I try not to make assumptions about things I don't know, but these numbers beg a fairly major question for me. The government has stated several times that NSA surveillance and National Security Letters are only being applied to monitor suspected terrorist action; that this broad digital observation is only to protect our nation. Since I don't know that the government is lying about this, I try to take their word.
However, if the U.S. government requested data on over forty thousand users last year alone, how many terrorists do they think are out there? Tens of thousands? Hundreds? Over a million?
Now, I'm aware that only some of these requests are National Security Letters and FISA requests--many, if not the majority, are just law enforcement requests. Still, though, even if only ten percent of these are related to national security, that's four thousand threats to our security last year--from Yahoo!'s user base alone.
Ah, come on. Consider what it takes to create a Yahoo! user account. Almost nothing.
Yes, I was born on January 1, 1901
Yes, the CAPTCHA is HU3FR43O
When you're engaging in elaborate sock puppetry, ostensibly for evil deeds, you're going to create and dump accounts like water.
Let's say there's some evil super villain plotting to derail a train, and he needs to communicate with his henchmen. If he knows that the law will stop attempting to trace his secret e-mails to his henchmen, after reaching some magic number of say... 100,000 user accounts, then his evil plan needs to incorporate operations to create maybe 500,000 sock puppet accounts, to give his communiques a 1 in 5 chance of being intercepted.
Now, let's say you have special evil dedicated servers, capable of queuing and automating requests in real time, and funneling off the CAPTCHAs to warehouse filled with data entry sweatshop slaves, so that your henchmen have all of their dummy accounts prepped for use, once the plan is set to unfold. Because a lot of human intervention and human interaction can be removed from the creation of a yahoo! account, and thus automated, if our evil super villain were able to engineer a custom yahoo! account creation apparatus, it would be a mistake to assume that 40,000 accounts represents 40,000 people, much less 40,000 terr'ists, or even 40,000 'muricans.
So it's not like one can make any assumptions based on these kinds of numbers, when it comes to anything on the internet. But regardless, the reverse aspect to this unreality of "user accounts" on the internet is the worry. There's no way to know when government officials are being honest, and not taking advantage of their powers, to abuse them for personal gain, either to spy on a cheating spouse, or to accept bribes and do it for someone else.
If user accounts, as a rule are nebulous and pseudonymous, and there's no real limit on creating them, and thus only a fuzzy integrity to them, then how can there be a predefined limit on eavesdropping?
The only real limit on sock puppet accounts is a theoretical one, tied to the bandwidth consumed by the circuits crossing all international boundries. In theory, if it takes "X" amount of time for human intervention to create a user account, and we can estimate "T" amount of terr'ists worldwide, then, given "N" amount of time lapsed since TERR'ISM A.D., there might potentially be:
((N/X)*T) = terr'ist user accounts in the world
...then that's pretty much what 'murican law enforcement will entitle themselves to commandeer to fight "evil".
But even more absurd is the idea that a dragnet of all internet traffic will reveal any kind of terrorist communications at all. I would have imagined that human couriers and satellite phones were still the primary drugs of choice when it came to super villainy.
> "Still, though, even if only ten percent of these are related to national security, that's four thousand threats to our security last year--from Yahoo!'s user base alone."
The problem with this line of reasoning is that are numbers less than %10 - it's perfectly possible that there was only 1 NSL and the Yahoo! announcement wouldn't read any differently.
The number of "terrorists" -- or at least persons of interest -- could be much, much smaller. The NSA would ask for most of the people the person of interest had ever emailed or phoned, and everyone they ever emailed or phoned. I don't feel up to doing the math, but clearly a quite small number of actual suspects could easily explode to 47K.
That is for the official record. Even Yahoo won't know how many users' data was compromised via NSA backdoors. A regular user should never trust Yahoo and other such services.
I am not sure what US government is gaining by all this. But is certainly losing faith of almost all people at very alarming rate. I am an Indian and so far I have always been sympathetic with US an it's alleged war on terrorism now I find myself questioning if US war on terror is any different from terror they claim to fight.
This is like a bully government trying to force itself on everyone.
I find myself questioning if US war on terror is any different from terror they claim to fight.
Odd that. The NSA are frankly getting more scary than any known threat. Whatever else is out there, sunlight is the best disinfectant. Subverting privacy free-speech and the open-exchange of information is not the road forward.
Interesting to look at the other numbers. The UK requested 2k~, roughly the same as India (the country with both the largest population and the most serious/active threat of terrorism.) Germany is in the 5k range. Canada is at 47, New Zealand at 9.
When I see this all I think is that these are the requests from lower level agents who have to fill in paperwork to get their data. I just cannot now believe that upper levels of the intelligence agencies do not have complete and total access.
It's pretty obvious why they release these numbers right now. More or less for the same reason why Google says now that they speed up encryption between data centers:
Cheap and ridiculous PR, designed to move your attention away from the real question (their collaboration with the NSA) to questions that have become almost insignificant (comparatively speaking).
[+] [-] david_shaw|12 years ago|reply
However, if the U.S. government requested data on over forty thousand users last year alone, how many terrorists do they think are out there? Tens of thousands? Hundreds? Over a million?
Now, I'm aware that only some of these requests are National Security Letters and FISA requests--many, if not the majority, are just law enforcement requests. Still, though, even if only ten percent of these are related to national security, that's four thousand threats to our security last year--from Yahoo!'s user base alone.
That seems hard to believe.
[+] [-] sockPuppetry|12 years ago|reply
Let's say there's some evil super villain plotting to derail a train, and he needs to communicate with his henchmen. If he knows that the law will stop attempting to trace his secret e-mails to his henchmen, after reaching some magic number of say... 100,000 user accounts, then his evil plan needs to incorporate operations to create maybe 500,000 sock puppet accounts, to give his communiques a 1 in 5 chance of being intercepted.
Now, let's say you have special evil dedicated servers, capable of queuing and automating requests in real time, and funneling off the CAPTCHAs to warehouse filled with data entry sweatshop slaves, so that your henchmen have all of their dummy accounts prepped for use, once the plan is set to unfold. Because a lot of human intervention and human interaction can be removed from the creation of a yahoo! account, and thus automated, if our evil super villain were able to engineer a custom yahoo! account creation apparatus, it would be a mistake to assume that 40,000 accounts represents 40,000 people, much less 40,000 terr'ists, or even 40,000 'muricans.
So it's not like one can make any assumptions based on these kinds of numbers, when it comes to anything on the internet. But regardless, the reverse aspect to this unreality of "user accounts" on the internet is the worry. There's no way to know when government officials are being honest, and not taking advantage of their powers, to abuse them for personal gain, either to spy on a cheating spouse, or to accept bribes and do it for someone else.
If user accounts, as a rule are nebulous and pseudonymous, and there's no real limit on creating them, and thus only a fuzzy integrity to them, then how can there be a predefined limit on eavesdropping?
The only real limit on sock puppet accounts is a theoretical one, tied to the bandwidth consumed by the circuits crossing all international boundries. In theory, if it takes "X" amount of time for human intervention to create a user account, and we can estimate "T" amount of terr'ists worldwide, then, given "N" amount of time lapsed since TERR'ISM A.D., there might potentially be:
...then that's pretty much what 'murican law enforcement will entitle themselves to commandeer to fight "evil".But even more absurd is the idea that a dragnet of all internet traffic will reveal any kind of terrorist communications at all. I would have imagined that human couriers and satellite phones were still the primary drugs of choice when it came to super villainy.
[+] [-] kevinnk|12 years ago|reply
The problem with this line of reasoning is that are numbers less than %10 - it's perfectly possible that there was only 1 NSL and the Yahoo! announcement wouldn't read any differently.
[+] [-] fernly|12 years ago|reply
[+] [-] do-it-good|12 years ago|reply
You're a certified crazy person if you trust the US government.
[+] [-] rozap|12 years ago|reply
:)
[+] [-] chatman|12 years ago|reply
[+] [-] raldi|12 years ago|reply
[+] [-] ISL|12 years ago|reply
[+] [-] tn13|12 years ago|reply
This is like a bully government trying to force itself on everyone.
[+] [-] 001sky|12 years ago|reply
Odd that. The NSA are frankly getting more scary than any known threat. Whatever else is out there, sunlight is the best disinfectant. Subverting privacy free-speech and the open-exchange of information is not the road forward.
[+] [-] trevrolins66|12 years ago|reply
[deleted]
[+] [-] cmyr|12 years ago|reply
[+] [-] jimparkins|12 years ago|reply
[+] [-] mpyne|12 years ago|reply
For "upstream" collection Yahoo would simply have never known anyways so there's nothing for Yahoo to report on.
[+] [-] Wingman4l7|12 years ago|reply
[+] [-] frank_boyd|12 years ago|reply
Cheap and ridiculous PR, designed to move your attention away from the real question (their collaboration with the NSA) to questions that have become almost insignificant (comparatively speaking).
[+] [-] fatjokes|12 years ago|reply
[+] [-] Nobody4342312|12 years ago|reply
"Yahoo says U.S. sought data on every active user account in 2013"
[+] [-] post_break|12 years ago|reply
[+] [-] unknown|12 years ago|reply
[deleted]