Mobistealth: Hi there, how are you?
Tung-Yin: I’m fine, thanks.
M: Alright then, should we start?
TY: Yes, sure.
M: For the first question, could you please tell me your perspective on
the NSA in terms of cell phone tracking?
TY: Well, this is part of a much bigger issue of everything that we are
starting to find out about what the NSA has been surveying.
There’s the
cell phone tracking, there’s the emails… apparently now we’re finding
out that the NSA has actually infiltrated Google and Yahoo as well. So
this is one part of it. All of this information gathering [is] about
mostly Americans, but also, we’re finding out, non-Americans as well.
Some of it is apparently covered by court warrants, that is there are
courts that have given approval to some of these surveillances, and then
[are] others where the government is claiming the authority to do this
even though there is no court approval.
So, [it] raises a lot of legal
questions and of course there are policy questions as well about
whether, even if it is legal, if this is really what we want the
government to be doing.
M: Do you believe that Section 2:15 of the Patriot Act is a justifiable
defense? It’s been used by the NSA a couple of times.
TY: Well, the Patriot Act is very long and I think in some ways it draws
a lot of undue attention. Sometimes people complain about it and what
they are complaining about has actually nothing to do with the Patriot
Act. It has to do with other government activities.
For example,
Guantanamo; there’s nothing about Guantanamo that relates to the Patriot
Act, but many people, I think, erroneously think that it does. Parts of
the Patriot Act, I think, make sense because the old law, the US law,
joined with just regular criminal search warrants and cell phones was,
it was more like something appropriate to the mid-20th century, not
[applicable] to use [for] cell phones in the 21st century.
But there are
parts of the Patriot Act that made it easier for the government to get
and to share what we call foreign intelligence information and this is a
lot of what the NSA is going after.
[To elaborate] normally what, the kinds of warrants that judges will
issue, or what we call criminal search warrants, it’s where the police
say that we think that the target of the search has committed a crime.
Here are the reasons why we think the person has committed a crime. This
is why you should let us invade their privacy and search their home, or
search their car, whatever. And so the standard that the police have to
meet is what we call probable cause. It doesn’t mean you have to prove
beyond a reasonable doubt which [is] the criminal trial standard.
You do
not have to prove to that level of certainty that the person is
committing a crime. You just have to have a good basis for it. Then the
judge will issue the search warrant and that allows you to do what would
otherwise be a violation of fourth amendment rights against illegal
searches.
But you can see the issue here is that the police or the government has
to have a probable cause to believe that the person has already
committed a crime. And the NSA is not going to be in that position.
They
are in the position of trying to figure out, if we think this is what
they are doing, who may be planning terrorist attacks or whatever. And
they’re doing a big dragnet of everybody, trying to figure out among
everybody “who should we be spending more time on”.
So they can’t
possibly meet that probable cause standard.
What the Foreign Intelligence Surveillance Act, which was passed in
1978, what that does is that it says, okay, there is a different way
that the government might be searching people or spying on them, which
is not about gathering evidence of criminal activity, but instead it’s
about gathering foreign intelligence, which is useful for the government
in terms of diplomacy and so on.
And so, you still have, if you’re going
to invade people’s privacy for that, you still have to have a warrant.
At least if you’re talking about American persons (and by American
persons, it doesn’t mean just citizens, it means citizens and permanent
residents, and the like).
But the standard is, you have to show probable
cause to believe that the person is an agent of a foreign power, so if
they’re somehow working for either foreign government or foreign
organization, including a foreign terrorist organization.
Now I could say it’s a little bit easier for the government in some
senses. They don’t have to show that the target may be or has committed
a crime. They just have to show that the target is working for a foreign
source. And so what the Patriot Act did is it made it:
It made it a little bit easier to get that kind of warrant;
And, it made it easier to share the information that the government gets
through that kind of a warrant.
And by share what I mean is you’ve got your foreign intelligence
analysts and then you’ve got your criminal investigators. And they have different jobs. But sometimes
the foreign intelligence people may come across information about a
crime. They would like to pass that along to the criminal investigators.
Before 9/11 and the Patriot Act, it was harder to do that. And after
9/11 it became easier. One of the concerns that some civil libertarians
have is that now it is easy for the government to get the foreign
intelligence warrant, when what they’re really doing is trying to gather
information for prosecution.
When people are complaining about the
Patriot Act and whether it’s to blame and so on, that’s the aspect that
relates to what the NSA is doing.
M: LOVEINT is the code that’s used for intelligence that’s gathered on
an NSA employee’s ex spouse or current spouse, or significant other. Do
you think that average people can actually take any form of action
against the government or the NSA?
TY: Well you probably [can], there would be causes of action that you
could raise about that, but the problem is that, typically, the only way
that you would tend to know that the NSA or some NSA person had done
some surveillance on you… the typical way you would find out is that the
information that the NSA comes across is shared with criminal
investigators, who then use it to get to prosecute you as the target.
And then the government shares the evidence it has against you and you
find out that some of it was through this kind of foreign intelligence
surveillance.
And then, at that point, what you care more about, less
that your privacy is violated, and more about just making the government
go away so you don’t get convicted.
At that point, you could file a motion to try to keep that evidence out.
But you see the only way you really find out [about the NSA snooping] is
that you’re indicted and you have to face a criminal trial.
When these NSA employees are sharing this “Haha, look at what my ex is doing”, you
may never find out. I mean obviously if you find out, it’d be
embarrassing perhaps and you could bring a cause of action, what we call
civil rights lawsuit for the violation of your privacy rights.
But
what’s probably in some ways disturbing for everybody else is: if it’s
happening to you or me or anybody else, how would we know?
M: How is what NSA does is any different from what
Facebook or
Google
do, because they extract much more information than the NSA is
supposedly capable of?
TY:
Well, there are a lot of similarities and I think that’s right, in some
ways Facebook may give an example of wired people, one way you can look
at it is that wired people are complaining so much about the government
when they are willing to share so much on Facebook, or blogs, or
whatever.
But, of course Facebook is entirely voluntary. I know a few
people who refused to join Facebook and if they refuse to join Facebook,
then Facebook does nothing about that.
So, you can opt out from Facebook,
but you can’t really opt out from the NSA. So I think that would be the
major difference.
I guess I would say that the notion of privacy, the way that the US law
looks at privacy, is that it’s binary: either you have it or you don’t.
So there are these cases where, there’s one case about garbage where the
defendant in the case was some kind of drug dealer and threw away drugs
or stuff in his garbage, expecting it to be taken out to the landfill
and never be seen again.
Well, the police suspected that that’s what he
was doing, and so the police detective quite cleverly talked to the
garbage collector and said:
“Hey, when you go by this house, put that
garbage aside, I’d like to look through it.”
And the detective looked
through and she found drugs stuff, and so she was able to get a warrant
to search the defendant’s house and ultimately he was convicted.
And he
said:
“Hey, wait a minute, you went through my trash without a warrant.
How can you do that?”
And the Supreme Court said,
“Look, that’s your
trash, you don’t care about it. You put it out to be picked up by
somebody else, so, you know, cats could have come back and ripped open
your trash, kids could’ve looked in there. You have no privacy in it.”
[Basically] the court was saying either you have it or you don’t.
But I
don’t think that people think of it that way in real life. And Facebook
is an example where you can set your posts, if you trust Facebook, you
can set your posts so that either it’s open to everybody, or it’s only
open to your friends, or only open to a subset of your friends, or it’s
open to nobody.
And that’s probably a more realistic way of how people
think about privacy. That you have different groups, either bigger or
smaller, and you share something only with a very select few, and other
things you share with more people.
And again with the NSA, there is nothing like that. You can try to keep
it as private as you want, but the only way you can really ensure it, I
guess, is to keep it in your head.
M: In the debate of personal privacy versus national security, do you
think that the NSA’s actions are justified to an extent?
TY: You know, that’s a key question and it’s hard to answer for two, at
least two, reasons.
The first reason is, I don’t have a security clearance, so I don’t,
obviously, I don’t see the threat matrix or anything along those lines
about the various threats that the United States, or you know, other
countries may face.
So in some sense I think it’s a little easy to say
that well, you know, that the NSA should just do everything in a lawful
way, shouldn’t spy on people unless it gets a court approval, and so on.
And when you’re actually charged with doing the defending, reality may
intrude.
One example is, if you look at the statements that Barack Obama made
when he was a candidate for the presidency, he seemed to be talking in a
very strong civil libertarian terms. He was talking how he was going to
close down Guantanamo, he was going to end the illegal spying, and so
on.
And then you look at what the president has been doing since he’s
assumed office.
You would think that candidate Obama would be very
critical of President Obama. And one explanation might be that, you
know, it’s one thing to be a candidate, it’s another thing when you’re
actually the president charged with defending the American people.
So,
without actually being in that position, I think it’s a little hard to
answer the question.
It’d be easy to be extremely critical of the NSA. I’m not saying that I
would fully defend what it’s doing, but I guess I would say that if we
saw more of what it is that the NSA is coming across, we might have a
slightly different view of what’s going on.
The other reason, it’s hard to answer, that is that it is the flip side
of it, that the government would trot out these instances and say that,
“look, we didn’t do that sort of surveillance and if we had, and if we
had shared more information, we might have stopped the 9/11 attacks”,
and this is evidence to support that, I think.
Or:
“Look, because we did
this surveillance, we were able to stop these attacks.”
And so what are you really giving up, the government might ask. You
know, on one hand, what the government is offering is very tangible
security,
“look at these threats, we can stop these threats”.
And what
it’s taking away is very ethereal, what is privacy, how will you even
know if you’ve been spied on.
And so you know, one is very tangible and
immediate, and the other is very diffused. And if you compare it like
that, the tangible and immediate tends to win out. But it will always
win out if that’s the way you look at it.
Then civil liberties will
invariably be compromised.
M: There is already information that the NSA has been extracting on the
common man. Why hadn’t they been able to stop instances such as the
Boston Bombings?
TY: I think, yeah, definitely there’s the concern that too much
information is not a good thing because you can’t just process it, and,
well, I don’t really recall where I saw this, but I know I’ve read
account that on September 12, the government got around to decrypting
some communications that it had intercepted from Al-Qaeda, and they
decrypted a statement that said something like: was it something like
hour zero, or the game is now.
So, in other words, the government had something in its hands that
indicated that something big was happening, but it didn’t get around to
decrypting it until the day
after 9/11 because there was just so much
stuff they were processing.
So, definitely it’s an oversimplification
for the government to say: we need more information, and if we have more
information, we can stop this. But, if you are coming across a lot of
threats every day, all of them might be bogus, or most of them on any
given day might be bogus.
The question is, how do you sort through
those? And maybe they have enough time to go through and get a regular
sort of a warrant, and maybe they don’t…
I think the government would
say in the Boston bomber case,
“Hey, if only we had just checked out
either we had those guys, we’d [have issued] warnings for other people.
How were we supposed to figure out which of all these potential threats
were real?
If only we had looked at what those guys were researching on
the internet, we might have found that the older brother was researching
how to build these pressure cooker bombs.”
That might have been a pretty good clue. Maybe they could have gotten
some sort of warrant to look at what those guys were doing anyway.
M: The NSA has maintained checklists for dangerous words and a lot of
people have started posting these dangerous words into their emails and
online posts. How do you feel about that?
TY: Yeah, I know. That would obviously cause problems, although I think
messing with the NSA is a high-risk proposition.
Remember that the NSA,
you don’t know that, the NSA is spying on you until maybe something
really bad happens down the road. I think that you’ve got one class of
people, let’s say, journalists, academics, civil rights activists, where
you’re going to be talking to people, perhaps, or reading things that
might look suspicious to an outside observer.
But that’s part of your
job, and you can’t just not do your job because you’re afraid that the NSA is going to spy on you and wonder if you’re an enemy of the state.
But if your idea is ‘I don’t like the NSA and I’d do what I can to make
its job more difficult and so I’m going to start making myself look like
a bad guy’, that’s what I mean by high-risk strategy. Maybe you can get
away with it for a while, and maybe the risk isn’t so much that you’ll
be hauled off for some political prosecution.
Rather, the problem is
that the government zeroes in on somebody who’s doing that and they can
find something else wrong that the person has done breaking the law. In
the United States, there are over three thousand federal crimes.
And
then there are people who’ve noted this and said that basically every
person is a federal criminal everyday because there are so many laws and
you can’t possibly keep track of them all, but, there’s likely some kind
of obscure law that you’ve violated.
So, that’s what I mean by
high-risk.
M: As far as we know, the NSA has never had a request for data rejected.
Why do you think they felt the need to infiltrate data centers from
companies such as Yahoo and Facebook, especially since these companies
are the ones giving them the data in the first place?
TY: Well I think that’s hard to understand. I mean I can’t really give
you an answer. I wonder how much of it has to do with classified
information, but we just, the government can’t answer without sharing
classified information that it doesn’t want to share.
My guess is that
the answer might be something like: when the service providers
voluntarily turnover what it is that we’re asking them to turnover, they
are doing a bit of filtering, that is, they are having a look through
everything to decide what fits, and that we, the government, are
concerned that they might be missing things, and so we want to check for
ourselves.
Again, I’m not saying that’s what they’re saying, and even if that is
what they’re saying and that’s right, that’s kind of my guess on what
they might say.
M: Do you think that people actually have any kind of options to keep
their data safe and out of the NSA’s hands, or is this just something
that they have to live with?
TY: Well I guess in terms of emails, and that serves as direct
communications like that, but if you are really concerned, I think that
there are some encryption programs like there’s one PGP, which is
Pretty
Good Privacy.
It’s been around for a while. I’m not sure how secure it
still is.
But there are some encryption programs that might provide some
degree of privacy but the problem in this is how confident one would be
that the NSA has not actually cracked those encryption schemes. And,
that’s what we wouldn’t know because the NSA would keep it secret.
So I think the upshot is that there’s probably not much that you can do
if, if you really are being targeted.
M: In the light of our entire discussion, what advice would you have for
the average Joe who isn’t sure of what to do about the NSA?
TY: You know, I think just a general, common sense advice would be [to]
be careful about what it is that you’re sharing.
If you’re concerned
about privacy, anything that you put on the internet, any emails that
you send, it goes. Some people call this The New York Times test, that,
how would you feel if this showed up on the first page of The New York
Times.
You can’t really live your life entirely like that, but, if you
exercise a mode of caution in terms of what you send and how you send
it, it’s probably a good thing generally, so that you don’t send emails
that are overly harsh and which you wouldn’t send in a more calm moment
or something.
Be more careful about what you share on Facebook or on blogs, or on
whatever.
You know, which is useful, just not in terms of the NSA, but
protecting against identity thieves and other problems like that. I
think a lot of it is really at the political participation level, which
is, if people really care about privacy and they are really concerned
about these privacy issues, there is a mechanism.
It’s very slow, it’s
hard to direct, but we’re in the democratic republic. We vote for our
leaders and our leaders implement policies and if you don’t like what
your leaders are doing, vote them out of office.
Now of course this is easier said than done because there might be many
different issues that people care about and you might like what your
representative is doing on many issues and you dislike one, what do you
do? What if the other candidate is much worse in everything?
So I
recognize it’s a very blunt tool, but politicians are somewhat
responsive to what constituents care about.
I think that the most useful
approach is getting the more people, if you care about this, the more
people you can get to care about it as well, the more political voice
you have and the more political voice you have, the more likely you are
to get the attention of political leaders.
M: Thank you so much for the time you’ve spared for this discussion
today. The information that you’ve shared with us will help a lot of
people understand a lot of things about the NSA that they didn’t
previously know.
TY: Okay, sure. Bye.
M: Thank you so much. Bye-bye.
