Posts

Tuesday Morning: Garbage in, Garbage out [UPDATE]

Why’d I pick this music video, besides the fact I like the tune? Oh, no reason at all other than it’s trash day again.

Speaking of trash…

Facebook furor just frothy foam?
I didn’t add yesterday’s Gizmodo piece on Facebook’s news curation yesterday or the earlier May 3 piece because I thought the work was sketchy. Why?

  • The entire curation system appears to be contractors — Where is a Facebook employee in this process?

    “…News curators aren’t Facebook employees—they’re contractors. One former team member said they received benefits including limited medical insurance, paid time off after 6 months and transit reimbursement, but were otherwise excluded from the culture and perks of working at Facebook. […] When the curators, hired by companies like BCForward and Pro Unlimited (which are then subcontracted through Accenture to provide workers for Facebook), arrive at work each day, they read through a list of trending topics ranked by Facebook’s algorithm from most popular (or most engaged) to least. The curators then determine the news story the terms are related to.

    The news curation team writes headlines for each of the topics, along with a three-sentence summary of the news story it’s pegged to, and choose an image or Facebook video to attach to the topic. The news curator also chooses the “most substantive post” to summarize the topic, usually from a news website. […] News curators also have the power to “deactivate” (or blacklist) a trending topic—a power that those we spoke to exercised on a daily basis. …” (emphasis mine)

    I see a Facebook-generated algorithm, but no direct employees in the process — only curator-contractors.

  • Sources may have a beef with Facebook — This doesn’t sound like a happy work environment, does it?

    “…Over time, the work became increasingly demanding, and Facebook’s trending news team started to look more and more like the worst stereotypes of a digital media content farm.

    […]

    Burnout was rampant. ‘Most of the original team isn’t there anymore,’ said another former news curator. ‘It was a stop-gap for them. Most of the people were straight out of [journalism school]. At least one of them was fired. Most of them quit or were hired by other news outlets.’ …” (emphasis mine)

    It’s not as if unhappy contractors won’t have newsworthy tips, but what about unhappy Facebook employees? Where are they in either of Gizmodo’s pieces?

  • Details in the reporting reveal bias in the complainant(s) — So far I see one reference to a conservative curator, not multiple conservative curators.

    “Facebook workers routinely suppressed news stories of interest to conservative readers from the social network’s influential “trending” news section, according to a former journalist who worked on the project.

    […]

    Other former curators interviewed by Gizmodo denied consciously suppressing conservative news, and we were unable to determine if left-wing news topics or sources were similarly suppressed. The conservative curator described the omissions as a function of his colleagues’ judgements; there is no evidence that Facebook management mandated or was even aware of any political bias at work. …”

    Note the use of “a” in front of “former journalist” and “the” in front of “conservative curator.” (Note also Gizmodo apparently needs a spell check app.)

  • No named sources confirming the validity of the complaints or other facts in Gizmodo’s reporting — Again, where are Facebook employees? What about feedback from any of the companies supplying contractors; did they not hear complaints from contractors they placed? There aren’t any apparent attempts to contact them to find out, let alone anonymous confirmation from these contract companies. There are updates to the piece yesterday afternoon and this morning, including feedback from Vice President of Search at Facebook, Tom Stocky, which had been posted at Facebook. Something about the lack of direct or detailed feedback to Gizmodo seems off.
  • Though named in the first of two articles, Facebook’s managing editor Benjamin Wagner does not appear to have been asked for comment. The May 3 piece quotes an unnamed Facebook spokesperson:

    When asked about the trending news team and its future, a Facebook spokesperson said, “We don’t comment on rumor or speculation. As with all contractors, the trending review team contractors are fairly compensated and receive appropriate benefits.”

I’m disappointed that other news outlets picked up Gizmodo’s work without doing much analysis or followup. Reuters, for example, even parrots the same phrasing Gizmodo used, referring to the news curators as “Facebook workers” and not contract employees or contractors. Because of this ridiculous unquestioning regurgitation by outlets generally better than this, I felt compelled to write about my concerns.

And then there’s Gizmodo itself, which made a point of tweeting its report was trending on Facebook. Does Gizmodo have a beef with Facebook, too? Has it been curated out of Facebook’s news feed? Are these two pieces really about Facebook’s laundering of Gizmodo?

I don’t know; I can’t tell you because I don’t use Facebook. Not going to start now because of Gizmodo’s sketchy reporting on Facebook, of all things.

Miscellany
Just some odd bits read because today is as themeless as yesterday — lots of garbage out there.

Skepticism: I haz it
As I read coverage about news reporting and social media leading up to the general election, I also keep in the back of my mind this Bloomberg report, How to Hack an Election:

As for Sepúlveda, his insight was to understand that voters trusted what they thought were spontaneous expressions of real people on social media more than they did experts on television and in newspapers. […] On the question of whether the U.S. presidential campaign is being tampered with, he is unequivocal. “I’m 100 percent sure it is,” he says.

Be more skeptical. See you tomorrow morning!

UPDATE — 1:30 P.M. EDT —

@CNBCnow
JUST IN: Senate Commerce Commtitte chair sends letter to Facebook’s Mark Zuckerberg seeking answers on alleged manipulation of trending news

ARE YOU FUCKING KIDDING ME WITH THIS? THE SENATE GOING TO WASTE TAX DOLLARS ON THIS WHEN EVERY. SINGLE. NEWS. OUTLET. USES EDITORIAL JUDGMENT TO DECIDE WHAT TO COVER AS NEWS?

Cripes, Gizmodo’s poorly sourced hit piece says,

“…In other words, Facebook’s news section operates like a traditional newsroom, reflecting the biases of its workers and the institutional imperatives of the corporation. …”

Yet the Senate is going to pursue this bullshit story after Gizmodo relied on ONE conservative curator-contractor — and their story actually says an algorithm is used?

Jeebus. Yet the Senate will ignore Sheldon Adelson’s acquisition of the biggest newspaper in Las Vegas in a possible attempt to denigrate local judges?

I can’t with this.

UPDATE — 3:35 P.M. EDT —
The Guardian reports the senator wasting our tax dollars questioning a First Amendment exercise by Facebook is John Thune. Hey! Guess who’s running for re-election as South Dakota’s senior senator? Why it’s John Thune! Nothing like using your political office as a free press-generating tool to augment your campaign. I hope Facebook’s algorithm suppresses this manufactured non-news crap.

Thursday Morning: Fast and Furious Edition

[image (modified): Adam Wilson via Flickr]

[image (modified): Adam Wilson via Flickr]

Insane amount of overseas news overnight. Clearly did not include me winning $1.5B Powerball lottery. Attacks in Jakarta and Turkey are no joke.

Let’s move on.

Some U.S. utilities’ still wide open to hacking
Dudes, how many times do you need to be told your cheese is still hanging out in the wind? Some heads should roll at this point. US government’s Industrial Control Systems Cyber Emergency Response Team’s Marty Edwards sounded pretty torqued about this situation at the S4 ICS Security Conference this week. I don’t blame him; if a utility gets hacked, it’s not like your grandmother’s PC getting held ransom. It means the public’s health and safety are at risk. Get on it.

Your cellphone is listening to your TV — and you
Bruce Schneier wrote about the Internet of Things’ expansive monitoring of consumers, citing the example of SilverPush — an application which listens to your television to determine your consumption habits. Bet some folks thought this was an app still in the offing. Nope. In use now, to determine current TV program listings and ratings. Listening-to-your-consumption apps have now been around for years.

Wonder if our pets can hear all this racket inaudible to humans? Will pet food companies embed ads shouting out to our pets?

But you may be able to hide from devices
…depending on whether you are using location-based services, and if you can use the app developed by Binghamton University. A paper on this technology was presented last month at the Institute of Electrical and Electronics Engineers (IEEE) GLOBECOM Conference, Symposium on Communication & Information System Security. The lead researcher explained the purpose of the app:

“With Facebook, Twitter, LinkedIn and others we provide a huge amount of data to the service providers everyday. In particular, we upload personal photos, location information, daily updates, to the Internet without any protection,” Guo said. “There is such a chance for tragedy if that information is used to in a bad way.”

The app isn’t yet available, but when it is, it should prevent personally identifying location-based data from being used by the wrong folks.

VW emissions scandal: Well, this is blunt
I think you can kiss the idea of nuance goodbye, gang.

“Volkswagen made a decision to cheat on emissions tests and then tried to cover it up,” said CARB chair Mary Nichols in a statement.
“They continued and compounded the lie, and when they were caught they tried to deny it. The result is thousands of tons of nitrogen oxide that have harmed the health of Californians.”

Yeah. That.

The last bits
Nest thermostats froze out consumers after a botched update. (Do you really need internet-mediated temperature controls?)
Phone numbers may become a thing of the past if Facebook has its way. (Um, hell no to the Facebook. Just no.)
Senator Al Franken quizzes Google about data collection and usage on K-12 students. (Hope he checks toy manufacturers like Mattel and VTech, too.)

That’s a wrap, hope your day passes at a comfortable speed.

Wednesday Morning: Wonderful, Just Wonderful

I debated about posting Jonny Lang’s Lie to Me. Nah, we’re lied to every day, might as well ask for the truth for once, even if it’s ugly. The truth is that nothing’s okay though we wish like hell it were otherwise.

That said, let’s forge on into the fraught and frothing fjords…

‘Nope.’ That’s what California Air Resources Board said
Huh-uh, no way, nada — CARB told Volkswagen in response to VW’s proposed recall plans for emissions standard-cheating 2.0L vehicles sold into California. Because:

  • The proposed plans contain gaps and lack sufficient detail.
  • The descriptions of proposed repairs lack enough information for a technical evaluation; and
  • The proposals do not adequately address overall impacts on vehicle performance, emissions and safety

Wonder if CARB’s response will be different with regard to VW’s 3.0L vehicles? Shall we take bets?

Fugly, in multiples — cybersec edition
Ebay’s got bugs, and not just at auction.

Need more than tape to fix this problem with cheap web cameras.

Popular antivirus may pose a hacking threat, patch has been issued. Same antivirus manufacturer has a nifty relationship with INTERPOL, too, to share information about cyberthreats. Wonder if they phoned INTERPOL and said, “Cyberthreat. It me!”

(BTW, I love it when spell check helpfully says, “‘Cybersec’ is wrong, don’t you mean ‘cybersex’?”…um, no.)

General Motors: We won’t sue white hats doing our work for us!
No lawsuits, but don’t expect any rewards for finding vulnerabilities (unlike competitor Tesla’s bug report program).

Big of you, GM. Way to protect your intellectual property and brand at the same time.

The biggest threat to nation’s power grid is S_______
Beady-eyed and focused, slips beneath our radar, gnaws into our electricity transport with annoying frequency, causing hundreds of hours of power outages. Stuxnet? No. Bloody squirrels.

In short, it’s all wonderful this Wednesday. Just wonderful. Pass the Glenmorangie, please.

Tuesday Morning: Wow, You Survived Business Day 1

The post-holiday season debris field continues to thin out, making its way by the truckful to the landfill. I wonder how much oil the season’s plastic wrappings consumed.

Here’s what the trash man left behind this morning.

Hackers caused power outage — the first of its kind?
Marcy’s already posted about the electrical power disruption in Ukraine this past week, labeled by some as the first known hacker-caused outage. I find the location of this malware-based outage disturbing due to its location in western Ukraine. Given the level of tensions with Russia along the eastern portion of the country, particularly near Donetsk over the past couple of years, an outage in the west seems counterintuitive if the hackers were motivated by Ukraine-Russian conflict.

And hey, look, the hackers may have used backdoors! Hoocudanode hackers would use backdoors?!

Fortunately, one government is clued in: the Dutch grok the risks inherent in government-mandated backdoors and are willing to support better encryption.

‘Netflix and chill’ in a new Volvo
I’ve never been offered a compelling case for self-driving cars. Every excuse offered — like greater fuel efficiency and reduced traffic jams — only make greater arguments for more and better public transportation.

The latest excuse: watching streaming video while not-driving is Volvo’s rationalization for developing automotive artificial intelligence.

I’m not alone in my skepticism. I suspect Isaac Asimov is rolling in his grave.

US Govt sues pollution-cheater VW — while GOP Congress seeks bailout for VW
WHAT?! Is this nuts or what? A foreign car company deliberately broke U.S. laws, damaging the environment while lying to consumers and eating into U.S.-made automotive market share. The Environmental Protection Agency filed suit against Volkswagen for its use of illegal emissions control defeat systems. The violation of consumers’ trust has yet to be addressed.

Thank goodness for the GOP-led House, which stands ready to offer a freaking bailout to a lying, cheating foreign carmaker which screwed the American public. Yeah, that’ll fix everything.

Remember conservatives whining about bailing out General Motors during 2008’s financial crisis? All of them really need a job working for VW.

Massive data breach affecting 191 million voters — and nobody wants to own up to the database problem
An infosec researcher disclosed last week a database containing records on 191 million voters was exposed. You probably heard about this already and shrugged, because data breaches happen almost daily now. No big deal, right?

Except that 191 million voters is more than the number of people who cast a vote in 2012 or even 2008 presidential elections. This database must represent more than a couple election cycles of voter data because of its size — and nobody’s responding appropriately to the magnitude of the problem.

Nobody’s owning up to the database or the problem, either.

Here’s a novel idea: perhaps Congress, instead of bailing out lying, cheating foreign automakers, ought to spend their time investigating violations of voters’ data — those folks that put them in office?

Any member of Congress not concerned about this breach should also avoid bitching about voter fraud, because hypocrisy. Ditto the DNC and the Hillary Clinton campaign.

Whew, there it is, another mark on the 2016 resolution checklist. Have you checked anything off your list yet? Fess up.

Internet of Things: Now, with ‘Breachable’ Kids Connect and ‘Hackable’ Barbie

HelloBarbie

[graphic: Hello Barbie via Mattel’s website]

The Internet of Things (IoT) already includes refrigerators, televisions, slow cookers, automobiles, you name it. Most of these items have already experienced security problems, whether personal information leaks, or manipulative hacking.

Now the IoT includes toys — and wow, what a surprise! They’re riddled with privacy and security problems, too.

Like VTech’s privacy breach, exposing data for more than 6 million children and parents including facial photos and chat logs through its Kids Connect technology. The company’s privacy policy (last archived copy) indicated communications would be encrypted, but the encryption proved whisper thin.

Or Mattel’s Hello Barbie, its Wi-Fi enabled communications at risk for hacking and unauthorized surveillance. The flaws include this doll’s ability to connect to any Wi-Fi network named “Barbie” — it was absolutely brain-dead easy to spoof and begin snooping on anything this doll could “hear.”

It’s amazing these manufacturers ever thought these toys were appropriate for the marketplace, given their target audience. In VTech’s case, it appears to be nearly all ages (its Android app on Google Play is unrated), and in the case of Mattel’s Hello Barbie, it’s primarily girls ages 6-15.

These devices are especially iffy since they tippy-toe along the edge of the Children’s Online Privacy Protection Act of 1998 (a.k.a. COPPA, 15 U.S.C. 6501–6505).

Parents share much of the blame, too. Most have no clue what or how federal law covers children’s internet use under COPPA, or requirements under the Children’s Internet Protection Act (a.k.a. CIPA, 47 CFR 54.520). Nor do the parents who buy these devices appear to grasp this basic fact: any network-mediated or Wi-Fi toy, apart from the obvious cellphone/tablet/PC, is at implicit risk for leaking personal data or hackable. How are these devices risking exposure of children’s data, including their activities and location, age-appropriate toys?

This piece at Computerworld has a few helpful suggestions. In my opinion, the IoT doesn’t belong in your kids’ toybox until your kids are old enough to understand and manage personal digital information security to use the internet safely.

Frankly, many parents aren’t ready for safe internet use.

Admiral Mike Rogers Virtually Confirms OPM Was Not on Counterintelligence Radar

For some time, those following the OPM hack have been asking where the intelligence community’s counterintelligence folks were. Were they aware of what a CI bonanza the database would present for foreign governments?

Lawfare’s Ben Wittes has been asking it for a while. Ron Wyden got more specific in a letter to the head of the National Counterintelligence and Security Center last month.

  1. Did the NCSC identify OPM’s security clearance database as a counterintelligence vulnerability prior to these security incidents?
  2. Did the NCSC provide OPM with any recommendations to secure this information?
  3. At least one official has said that the background investigation information compromised in the second OPM hack included information on individuals as far back as 1985. Has the NCSC evaluated whether the retention requirements for background investigation information should be reduced to mitigate the vulnerability of maintaining personal information for a significant period of time? If not, please explain why existing retention periods are necessary?

And Steven Aftergood, analyzing a 2013 Intelligence Community Directive released recently, noted that the OPM database should have been considered a critical counterintelligence asset.

A critical asset is “Any asset (person, group, relationship, instrument, installation, process, or supply at the disposition of an organization for use in an operational or support role) whose loss or compromise would have a negative impact on the capability of a department or agency to carry out its mission; or may have a negative impact on the ability of another U.S. Government department or agency to conduct its mission; or could result in substantial economic loss; or which may have a negative impact on the national security of the U.S.”

By any reasonable definition, the Office of Personnel Management database of security clearance background investigations for federal employees and contractors that was recently compromised by a foreign adversary would appear to qualify as a “critical asset.” But since OPM is not a member or an element of the Intelligence Community, it appears to fall outside the scope of this directive.

But in a private event at the Wilson Center last night, NSA Director Mike Rogers described NSA being brought in to help OPM — but only after OPM had identified the hack.

After the intrusion, “as we started more broadly to realize the implications of OPM, to be quite honest, we were starting to work with OPM about how could we apply DOD capability, if that is what you require,” Rogers said at an invitation-only Wilson Center event, referring to his role leading CYBERCOM.

NSA, meanwhile, provided “a significant amount of people and expertise to OPM to try to help them identify what had happened, how it happened and how we should structure the network for the future,” Rogers added.

That “as we started more broadly to realize the implications of OPM” is the real tell, though. It sure sounds like the Chinese were better able to understand the value of a database containing the security clearance portfolios on many government personnel then our own counterintelligence people.

Oops.

Cyber-spawn Duqu 2.0: Was Malware Infection ‘Patient Zero’ Mapped?

Cybersecurity_MerrillCollegeofJournalismKaspersky Lab reported this morning a next-generation version of Duqu malware infected the information security company’s network.

Duqu is a known reconnaissance malware. Its complexity suggests it was written by a nation-state. The malware appears closely affiliated with the cyber weapon malware Stuxnet.

WSJ reported this particular version may have been used to spy on the P5+1 talks with Iran on nuclear development. Dubbed ‘Duqu 2.0,’ the malware may have gathered audio, video, documents and communications from computers used by talk participants.

Ars Technica reported in depth on Kaspersky’s discovery of the malware and its attributes. What’s really remarkable in this iteration is its residence in memory. It only exists as a copy on a drive at the first point of infection in a network, and can be wiped remotely to destroy evidence of its occupation.

The infosec firm killed the malware in their networked devices by mimicking a power outage. They detached from their network suspect devices believed to contain an infecting copy.

Kaspersky’s Patient Zero was a non-technical employee in Asia. Duqu 2.0 wiped traces of its own insertion from the PC’s drive.

Neither WSJ or Ars Technica noted Kaspersky’s network must have been subject to a program like TREASUREMAP.

…Because the rest of the data remained intact on the PC and its security patches were fully up to date, researchers suspect the employee received a highly targeted spear phishing e-mail that led to a website containing a zero-day exploit. … (bold mine – source: Ars Technica)

How was a single non-technical point of contact in Asia identified as a target for an infected email? Read more

Reagan? No, Regin — Yet Another [GCHQ] Intelligence Malware

Recently, computer security firm Symantec reported discovery of another intelligence-gathering malware, dubbing  it “Regin.”

What’s particularly interesting about this malware is its targets:

  • It infected computers in Afghanistan, Austria, Belgium, India, Iran, Ireland, Mexico, Pakistan, Russia, Saudia Arabia;
  • At 48% of total infections, the largest group of targets were private individuals and small businesses.

Please do read Symantec’s blog post and its technical paper on Regin to understand how it works as well as its targets. Many news outlets either do not understand malware and cybersecurity, or they get facts wrong whenever major malware attacks are reported. Symantec’s revelation about Regin is no different in this respect.

Independent.ie offers a particularly exceptional example distorting Symantec’s report, claiming “Ireland is one of the countries worst hit globally by a dangerous new computer virus that spies on governments and companies, according to a leading technology firm.”

If by “worst hit,” they mean among the top four countries targeted by this malware? Sure. But only 9% of the infections affected Irish-based computers, versus 28% of infections aimed at Russian machines, and 24% affecting Saudi machines. The Independent.ie’s piece reads like clickbait hyperbole, or fearmongering, take your pick.

What wasn’t addressed by the Independent.ie and numerous other outlets, including those covering the tech sector are some fundamental questions:

  • What assets or activities might the targeted countries have in common that would make them targets of a single intelligence operation organized by one or more nation-states?
  • What are so many private individuals and small businesses targeted by this malware, in contrast to other malware-based intelligence-collection operations seen to date?

The Guardian came closest to examining these issues, having interviewed researchers at computer security firm F-Secure to ask the origins of the malware. As of 24-NOV-2014, the firm’s Mikko Hypponen speculated that the US, UK, and/or Israel were behind Regin’s development and deployment.

As of the video embedded above, Hypponen firmly says the UK’s intelligence entity GCHQ is behind Regin, in particular the malware’s invasion of a Belgian telecom network (see video at 07:20). Read more

Angry Mom and First Principles: What is the Nature of a Broken Lock?

This won’t be a cool, calm, collected post like Marcy writes, because it’s me, the angry mom. You might even have seen me Tuesday afternoon in the school parking lot waiting to pick up a kid after sports practice. I was the one gripping the steering wheel too tightly while shouting, “BULLSHIT!” at the top of my lungs at the radio.

The cause? This quote by President Obama and the subsequent interpretation by NPR’s Ari Shapiro.

President Obama to ABC’s new Latino channel, Fusion (1:34): It’s important for us to make sure that as technology develops and expands and the capacity for intelligence gathering becomes a lot greater that we make sure that we’re doing things in the right way that are reflective of our values.

Ari Shapiro (1:46): And, Audie, I think what you’re hearing in that quote is a sense that is widespread in this administration that technological improvements have let the government do all kinds of things they weren’t able to do before. They tapped the German Chancellor’s personal cellphone and nobody really stopped to ask whether these are things they should be doing. And so that question, just because we can do something, well, does it mean we should be doing it, that’s the question that seems to be the focus of this review.

Bullshit, bullshit, bullshit.

Here, let me spell this out in terms a school-aged kid can understand.

photo, left: shannonpatrick17-Flickr; left, Homedit

This is a doorknob with a lock; so is the second closure device on the right.

The lock technology used on the second door is very different; it’s no longer simple analog but digitally enhanced. The second lock’s technology might be more complicated and difficult to understand. But it’s still a lock; its intrinsic purpose is to keep unauthorized persons out.

If one were to pick either lock in any way, with any tools to enter a home that is not theirs and for which they do not have permission to enter, they are breaking-and-entering.

If it’s law enforcement breaching that lock, they’d better have a damned search warrant or a court order, in the absence of a clear emergency or obvious crime in progress.

The argument that information technology has advanced to the point where the NSA blindly stumbles along without asking whether they should do what they are doing, or asking whether they are acting legally is bullshit. They have actively ignored or bypassed the proverbial lock on the door. It matters not where the lock is located, inside or outside the U.S.

The Washington Post’s revelation Wednesday that the NSA cracked Yahoo’s and Google’s SSLsecure sockets layer — is equivalent to evidence of deliberately busted door locks. So is the wholesale undermining of encryption systems on computers, cellphones, and network equipment revealed in reports last month, whether by weakened standards or by willfully placed holes integrated in hardware or software.

The NSA has quite simply broken into every consumer electronic device used for communications, and their attached networks. When the NSA was forced to do offer explanations for their actions, they fudged interpretations of the Constitution and laws in order to continue what they were doing. Their arguments defending their behavior sound a lot like a child’s reasoning. Read more

The Truth: The NSA Has Been Working on Domestic Spying for Ten-Plus Years

[graphic: Electronic Frontier Foundation via Flickr]

[graphic: Electronic Frontier Foundation via Flickr]

The yapping of national security conservatives, whether self-identified as Republicans or Democrats, obscures the truth when they denigrate Edward Snowden’s flight to Hong Kong and subsequent attempts at whistleblowing.

The truth is this:

•  Others before Snowden tried to go through so-called chain of command or proper channels to complain about the National Security Agency’s domestic spying, or to refuse the NSA’s efforts to co-opt them or their business. These efforts did not work.

•  They were obstructed, harassed, or punished for their efforts. It did not matter whether they were insiders or outsiders, whistleblowers or plaintiffs, the results were the same for:

•  William Binney,
•  Thomas Drake,
•  Mark Klein,
•  Thomas Tamm,
•  Russell Tice,
•  and J. Kirk Wiebe,
•  as well as Joseph Nacchio.

•  The effort to spy on Americans, violating their privacy and taking their communications content, has been underway since before the Bush administration. (Yes, you read that right: BEFORE the Bush administration.)

•  Three presidents have either failed to stop it or encouraged it (Yes, including Bill Clinton with regard to ECHELON).

•  The program has been growing in physical size for more than a decade.

One document in particular [PDF] described the challenge of the NSA , from which this excerpt is drawn: Read more