I remember my father saying he updated some win16 code to win32 bit code which did this while working for AT&T. (Copy meta data for every call) At the time he said nobody would say what the code was supposed to do just that that they needed it to be updated. As such I suspect this type of "Passive spying" has probably been going on for a long time.

As a side note there are plenty of legitimate reasons to have this metadata for some phone numbers over the past X days. I suspect the original choice was simptly to give them everything vs trying to support these types of lookups after the fact.

PS: AT&T was for a while providing a lot of government services for free simply because they could not get billing correct and it was nobody's job to fix it. Which is why I think this could have easily stared as a hack to solve a technical problem vs. the sort of big brother spying that pops up.

I'm a little skeptical. Not because of the spying--that I fully believe. But I have a hard time believing that AT&T, the inventors of UNIX, would write large-scale software on pre-NT Windows. Maybe something got crossed in the retelling.

Alcatel-Lucent owns Bell Labs today.

I fail to see how this could be relevant.

AT&T didn't invent Unix. A bunch of smart guys in a department owned AT&T invented the earliest versions of Unix. Unix of those days by any measure won't be much useful to do anything.

Unix is a ecosystem developed over decades.

Coming to using Windows NT, its likely some 'real manager' is running the show there. Whose only criteria for using a technology is having the ability to hire the cheapest resource on the market. If you were to go ask the person, he won't be able to list 5 differences between Windows and Unix.

According to Binney, the NSA's been mining data illegally since shortly before 9/11.

According to the EU parliament ECHELON was going on for a while. Monitoring of citizen phone calls was happening since at least the '90s. And that was the content of the calls, not just the addressing data.

(https://en.wikipedia.org/wiki/ECHELON)

> This is not some conspiracy theory. It's happening, and no one seems to care.

It's true that no-one seems to care. And what's more, if you do care others will look at you funny, like you're paranoid. "Why do you care so much about anonymity? You don't have anything to hide!"

Literally the only argument that I've ever had luck with is to ask them whether they are okay with the police searching their house whenever they want. After all, you don't have anything to hide, right? This takes them aback. I ask them, so why do you think we need search warrants? And most people agree that we need them, but clearly they've not thought a lot about why we need them, or what life would be like without them.

The odd thing about the situation is that we have a population which has it's head on pretty straight when it comes to search and seizure in the physical domain, and totally uncaring about whether these rules are applied to the digital domain. It's as if information on paper is some sacred thing, but information on disk platters is free for the taking. Very, very strange.

My hope is that, like with pot legalization and gay marriage in many states, public awareness will crystalize and coalesce on the rational position. This is actually a very simple situation where there is unequal application of the 4th amendment depending on media of all things, and this is totally, completely insane.

The difference between search and seizure of things in your house and your digital information is that the things in your house are on your property. Your digital information is on someone else's property.

I don't think you can accuse the public of not taking the "rational position" here. Indeed, I think technologists often take a romanticized position here, ignoring the mechanical nature of the systems in question. People rationally perceive that there is nothing private about who you call or what websites you visit (I mean, how well can Facebook track where you go?) This is quite different from say a conversation one might have in one's home, on one's own property, with the only parties to the conversation being those within one's circle of trust.

The implication of your position is that we either have an electronically connected society, or we have an expectation of privacy, but not both. The nature of technology in general, and the internet in particular, involves the co-mingling of property on the site of some 3rd party for the benefit of all.

Let us just talk about the content that I write, such as anything that I've written and left in Gmail drafts. The fact that Google hosts that data does not give them ownership of that data, nor does it confer the right to access that data for any reason. The data in my drafts folder is exactly the same as data in a paper journal that I have in my house, and is protected by exactly the same law, the 4th amendment. The details of it's representation, even it's physical location, are unimportant.

Extending the 4th Amendment in this way is the only rational thing to do. The only reason why this is not the default is that the public is generally ignorant of both a) how these systems work and b) how they are systematically exploited by government. The reason the government wants access is because it is a convenient and cheap way to achieve some aspects of security. In the post-Bush era, exercising restraint on one's own power is no longer the "done" thing - just ask Cameron Ortiz.

>The implication of your position is that we either have an electronically connected society, or we have an expectation of privacy, but not both. The nature of technology in general, and the internet in particular, involves the co-mingling of property on the site of some 3rd party for the benefit of all.

Agreed. It's a strange position to take that because it's technically possible for the government to access the information (owed to the location of the data), then they should be allowed to do so. This could be used to rationalize virtually unlimited access to otherwise private communications in today's hyper-connected world.

But, capabilities that we have had in the past (e.g. wiretapping) have always been checked in order to preserve privacy (or, put more Constitutionally, protect us from unreasonable search and seizure). Phone calls have always involved third-party transmission by the telcos. Why is that different from data sitting on a third-party server?

In general, however, it becomes silly to argue what should be permissible based on the ancillary nuances of technical architecture. It's a bit of a red-herring. The real question is "what is the intent of the protections afforded by the Constitution and are we upholding that intent". To argue that "the government should have a particular right because there's a client-server architecture involved vs. P2P" is spurious in this context.

> ancillary nuances of technical architecture

It's patently ridiculous to call these "ancillary nuances of technical architecture." These are stark distinctions: is the information under your personal control or did you voluntarily give access to and possession of that information to someone else? In this particular case with the NSA, it's even starker: who generated the information? The NSA is collecting information generated by AT&T about activity on AT&T's private network. It strains the imagination to try to define that as an individual's personal information.

> The real question is "what is the intent of the protections afforded by the Constitution and are we upholding that intent"

The intent of the protections was to guard against the invasive physical searches of homes and persons that had occurred under the British. A broader conception of "privacy" is absent from the document. A conception of privacy that is broad enough to encompass information generated by a third party and stored by that third party is purely wishful thinking.

>is the information under your personal control or did you voluntarily give access to and possession of that information to someone else?

You are saying that by making a phone call, you are voluntarily giving information to someone else (the carrier), and so the government should able to access that data at will. And, I'm being ridiculous?

>who generated the information? The NSA is collecting information generated by AT&T about activity on AT&T's private network

The caller generated the data. AT&T simply collected and indexed it. There would be no data or metadata without the caller. You acknowledged this yourself in the first paragraph when you asked, "is the information under your control or did you voluntarily give possession of that information to someone else?" How could I give AT&T information that it supposedly generated? Once again, you're all over the place.

And, your ridiculous argument that because AT&T offers the pipes, they should be able to do what they please with the data that is generated is tripe. You could just as well extend that to make warrantless wiretapping on all calls legal. It is all merely data on AT&T's private network, right?

>The intent of the protections was to guard against the invasive physical searches of homes and persons that had occurred under the British

Funny how you're so willing to update government powers based upon evolving technology, however, when it comes to the rights conferred by the Constitution to the people, you want to limit those to the technology of that day. In this case, you are literally limiting those protections to redcoats (or similar) showing up at your door and rifling through your papers. I can't believe you expect to be taken seriously.

> The fact that Google hosts that data does not give them ownership of that data, nor does it confer the right to access that data for any reason. The data in my drafts folder is exactly the same as data in a paper journal that I have in my house, and is protected by exactly the same law, the 4th amendment.

This is what I refer to as the "romanticized view" of technology. Your gmail draft is not like the paper journal you have in your house. It's Google's data on its hardware that its engineers have access to (in clear text!). You want to construct this metaphor, where the "physical location doesn't matter", but that's not the underlying nature of the system.

You say that "representation" shouldn't matter, but you're making the opposite argument. You want different rules for digital representations versus physical ones. The rule right now is that once the information, represented as molecules of ink on fibers of paper, is in someone else's possession, it's not your information anymore. Well at the physical level, your gmail drafts are little flipped magnetic domains on a hard drive platter in a Google data center. If you tried to enter that data center, you'd be thrown out for trespassing. But you think that in this case, the law should construct a metaphor: those bits are "private" even though you don't have possession of them or ownership of the medium on which they reside.

Thought experiment: if I chisel my diary into a rock slab and mail it to Google, do you agree that it's their data now? What if I write it to a magnetic hard drive and mail it to them? No difference, right? So why should it suddenly be different if I send the bits over the internet for Google to write to its own hard drive instead of mailing them a hard drive myself?

My expectation of privacy covers anything that I protect with a password. Or, to put it another way, anything that is not public is private.

It's really that simple, and that is not a romanticized view of technology. Indeed, I'd argue that this is the (reasonable) assumption that most naive internet users make about their data.

The idea that location and possession does not matter is romanticized. The idea that your gmail drafts are private even though they are easily visible in plain text to Google is perhaps not romantic, but at the very least technologically confused. By that reasoning, your Facebook profile is "private." More to the point, the 4th amendment is not a blanket protection on "anything that you think is private." It's a protection against police invading the sanctity of your home and physical person. "Privacy" as some people think of it today, the idea that information might be considered private despite its being shared with numerous people, was not a developed concept at the time the 4th amendment was written.

I personally think the easier battle is to protect access to strong encryption tools, but I wonder, do you think it would be incoherent for a 28th amendment to try to spell out some legal protection for personal thoughts that were stored remotely?

Saying it a different way, if javajosh were to concede that your definition of privacy is more useful and concede that you are making a clearer case for how such things developed historically, how does he gain some legal breathing room for his remotely stored documents?

I agree re: encryption.

It wouldn't be incoherent at all for a 28th amendment to address various strands of privacy concerns that have arisen over the years. But there needs to be some thought into the design of such an amendment, because it wouldn't be an easy set of analogies from existing protections.

We are having a normative discussion, not an informative one. We can differ on what should be the case; this is not a discussion about what is the case. Clearly the courts side with you on this matter - the physical location of the data is given preeminence in legal debate over privacy.

And my normative claim is that this position is totally, completely, batshit insane.

We're having an informative one, because you said:

> The data in my drafts folder is exactly the same as data in a paper journal that I have in my house, and is protected by exactly the same law, the 4th amendment.

The use of "is protected" versus "should be protected" seems to me to be inviting an informative discussion, not a normative one.

As an aside, I'm always surprised by how often people on HN talk about "should" versus "is." That's very weird for the engineer in me. You can never make progress in a normative discussion, at best you can boil the disagreement down to a disagreement in principle and leave it at that. E.g. I don't trust the government less than I do Google, Facebook, etc. If I'm willing to write something in my gmail, where a Googler can see it, I'm okay with the government seeing it. You almost certainly have a different perception of privacy and trust. A normative discussion on the subject is thus futile--who is "right" about what who and how much to trust private companies versus the government?

> I'm always surprised by how often people on HN talk about "should" versus "is."

Perhaps we make this distinction because it's an important one. It always surprises me when an engineer confuses the two. "But the courts say that the gov't can access your data if it's not on your property," is NOT a counter argument to the statement "The 4th amendment should extend to data." The conversation cannot move forward unless both sides understand the difference between "should" and "is".

> "This is not some conspiracy theory. It's happening, and no one seems to care."

Do you ever feel like a frog recognizing the water is boiling and you don't know what to do?

Or like you're looking at what Jefferson, Adams, Washington, and the other founders fought and wrote the Declaration and Constitution over, but everybody is acting like it's easier just to pay the stamp tax?

Or both?

Unlike the Founders, we have tools at our disposal to change things. We elect our own representatives. We are free to organize an opposition. We have a free press -- and in the age of easy and cheap online publishing, that's a power that anyone can exercise, not just media barons.

We have lots of levers short of revolution that we can push on to move policy in directions more respectful of the rule of law.

The only question is whether anyone cares enough to use them.

Fairly serious question:

You really think that actually has any significant probability of working in the US?

Would it work if people tried? I bet it would. Will people try? No, because they don't care about this issue.

The refrain of democracy being broken in America is getting old. It's not broken--you just don't like that the majority has a long list of issues it cares more about than privacy. We are getting the things people care about: legalized gay marriage, continued access to abortion, welfare spending, social services for the elderly. We're fighting the good fight on issues that aren't quite there yet: universal healthcare, etc. Democracy is alive and kicking in America.

You're describing wedge issues that politicians use to get people to fight red vs blue. Anyone that has ever brought up the subject of privacy and domestic spying has been lambasted as a conspiracy nut.

They are wedge issues because people care. You don't see teenagers standing on the sidewalks getting people to sign petitions to address domestic spying after all.

No, they are wedge issues because politicians are able to divide voters through manipulation, dogma and money from lobbying power. Once a politician tells voters (or teenagers) that domestic spying is an 'issue' then they'll care. That's how the game works.

Ah yes, the line of old democracy is a failure because people are idiots for not caring about what I care about.

Ah yes, the line where we pretend the government isn't run by special interests and the game isn't rigged.

I feel there is a huge difference between political organization around issues of civil rights, and organizing against the military-intelligence-industrial complex.

I've studied the history of civil rights considerably. This issue strikes me as a far different beast.

I would love to be wrong.

The American Revolution would not have been successfully fought without tons of gunpowder, a couple dozen ships of the line, tens of thousands of muskets, hundreds (thousands?) of cannon, and over $1 billion livres from the French. It was a proxy war.

The other problem with this revolution idea is that no one wants to be the first to die for their beliefs.

For those reasons, I suggest reading online the Anatomy of Slavespeak. While longwinded, it questions the use of words we all know and use without second thought. The constitution is one of those words.

That's exactly what I feel like, but I've been feeling like that for a long time. I used to go out of my way to tell people about these things, but after a while, I figured out that most people just don't care enough to really do anything about it. Sure, they'll pay lip service to the notion that the NSA shouldn't be doing things like this, but there seems to be some sort of implicit trust factor within people that compels them to just shut up and accept that what their leaders are doing is for their own good, which puts a damper on any action they might think about taking. I do think that if the media really got on board with lambasting the government and pointing out the obvious reasons that things like this shouldn't happen, the public at large would eventually start caring, and our society would be better for it - but I don't expect that to happen any time soon, if ever. So instead of hoping that people will eventually catch on to what's going on, I've simply started making plans to get myself out of the pot before the water gets too hot and I'm too cooked to leave.

"This is not some conspiracy theory. It's happening, and no one seems to care."

Maybe people are afraid. If you accuse the NSA of committing crimes that are only slightly unethical (wiretapping US citizens), then you're instantly on "the list" of arguably the most powerful organization in the world.

Not only would the story just end up being, "oh well, greater good", but the NSA would just slightly back off of the monitoring, then make sure that future leaks such as this do not happen again.

They are not an evil nor dark organization, just one with a very important mission, and when you have the real big picture on the table sometimes the unethical option is required to maintain dominance and security.

Imagine having the responsibility of protecting a country that is the #1 target in the world, that has 300+ million people within its borders that have the potential to cause major harm to the country, its citizens, and its allies. The NSA doesn't have a choice but to do everything in its power to maintain information dominance over the world.

The NSAs mission statement requires it to protect the US and provide foreign sigint. They're technically not allowed to spy on US citizens but what if it was absolutely required to protect the country? How many people are really qualified to make that decision?

Heh, so you're saying the US is too big to fail? Maybe it should be split up into smaller countries to avoid future problems of that sort...

My ethical concerns about what the NSA's doing aside, this is still a democracy, and there are established channels which the NSA is, by law, required to go through in order to do things like this. They're called FISC courts, and FISA warrants are what they're supposed to acquire before spying on American citizens. We have that requirement for very good reasons, and it should neither be treated lightly nor circumvented at will by the Administration or any of its agencies.

We're a democracy dammit, or have you forgotten what that actually means?

Our elected representatives might have decided that bypassing the FISC courts were acceptable. Is that not a democracy?

Thats the same building that Twitter HQ was in for years... and with the library of congress archiving all tweets - you think all this BS is unrelated?