and that's that they implanted backdoors in the developmental stages. Yes, in the actual chips, in the hardware chips, the NSA actually has been involved in the semiconductor manufacturing process for decades, making their own custom chips. They contract out to companies like IBM and other companies. Remember back when the Clipper chip thing was going on? The NSA was deeply involved with that, but I'm talking about covert modification of the architecture of the chips that are used in our smartphones and other communications devices. NSA certainly has the capability of doing that. Apparently, from reports I'm reading, they have spent a lot of money on human intelligence, that is, implanting spies in companies that would, you know, private companies that design this kind of stuff. Wait a minute. They actually implant human spies? Yes, human. If you've been reading the stories lately, if you read some of the budget figures, the NSA, they have been spending millions and millions of dollars on human intelligence. That means actually having agents, either moles inside these companies or bribing or coercing people who work in these companies to work with them. And I certainly wouldn't put it past them to be involved with having the architecture of these chips modified. I've seen this before. There was a company called Crypto AG. Maybe about 20 years ago, they manufactured encryption equipment that was used by embassies around the world. NSA compromised management at that company to install hardware backdoors inside the equipment. I would not be surprised at all if this is being done with our smartphones at this point. Bernie and Alex, I think this is a very, very interesting issue. I'm not sure if they actually have people on the inside feeding them for me. I'm not entirely sure. I would love to hear about where you read that. But I think that it really shouldn't come as a surprise to us here that the NSA, I mean, you've probably read Confessions of an Economic Hitman. There are very, very subtle ways to exert a tremendous amount of pressure, and a lot of it is economic pressure that a lot of these companies can be very susceptible to. And so it really shouldn't, I think, surprise us or surprise anyone, really, that the NSA is very, very adept at social engineering this type of information. I mean, they are one of our nation's premier intelligence agencies. They're charged with both encrypting and decrypting data, so they have this dual role. And part of their function is to make sure that they can decrypt foreign communication. So, in a sense, I'm not surprised that they're doing this. It's just the extent to which they're doing it, which, as Mike has pointed out, that the media hasn't exactly made clear is what's a little bit troubling to me. And they know. These reporters, like Glenn Greenwald and others who have received many, many documents from Ed Snowden, are really holding back on this information that the public needs to know about which specific encryption algorithms and products have been compromised that we are all using and need to know which are vulnerable. And one thing that the news has made abundantly clear is that we can't be surprised at anything the NSA does anymore because they make their own rules and then they break those rules that they've made for themselves. So, where does that leave anyone? Bernie, I'd just like to ask you about something you just mentioned, saying that reporters, specifically reporters like Glenn Greenwald, are holding back. What would be in it for them? Why would they do that? I believe they have gone over it with their publishers' lawyers and were advised that releasing this specific type of methods, sources and methods, could put those news outlets at legal risk. So, they're walking a fine line here, but I think they're being very cautious on the side of the line they're walking on by not just... Frankly, I think all these documents should just be dumped on the public. Just all of them. Just like Bradley Manning did. I just want to see all this stuff. Let the chips fall. I mean... Are there not links, though, to the documents once they're reported on? Or is that only some? They're highly redacted and we're only seeing a small fraction of the actual documents. So, Bernie, what's not clear to me is the extent to which the reporters who are reporting on the story are intentionally withholding information from us versus the information... The possibility that they just don't get these important technical distinctions. And I don't know which is the case or what combination is the case. To respond to Emmanuel's point, the documents that we've seen released are sort of very high-level overview documents. They're budgeting documents. The government has spent whatever many billions of dollars on whatever program to harass whomever. But they are not the deeply technical documents or even the sort of moderately technical documents that would enable us, the public, to make informed decisions about our security. But there's reportedly like 50,000 documents that Ed Snowden provided to journalists. Yeah, yeah, but we haven't... But the released documents, the publicly released documents, are only, of course, a very small sample of that. You know, if only Ed Snowden had sent it to us, this would not even be a question. They would be out there and we would be talking about all kinds of different things. It seems like, Mike, we might need Donald Rumsfeld in here to figure this out, right? I mean, are they known unknowns? Are they unknown unknowns? Is he still wandering around making statements like that? I'm sure he is, absolutely, somewhere. But I think the known knowns are... Two of the known knowns that we know about and haven't spoken about, though, are... So we... Or rather, I guess, three of the known knowns that we haven't touched upon are... You know, they could be cracking the math that encryption is based upon, although I highly doubt that they're able to do that. Maybe they are. I mean, they have pretty wonderful cryptographers and mathematicians over there. The other issue, too, is that there has been reports that they have deliberately tried to water down international standards for the use of encryption, which is somewhat troubling. And then the third possibility is that they have been actually infiltrating computer networks and then exfiltrating the encryption keys. And that's not necessarily surprising to me either, but these are the tactics, I think, that have been somewhat discussed in the media, although the specifics haven't been given. There's a sort of possibility two and a half in your list, which is that the government has... has, because it's in the documents, that they have convinced some of the implementers of some of these standards to water down the implementation. So even if the standard implemented by someone on our side is a good standard, there may be some of the random number generation methods or something has been leaked to the... has been not leaked, but given to the NSA so that they have an advantage. Your first possibility that they've made huge advances in the underlying math seems not to be what's going on. And there are a couple hints to this. Bruce Schneier, who's actually had a little bit of access to some of the documents that have not yet been made public, has said that that is not what's going on. And we also know from Snowden's statements earlier that he says, you know, properly implemented strong crypto still works. I hate that we have to read between the lines to make these conclusions, but I think if we read between the lines correctly, we can conclude that your first possibility is not the one. Okay, well, there's also panic in corporations, particularly tech corporations, that are seeing all trust in them evaporate, Google being one of the ones panicking the most. And what they're doing is they're racing to encrypt the massive amounts of information that flow among its data centers all around the world in a bid to thwart snooping by the NSA and the intelligence agencies of foreign governments as well. The move by Google, according to this Washington Post article, is among the most concrete signs yet that recent revelations about the NSA's sweeping surveillance efforts have provoked significant backlash within an American technology industry that U.S. government officials long courted as a potential partner in spying programs. Now, Google's encryption initiative, which was actually initially approved last year, was accelerated in June as the tech giant struggled to guard its reputation as a reliable steward of user information amid controversy about the NSA's PRISM program. And basically, PRISM obtains data from American technology companies, including Google, under various legal authorities. Now, encrypting information flowing among data centers will not make it impossible for intelligence agencies to snoop on individual users of Google's services, nor will it have any effect on legal requirements that the company comply with court orders or a valid national security request for data. But company officials and independent security experts said that increasingly widespread use of encryption technology makes mass surveillance more difficult, whether conducted by governments or other sophisticated hackers. So I'm not sure if it's a reaction to the threat of hackers, the threat of foreign governments, or the NSA specifically, but I do see Google kind of strongly trying to save its reputation because, well, a lot of people have canceled their Gmail accounts recently. Go ahead, Bernie. As I said before, I think it's almost inconceivable that Google and Microsoft and Yahoo and companies like that don't have NSA moles working at key parts of the company and who have access to key encryption keys and things like that. And back to what Mike said regarding Bruce Schneier's comments, Bruce Schneier, a renowned cryptographer who's been a Hope speaker before, has stated recently that from his review of these classified documents, he sees that the NSA is, quote, cheating, end quote. Cheating in meaning that they're not using the finest mathematical computational skills to crack encryption. They're basically just like stealing the keys, which is way easier, and that's what any good spying organization would do is take the easiest route. So it wouldn't surprise me if the NSA just gets these keys, whether they're handed to them by being required by these companies, being required to hand them over, or they're just getting them covertly by having moles in the companies. It wouldn't surprise me. Yeah, this speaks to, like, corruption and basically people trying to have a huge payday off of their access. And that is, I think, something that William Binney spoke to at Hope No. 9 a little bit ago, just basically how there's such turn back and forth between politics and the NSA and these private corporations that supply and support them. But, you know, I think, Emanuel, this is a brilliant public relations move on the part of Google. They know that people are losing their trust and faith in their services, and they make their money off selling ads to millions and millions and millions of people. And if we cancel our Gmail accounts, their bottom line is affected. So they need to make some kind of overt gesture to give us that confidence once again. But encrypting this data, it could prove to be an empty gesture if the NSA can go to the Foreign Intelligence Surveillance Court and, by an ex parte motion, basically compel Google to open the floodgates to the NSA to wherever they want. It could be conceivably an empty gesture, but what gives me some heart is the fact that the Foreign Intelligence Surveillance Court did appear to make some kind of meaningful reveal even before their documents have been released to the public. Now that their documents have been released to the public, I think all of these judges are going to operate on the probably correct assumption that at one point their opinions, their future opinions, will also be released to the public. So I think that that will encourage even more meaningful oversight. You're listening to Off The Hook here on WBAI. You can always write to us, othat2600.com. Sticking with Google, it's been a busy week for them, and they were in court. They were in a lot of courts, actually, over the last week. This one out in San Jose, California, where their attorneys say their long-running practice of electronically scanning the contents of people's Gmail accounts to help sell ads is legal, and they're asking a federal judge to dismiss a lawsuit that seeks to stop the practice. Now, in court records filed in advance of a federal hearing that was scheduled for, I believe, last Thursday in San Jose, or maybe it's this Thursday, not sure, Google argues that all users of email must necessarily expect that their emails will be subject to automated processing. Now, the class action lawsuit was filed back in May, and it says Google unlawfully opens up, reads, and acquires the content of people's private email messages in violation of California's privacy laws and federal wiretapping statutes. The lawsuit notes that the company even scans messages sent to any of the 425 million active Gmail users from non-Gmail users who never agreed to the company's terms. Now, you know, I'm no fan of this kind of thing, but I think it is pretty obvious and pretty clear when you get a Gmail account that this is exactly what's happening. And I don't know, Alex, you'd be the person to ask here with your legal background. If Google puts out a service that says, okay, this is free email for you, but we're going to scan your email and send you targeted ads based on what you say in your email, are they breaking a law? Well, you know, taking a very, very literal reading of the Electronic Communications Privacy Act, it's possible, but you consent to this. And this is the same thing that spam filters do as well. They take a look at headers, they read, and then they perform some kind of automated function. So I think this, you know, the argument really that is causing a stir here is that, you know, Google is basically saying, well, you got yourself into this and, you know, there's no privacy protection in this context. So this goes back to this anachronistic concept that we've talked about so many times before here called the third party doctrine. And this comes from a case called Smith v. Maryland, where I believe that was a case that established that the pen register was permitted to be used against one individual subscriber because you were placing this record, a record of your phone call, which became a business record, into the possession of a third party. And once you did that, you lost your right to, well, you lost the ability to expect any privacy in that record. So this is Smith v. Maryland being extended on a very, very large scale here. And there's definitely a big difference between monitoring one person and monitoring many, many people. But the biggest, and I think the greatest argument that's going to have the most force and will probably knock this lawsuit out, is the fact that we consent to it, that this is what we do and this is what Google needs to keep doing to continue to exist. You know, we sign up for it. We agree to be a data nudist. We've given them the data freely. A data nudist? We've said it before. I like the term. No, I don't practice it at home. Carry on. Exactly. But so I think it goes back to this third party doctrine. And this actually, I think, brings us full circle back to the NSA issue and the hacking of smartphones that Mike brought up before. Because this is the same legal doctrine on which the NSA is going to rely on to claim that we don't have an expectation in our geolocation data. If you use apps like Strava that capture your movements while you're cycling to and from work, something like that, well you've consented to give this third party your location data, which it becomes a record in possession of a third party. You lose your reasonable expectation to privacy on it. And so it makes it that much easier for the government to make a compelling argument that that data doesn't belong to you. That you can't consider it private. Go ahead, Mike. So I think there's, we should distinguish between a couple cases. I think it's fairly obvious to any user of Gmail that Google reads your email and uses that to target you ads. And if you don't like it, and I don't like it, you shouldn't use Gmail and I don't use Gmail. Very easy. That's why this lawsuit seems a little bit off to me. But there's a, the NSA reading my email is not obvious. I did not consent to it and I have no opt-out. And I think that is a very important difference. I don't know that that argument can be legally made and win, but from an ethical standpoint it seems extremely clear to me. Yeah, and it worries me that it might get lost in all the noise. That Google's Gmail service might be seen as equivalent to what the NSA is doing. What the NSA is doing is so much worse than any commercial product that Gmail, Google is rolling out. But you know, if people really are suspicious that humans are actually reading their Gmail, which is something that Google has repeatedly said does not happen, you know what you do? You make two Gmail accounts and you email between the two of them. You say the most horrible things that would get you convicted in any court of law anywhere. And if you do get convicted, then you know. You know, that would be my method. Well, there could be a computer that does that. You think? Yeah. Well, okay, I'd like to know that too then. So would you please open up two Gmail accounts and threaten all kinds of assassinations and things like that and terrorist attacks and child pornography, whatever it is. Just get as objectionable as possible and see if anybody comes knocking at your door. And do let us know. You know, I think it's important to note in this context that privacy as a right is not an absolute concept whatsoever. The term privacy is not found anywhere in the Constitution. It's a derived right that comes from several different amendments to the Constitution, the Fourth Amendment being the prime one. But privacy is always a concept that is subject to something that's called definitional balancing. So the greater the interest of the government, the more intrusive the means by which they can pry into our private lives is going to be. And it's always subject to a reasonableness standard. So the more we consider something to have a, the more we are considered to have a reasonable expectation of privacy in something, the harder it is for the government to justify that intrusion. If we keep giving away our data, if we just keep willy-nilly shoveling it out to whoever is going to give us some kind of nonsensical service, then we lose that expectation of privacy. It makes it harder for us to claim in the end that we actually legitimately thought our email was private. Absolutely. Sticking with Gmail, sorry, sticking with Google and courtrooms, there was another case in the past week which I think is a lot more interesting and even entertaining. Back in 2010, you might remember this, Google admitted that its Street View cars were collecting a bit more data than they were supposed to collect. Instead of just getting the bare minimum data needed to map out the locations of various Wi-Fi networks, the cars had by accident collected packet data that contained private user information. And that disclosure led to government probes in both the United States and Europe. Now, those investigations have wound down, at least here in the United States, but the civil lawsuits over the issue have not gone away. The Google Wi-Fi incident, as we mentioned, happened in 2010, a point in history when Internet privacy lawsuits started getting filed at the drop of a hat. That's according to this story from Ars Technica. Google admitted that it had at a minimum made an honest mistake and the class-action lawyers pounced saying that the search giant had violated federal anti-wiretapping laws. Now, in August 2010, the suits were consolidated in the San Jose Federal Court, which was closest to Google's headquarters. Google said the case should be thrown out and that old pre-Internet telephone privacy laws don't apply in this case. But the following year, U.S. District Judge James Ware, who was overseeing the case, disagreed with Google's argument and ruled that the case can go forward. Google appealed. The issue was considered by the U.S. Court of Appeals for the Ninth Circuit and in an order published by that court yesterday, a three-judge panel ruled against Google. Now, Google argued on appeal, as it did in district court, that it should get out of the lawsuit because data transmitted over a Wi-Fi network is readily accessible to the general public. Alternatively, it said the Wi-Fi data could be considered an unencrypted radio communication, which means it would not be subject to liability under the wiretapping law. However, the appeals court found that the data collected by Google didn't fit into either category. The search company's lawyers argued that radio communication was any communication in the part of the spectrum where electromagnetic waves have frequencies in the range of about 3 kilohertz to 300 gigahertz. However, that definition, according to the court, does not conform with the common understanding held contemporaneous with the enacting Congress. Not exactly sure what that means, but the portion of the spectrum from which Google would be exempt is enormous and includes Wi-Fi transmissions as well as, and this is a quote, television broadcast, Bluetooth devices, cordless and cellular phones, garage door openers, avalanche beacons, I got one of those, and wildlife tracking collars. And the judges said, this is a quote here, one would not ordinarily consider, say, television a form of radio communication. Television is a form of radio communication. You can't get more of a form of radio, well radio too, but they use radio waves, absolutely. Continuing here, Google's proposed definition is in tension with how Congress and virtually everyone else uses the phrase. Now the court also found that Congress's definition of radio communication means a predominantly auditory broadcast. Google's data collection included usernames, passwords, images, and documents that were clearly non-auditory. This is, I mean, I could go on here, but it's amazing how they don't seem to understand the technology and they seem to think that radio communication can only be what we're doing right now, talking on the radio. Can't be data of any sort, can't be video of any sort, but it's anything that uses radio waves, that spectrum we just mentioned, is considered radio broadcasting. And what's more, unencrypted Wi-Fi networks are unencrypted, which means anyone can listen in on them. There is no expectation of privacy when you do that. Bernie, I know you had some strong feelings on this, you care to weigh in? Oh boy, do I. Sorry I got lost there. A lightning struck the phone line outside the building where I am right here. Is that the excuse you're going to, okay fine, use that, that's a good one. I'm surprised. Haven't used that one yet. Lightning struck your phone, okay, go ahead. Well, it was terrifying. This is like deja vu all over again, this Ninth Circuit decision. Many of us probably remember back in 1986, the Electronic Communications Privacy Act, which the cell phone industry basically paid legislators to pass a law saying that listening to cell phones should be illegal, and therefore their users, their customers, would then have a reasonable expectation of privacy. Dan, the law of the physics, you know, open broadcast of radio communications or any other kind of communications over the radio, radio waves, are simply not private, no matter what laws you pass. And then back in 94, two years later, the CALEA, the Communications Assistance for Law Enforcement Act, which was actually used to throw me in federal prison, then made it a federal felony to listen to radio signals of cordless telephones, which I was on just a little while ago when lightning struck. So this is really crazy because this judge, Jay Bybee, doesn't seem to understand physics or how radio communications works. And it really scares me because it's opening up way more crimes, way more possibility for prosecuting radio hobbyists and hackers, or even people that possess common software like Kismet or Air Snort, or these, you know, these programs that monitor unencrypted Wi-Fi communications. But Bernie, one of the fascinating things about this case is that there's people on both sides. So on the other side of this, you have Epic hailing this as a gigantic victory here. So this is such an interesting case because, I mean, here we have Google's interest appearing to coincide with security research, hackers, and just kind of generally inquisitive persons. And I think you're absolutely right, Bernie, that the opinion is probably premised on erroneous assumptions about how technology works. But I think at its core, what this opinion is about is actually about a fundamental respect for privacy and the sanctity of our communications, regardless of the technical definition of radio communication, you know, and whether or not these communications belong to someone who took arguably very simple means to protect their privacy. So I think the courts, and I think we can look at it as a big victory for privacy if we view it as the courts refusing to permit big business to impose itself on this concept of privacy and to be exempted from any infringement. And I think that's what's being held by privacy advocates as a big win. But passing a law does not change the practical aspects of the privacy not existing. When you openly broadcast your communications over the air, unencrypted, it's just in denial. When you pass a law, it's like the cell phone lobby back in the 80s when they got the ECPA passed with that provision that it's illegal to listen to cell phone calls that are broadcast in the clear. Then they were going around telling their customers, oh, it's very private because it's illegal. Well, no, it's no more private because it's illegal. It's still being broadcast over the air. So I'm afraid this law is going to give this decision, it's not really a new piece of law, it's a legal precedent, it's going to give people a false sense of security that now their unencrypted Wi-Fi communication is somehow more private because an ignorant judge passed this moronic decision. Well, now, hold on, let me step in there because you're targeting a particular judge, but what I'm reading is that it's a three-judge panel. So is it more than one judge? Well, in the article I'm reading, it's a Ninth Circuit Court Judge Jay Bybee. Yeah, that's right. He might have been one of the three judges in the panel. He wrote the opinion for the panel. I haven't actually looked at the physical opinion, though, so it will name the other two judges. It seemed like it was unanimous opinion, though, so he probably wrote the opinion. I'm sure what happened was they circulated it, made some edits, and then agreed on this particular draft. That's generally how it happens, but I think you're right, Bernie. I mean, there are obviously foreseeable but unintentional consequences here, and the unfortunate thing is it may make security research a lot more difficult. Absolutely. There was a great law back in 1934, and for more than 50 years, we had a perfect law that governed this stuff. It was called the Communications Act of 1934, and it was fine all the way up until the ECPA was passed in 86. It just said you could listen to any radio communications you wanted. You could monitor anything that's out there, and if it was encrypted, fine. If you could crack it, more power to you, but you couldn't share it with anybody else, and you couldn't profit from it. That made sense, and there were people prosecuted for violating that. Well, wait. I mean, not being allowed to talk about it, that doesn't make sense to me. You couldn't share it because it was considered somewhat private, so it was a balance. Okay, you can monitor whatever you want. You can't tell other people what you heard. Okay, I would go with that, you know. Well, I would go further than that because what if you heard something that people needed to know about? Yeah, I would. You know, it's being broadcast unencrypted without any kind of privacy. It's the same basic thing. People need to know that their communications are out there and completely unprotected. Well, now it's a felony to use a program like Kismet or AirSnort or one of these other programs. I mean, there's a lot of them out there. FireSheep, NetStumbler, all these things could now, in combination with this new legal decision, Title 18, Section 2511, which governs actually 2510, pertaining to possessing hardware software that can be used for wiretapping. This could put possession of this common software, security software, in people who have it in jeopardy, legal jeopardy. It's only in the Ninth Circuit. There's like eight states in the western United States where this is now binding, but I think it's going to spread. It's really crazy. I do think, though, I don't know what I think actually about this issue, but I do want to sort of present the other side because I think it is not crazy to believe that Google ought not to be profiting from spying on, you know, the entire country. This distinguishes, this is very different from the Gmail case where they were spying on their own users. This is them spying on everyone. They have all the technical knowledge, and I think it's slightly unfair to say that, you know, you, Joe or Jane Citizen, ought to take every precaution to protect yourself from Google's profiting, and if you don't, it's on you. I think there's a balance here, and I don't really know where it should be drawn, but I don't think it's crazy to say that Google ought not to be recording everyone's communications for their own profit. As I recall, Google is the entity that came forward and said, whoops, we did this by accident, and I don't see what would be in it for them to collect people's usernames and passwords from open Wi-Fi networks, but if someone is doing that, I want to know that that capability is out there, and people should know, hey, encrypt your damn Wi-Fi traffic if you don't want that to happen to you, and I think we're better off being educated rather than saying, no, you can't do that, and people just blithely broadcasting so that entities like the NSA can come along and not ever be detected, but interesting case and very, very weird outcome to that. We'll definitely stay on top of it. Okay, we have a couple letters. We're going to take phone calls. The phone number is 212-650-5782. Phone lines are open, or the phone line is open. Actually, you know what? I just, hang on a second. I have to now hang up on it. Okay, that's not working. I'm going to put you on hold, Bernie, because unfortunately this phone system is not doing what it's supposed to. Okay, Bernie, are you back? Uh-oh, did I lose him? Bernie, you there? I'm still here. Okay, good. Again, our phone number is 212-650-5782. A couple of letters we got at oth2600.com. Dear OffTheHook, you talked about the Delta 4 launch from Vandenberg Air Force Base last week on the show. I happened to be on base for the launch and wanted to tack on a few points. First, I've seen a lot of VAFB launches going back to when I was a child. This launch took one of the strangest trajectories I have seen from a launch there. Second, the base uses a lot of convict labor for grounds maintenance. It borders Lompoc Federal Penitentiary, as I think you know. I had a nice conversation with a few of them as we stood in the parking lot watching the launch. One of them had heard of your old friend Kevin Mitnick and started sharing the story with some of the other inmates, which I found really funny. Then a CO showed up and told me to unfriendly word off. Love the show. Thanks for all your hard work. Signed T.F. Thank you, T.F., for that nice letter. Here's a letter from Daniel who says DDG is also fairly popular within various groups. https duckduckgo.com or ddg.gg. We're talking about search engines that aren't Google. I think StartPage is the one we talked about last week, but if you know of others, please write to us. Here's one more letter. Dear OffTheHook, I heard something backhandedly profound on your program last week. You stated that people should not send you PGP encrypted email because the published public keys were old. You no longer had the private keys and you hadn't bothered to generate new ones. I realize that if the technically sophisticated, politically astute overlords of 2600 didn't maintain PGP keys, that is a pretty damning summation of the state of apathy about privacy in the United States. Keep up the good work, but please generate some new keys. Signed Drew in Oregon. Well, Drew, you know we'd love nothing better, but first we have to erase those old ones and there doesn't seem to be a way for us to do that. And as long as we can't do that, it's just going to confuse everybody because they'll use the wrong keys. So help us figure out how to delete the old keys and then we'll start new ones and these ones we'll try to hold on to for longer. All right, 212-650-5782. Let's take our first listener phone call, which just disappeared. Okay, that's the problem having only one phone line. You have to wait for it to come in. Oh, here we go. Good evening. You're on off the hook. Yes, I would just like to offer an opinion on the SSL and TLS encryption issue that was raised by the Snowden documents where, you know, Steve Gibson and even Schneier are saying that the certificate authorities themselves have been corrupted. And there's a lot of talk about self-signed certificates and certificate authorities. And this issue goes beyond just secure websites, banking. It goes into VPN technology like SSTP protocol and Microsoft or even open VPN. So just thought to bring that up. It's still a big question mark and no one seems to know the answer. Okay, well thanks for your call. Any comments on that? We did a couple weeks ago talk about certificate authorities in a little bit of detail. And yeah, there's a hundred or something in the default installation of your web browser, whatever your web browser is. And it is almost certain that some of them are not to be trusted. And that means that someone can impersonate a website. So the one saving grace here is that it is sort of more work to impersonate a website than to just passively spy on everything everyone does. So you have to be targeted for this to be a threat, but you might be. Okay, let's take another phone call. Good evening, you're on Off the Hook. Speak up please, go ahead. Yeah, hi. The security business around BC is a huge business. I think, well, I don't know how many people have high security clearances, but I mean it's, and also as far as other revelations go, I'm waiting for the other shoe to drop as far as spy satellites. And I'll hang up so other people can get on. Okay, thanks. Thanks for your call. I think we're all waiting for the other shoe to drop. Yeah, nobody's mentioned anything about the National Reconnaissance Agency, National Reconnaissance Office lately, I think. We talked about them last week a little bit. Oh, is that right? I didn't hear that bit. Yeah, definitely. So there are millions of people with security clearances. If you're one of those people and you have a conscience, send us some stuff. All right, let's take another phone call. Good evening, you're on Off the Hook. Hey, what's up, Emanuel? How you doing? What's on your mind? This is Bernd Kidd. Good talking to you again. First off, the Gmail suit or case has to do with people who are sending to Gmail accounts and their privacy, because they have no privacy because Gmail is scanning those people. And the people that are sending to those Gmail accounts might not be aware of that they're being scanned by Gmail. So therefore, that's what that case is about. Second off, as an NSA and the call tracking and the surveillance and all that, that's been going on for years, and I don't know why it's a big thing now. I work for a telephone company, and not only can I pull call logs, multiple call logs from different systems, but I can listen and record telephone calls without people even knowing. So I don't see what the real issue is with that. Those are just my two things. I just am boggled that so many people are making such a big deal. I understand that there's privacy that needs to be out there, but at the same time, this has been going on for years, and any law enforcement can request call recordings and call logs and get them without any kind of issue with the proper legal documentation. Okay, well thanks for that call. We're going to leave it there, and please write to us, othat2600.com, with your feedback, ideas, thoughts, things like that. And on this 9-11, this is actually the first show we've done on 9-11. We were supposed to be on 2001, we were supposed to be on 2002, preempted both times, for the first year for obvious reasons, second year for stupid reasons. But yeah, interesting to look back on that, to see the history of this place, to see the history of the city, the history of the country, what has changed, and wow. I don't know. We will be back next week with hopefully a fairly normal show, but I believe we'll be talking about the NSA again. Once more, write to us, othat2600.com. We'll talk to you next week. Good night. As we bend down to pray And ask, is there a better way? If you make the world break a day or night Are we all born crazy, wild in man and fire? If you make the mountains and the sea Now, can you show a better way to be? Now, when I talk to God, I knew you'd understand Now, when I talk to God, I knew you'd understand He said, speak by me, I'll be your guiding hand Now, the wrong or the right, and the right or the wrong Why can't we all just get along? And there's no one to blame It's not some bloody game If you make the world break a day or night Are we all born crazy, wild in man and fire? If you make the mountains and the sea Now, can you show a better way to be? Rich in rice, colour, greed, whatever Law, job, place, drugs, whatever I can hear what they say There must be a better way Law, job, place, drugs, whatever Now, when I talk to God, I knew you'd understand Now, can you show a better way to be? Now, can you show a better way to be? Now, when I talk to God, I knew you'd understand Now, can you show a better way to be? Now, when I talk to God, I knew you'd understand Now, when I talk to God, I knew you'd understand He said, speak by me, I'll be your guiding hand I'd like to ask if I may pursue Love and direct from my living room As we bend down to play And ask, is there a better way? They've seen inside plans, I can't understand If you make the ocean and the land Try to find some peace of mind If you make the world, make the day and night Are we all going crazy while the men fight? If you make the mountains and the sea Now, can you show a better way to be? Religion, race, colour, greed, whatever Law, job, place, drugs, whatever I can hear what they say There must be a better way Why do men fight? www.WBAI.org