NSA’s Computer & Mobile Spying: An Interview with Tung Yin
Tung Yin is a professor of law at Lewis & Clark Law School in Portland, Oregon. His main area of focus is national security law, criminal procedure, terrorism and law, and federal criminal law. He has conducted extensive research on domestic legal problems that were borne from counter-terrorism practices and policies in the aftermath of 9/11. Professor Yin has more than a decade of experience as a lawyer. A lot of his work is featured on leading newspaper sites such as Washington Post. The NSA has been one of the issues that professor Yin has addressed through his expertise. His opinion has been featured on several national television shows dissecting the NSA. In his interview, he highlights the dynamics of the NSA in our lives and helps us gain a better perspective of the dos and don’ts of dealing with the NSA.
You can listen to the entire interview here:
Embed this audio on your site!
Simply copy the below code and paste it into your website.
Mobistealth: Hi there, how are you?
Tung Yin: I’m fine, thanks.
Mobistealth: Alright then, should we start?
Tung Yin: Yes, sure.
Mobistealth: For the first question, could you please tell me your perspective on the NSA in terms of cell phone tracking?
Tung Yin: Well, this is part of a much bigger issue of everything that we are starting to find out about what the NSA has been surveying. There’s the cell phone tracking, there’s the emails… apparently now we’re finding out that the NSA has actually infiltrated Google and Yahoo as well. So this is one part of it. All of this information gathering [is] about mostly Americans, but also, we’re finding out, non-Americans as well.
Some of it is apparently covered by court warrants, that is there are courts that have given approval to some of these surveillances, and then [are] others where the government is claiming the authority to do this even though there is no court approval. So, [it] raises a lot of legal questions and of course there are policy questions as well about whether, even if it is legal, if this is really what we want the government to be doing.
Mobistealth: Do you believe that Section 2:15 of the Patriot Act is a justifiable defense? It’s been used by the NSA a couple of times.
Tung Yin: Well, the Patriot Act is very long and I think in some ways it draws a lot of undue attention. Sometimes people complain about it and what they are complaining about has actually nothing to do with the Patriot Act. It has to do with other government activities. For example, Guantanamo; there’s nothing about Guantanamo that relates to the Patriot Act, but many people, I think, erroneously think that it does. Parts of the Patriot Act, I think, make sense because the old law, the US law, joined with just regular criminal search warrants and cell phones was, it was more like something appropriate to the mid-20th century, not [applicable] to use [for] cell phones in the 21st century. But there are parts of the Patriot Act that made it easier for the government to get and to share what we call foreign intelligence information and this is a lot of what the NSA is going after.[To elaborate] normally what, the kinds of warrants that judges will issue, or what we call criminal search warrants, it’s where the police say that we think that the target of the search has committed a crime. Here are the reasons why we think the person has committed a crime. This is why you should let us invade their privacy and search their home, or search their car, whatever. And so the standard that the police have to meet is what we call probable cause. It doesn’t mean you have to prove beyond a reasonable doubt which [is] the criminal trial standard. You do not have to prove to that level of certainty that the person is committing a crime. You just have to have a good basis for it. Then the judge will issue the search warrant and that allows you to do what would otherwise be a violation of fourth amendment rights against illegal searches.
But you can see the issue here is that the police or the government has to have a probable cause to believe that the person has already committed a crime. And the NSA is not going to be in that position. They are in the position of trying to figure out, if we think this is what they are doing, who may be planning terrorist attacks or whatever. And they’re doing a big dragnet of everybody, trying to figure out among everybody “who should we be spending more time on”. So they can’t possibly meet that probable cause standard.
What the Foreign Intelligence Surveillance Act, which was passed in 1978, what that does is that it says, okay, there is a different way that the government might be searching people or spying on them, which is not about gathering evidence of criminal activity, but instead it’s about gathering foreign intelligence, which is useful for the government in terms of diplomacy and so on. And so, you still have, if you’re going to invade people’s privacy for that, you still have to have a warrant. At least if you’re talking about American persons (and by American persons, it doesn’t mean just citizens, it means citizens and permanent residents, and the like). But the standard is, you have to show probable cause to believe that the person is an agent of a foreign power, so if they’re somehow working for either foreign government or foreign organization, including a foreign terrorist organization.
Now I could say it’s a little bit easier for the government in some senses. They don’t have to show that the target may be or has committed a crime. They just have to show that the target is working for a foreign source. And so what the Patriot Act did is it made it:
- It made it a little bit easier to get that kind of warrant;
- And, it made it easier to share the information that the government gets through that kind of a warrant.
And by share what I mean is you’ve got your foreign intelligence analysts and then you’ve got yo
ur criminal investigators. And they have different jobs. But sometimes the foreign intelligence people may come across information about a crime. They would like to pass that along to the criminal investigators. Before 9/11 and the Patriot Act, it was harder to do that. And after 9/11 it became easier. One of the concerns that some civil libertarians have is that now it is easy for the government to get the foreign intelligence warrant, when what they’re really doing is trying to gather information for prosecution. When people are complaining about the Patriot Act and whether it’s to blame and so on, that’s the aspect that relates to what the NSA is doing.
Mobistealth: LOVEINT is the code that’s used for intelligence that’s gathered on an NSA employee’s ex spouse or current spouse, or significant other. Do you think that average people can actually take any form of action against the government or the NSA?
Tung Yin: Well you probably [can], there would be causes of action that you could raise about that, but the problem is that, typically, the only way that you would tend to know that the NSA or some NSA person had done some surveillance on you… the typical way you would find out is that the information that the NSA comes across is shared with criminal investigators, who then use it to get to prosecute you as the target. And then the government shares the evidence it has against you and you find out that some of it was through this kind of foreign intelligence surveillance. And then, at that point, what you care more about, less that your privacy is violated, and more about just making the government go away so you don’t get convicted.
At that point, you could file a motion to try to keep that evidence out. But you see the only way you really find out [about the NSA snooping] is that you’re indicted and you have to face a criminal trial. When these NSA employees are sharing this “Haha, look at what my ex is doing”, you may never find out. I mean obviously if you find out, it’d be embarrassing perhaps and you could bring a cause of action, what we call civil rights lawsuit for the violation of your privacy rights. But what’s probably in some ways disturbing for everybody else is: if it’s happening to you or me or anybody else, how would we know?
Mobistealth: How is what NSA does is any different from what Facebook or Google do, because they extract much more information than the NSA is supposedly capable of?
Well, there are a lot of similarities and I think that’s right, in some ways Facebook may give an example of wired people, one way you can look at it is that wired people are complaining so much about the government when they are willing to share so much on Facebook, or blogs, or whatever. But, of course Facebook is entirely voluntary. I know a few people who refused to join Facebook and if they refuse to join Facebook, then Facebook does nothing about that. So, you can opt out from Facebook, but you can’t really opt out from the NSA. So I think that would be the major difference.
I guess I would say that the notion of privacy, the way that the US law looks at privacy, is that it’s binary: either you have it or you don’t. So there are these cases where, there’s one case about garbage where the defendant in the case was some kind of drug dealer and threw away drugs or stuff in his garbage, expecting it to be taken out to the landfill and never be seen again. Well, the police suspected that that’s what he was doing, and so the police detective quite cleverly talked to the garbage collector and said: “Hey, when you go by this house, put that garbage aside, I’d like to look through it.” And the detective looked through and she found drugs stuff, and so she was able to get a warrant to search the defendant’s house and ultimately he was convicted. And he said: “Hey, wait a minute, you went through my trash without a warrant. How can you do that?” And the Supreme Court said, “Look, that’s your trash, you don’t care about it. You put it out to be picked up by somebody else, so, you know, cats could have come back and ripped open your trash, kids could’ve looked in there. You have no privacy in it.” [Basically] the court was saying either you have it or you don’t. But I don’t think that people think of it that way in real life. And Facebook is an example where you can set your posts, if you trust Facebook, you can set your posts so that either it’s open to everybody, or it’s only open to your friends, or only open to a subset of your friends, or it’s open to nobody. And that’s probably a more realistic way of how people think about privacy. That you have different groups, either bigger or smaller, and you share something only with a very select few, and other things you share with more people.
And again with the NSA, there is nothing like that. You can try to keep it as private as you want, but the only way you can really ensure it, I guess, is to keep it in your head.
Mobistealth: In the debate of personal privacy versus national security, do you think that the NSA’s actions are justified to an extent?
Tung Yin: You know, that’s a key question and it’s hard to answer for two, at least two, reasons.
The first reason is, I don’t have a security clearance, so I don’t, obviously, I don’t see the threat matrix or anything along those lines about the various threats that the United States, or you know, other countries may face. So in some sense I think it’s a little easy to say that well, you know, that the NSA should just do everything in a lawful way, shouldn’t spy on people unless it gets a court approval, and so on. And when you’re actually charged with doing the defending, reality may intrude.
One example is, if you look at the statements that Barack Obama made when he was a candidate for the presidency, he seemed to be talking in a very strong civil libertarian terms. He was talking how he was going to close down Guantanamo, he was going to end the illegal spying, and so on. And then you look at what the president has been doing since he’s assumed office. You would think that candidate Obama would be very critical of President Obama. And one explanation might be that, you know, it’s one thing to be a candidate, it’s another thing when you’re actually the president charged with defending the American people. So, without actually being in that position, I think it’s a little hard to answer the question.
It’d be easy to be extremely critical of the NSA. I’m not saying that I would fully defend what it’s doing, but I guess I would say that if we saw more of what it is that the NSA is coming across, we might have a slightly different view of what’s going on.
The other reason, it’s hard to answer, that is that it is the flip side of it, that the government would trot out these instances and say that “look, we didn’t do that sort of surveillance and if we had, and if we had shared more information, we might have stopped the 9/11 attacks”, and this is evidence to support that, I think. Or: “Look, because we did this surveillance, we were able to stop these attacks.”
And so what are you really giving up, the government might ask. You know, on one hand, what the government is offering is very tangible security, “look at these threats, we can stop these threats”. And what it’s taking away is very ethereal, what is privacy, how will you even know if you’ve been spied on. And so you know, one is very tangible and immediate, and the other is very diffused. And if you compare it like that, the tangible and immediate tends to win out. But it will always win out if that’s the way you look at it. Then civil liberties will invariably be compromised.
Mobistealth: There is already information that the NSA has been extracting on the common man. Why hadn’t they been able to stop instances such as the Boston Bombings?
Tung Yin: I think, yeah, definitely there’s the concern that too much information is not a good thing because you can’t just process it, and, well, I don’t really recall where I saw this, but I know I’ve read account that on September 12, the government got around to decrypting some communications that it had intercepted from Al-Qaeda, and they decrypted a statement that said something like: was it something like hour zero, or the game is now.
So, in other words, the government had something in its hands that indicated that something big was happening, but it didn’t get around to decrypting it until the day after 9/11 because there was just so much stuff they were processing. So, definitely it’s an oversimplification for the government to say: we need more information, and if we have more information, we can stop this. But, if you are coming across a lot of threats every day, all of them might be bogus, or most of them on any given day might be bogus. The question is, how do you sort through those? And maybe they have enough time to go through and get a regular sort of a warrant, and maybe they don’t… I think the government would say in the Boston bomber case, “Hey, if only we had just checked out either we had those guys, we’d [have issued] warnings for other people. How were we supposed to figure out which of all these potential threats were real? If only we had looked at what those guys were researching on the internet, we might have found that the older brother was researching how to build these pressure cooker bombs.”
That might have been a pretty good clue. Maybe they could have gotten some sort of warrant to look at what those guys were doing anyway.
Mobistealth: The NSA has maintained checklists for dangerous words and a lot of people have started posting these dangerous words into their emails and online posts. How do you feel about that?
Tung Yin: Yeah, I know. That would obviously cause problems, although I think messing with the NSA is a high-risk proposition. Remember that the NSA, you don’t know that, the NSA is spying on you until maybe something really bad happens down the road. I think that you’ve got one class of people, let’s say, journalists, academics, civil rights activists, where you’re going to be talking to people, perhaps, or reading things that might look suspicious to an outside observer. But that’s part of your job, and you can’t just not do your job because you’re afraid that the NSA is going to spy on you and wonder if you’re an enemy of the state.
But if your idea is ‘I don’t like the NSA and I’d do what I can to make its job more difficult and so I’m going to start making myself look like a bad guy’, that’s what I mean by high-risk strategy. Maybe you can get away with it for a while, and maybe the risk isn’t so much that you’ll be hauled off for some political prosecution. Rather, the problem is that the government zeroes in on somebody who’s doing that and they can find something else wrong that the person has done breaking the law. In the United States, there are over three thousand federal crimes. And then there are people who’ve noted this and said that basically every person is a federal criminal everyday because there are so many laws and you can’t possibly keep track of them all, but, there’s likely some kind of obscure law that you’ve violated. So, that’s what I mean by high-risk.
Mobistealth: As far as we know, the NSA has never had a request for data rejected. Why do you think they felt the need to infiltrate data centers from companies such as Yahoo and Facebook, especially since these companies are the ones giving them the data in the first place?
Tung Yin: Well I think that’s hard to understand. I mean I can’t really give you an answer. I wonder how much of it has to do with classified information, but we just, the government can’t answer without sharing classified information that it doesn’t want to share. My guess is that the answer might be something like: when the service providers voluntarily turnover what it is that we’re asking them to turnover, they are doing a bit of filtering, that is, they are having a look through everything to decide what fits, and that we, the government, are concerned that they might be missing things, and so we want to check for ourselves.
Again, I’m not saying that’s what they’re saying, and even if that is what they’re saying and that’s right, that’s kind of my guess on what they might say.
Tung Yin: Well I guess in terms of emails, and that serves as direct communications like that, but if you are really concerned, I think that there are some encryption programs like there’s one PGP, which is Pretty Good Privacy. It’s been around for a while. I’m not sure how secure it still is. But there are some encryption programs that might provide some degree of privacy but the problem in this is how confident one would be that the NSA has not actually cracked those encryption schemes. And, that’s what we wouldn’t know because the NSA would keep it secret.
So I think the upshot is that there’s probably not much that you can do if, if you really are being targeted.
Mobistealth: In the light of our entire discussion, what advice would you have for the average Joe who isn’t sure of what to do about the NSA?
Tung Yin: You know, I think just a general, common sense advice would be [to] be careful about what it is that you’re sharing. If you’re concerned about privacy, anything that you put on the internet, any emails that you send, it goes. Some people call this The New York Times test, that, how would you feel if this showed up on the first page of The New York Times. You can’t really live your life entirely like that, but, if you exercise a mode of caution in terms of what you send and how you send it, it’s probably a good thing generally, so that you don’t send emails that are overly harsh and which you wouldn’t send in a more calm moment or something.
Be more careful about what you share on Facebook or on blogs, or on whatever. You know, which is useful, just not in terms of the NSA, but protecting against identity thieves and other problems like that. I think a lot of it is really at the political participation level, which is, if people really care about privacy and they are really concerned about these privacy issues, there is a mechanism. It’s very slow, it’s hard to direct, but we’re in the democratic republic. We vote for our leaders and our leaders implement policies and if you don’t like what your leaders are doing, vote them out of office.
Now of course this is easier said than done because there might be many different issues that people care about and you might like what your representative is doing on many issues and you dislike one, what do you do? What if the other candidate is much worse in everything? So I recognize it’s a very blunt tool, but politicians are somewhat responsive to what constituents care about. I think that the most useful approach is getting the more people, if you care about this, the more people you can get to care about it as well, the more political voice you have and the more political voice you have, the more likely you are to get the attention of political leaders.
Mobistealth: Thank you so much for the time you’ve spared for this discussion today. The information that you’ve shared with us will help a lot of people understand a lot of things about the NSA that they didn’t previously know.
Tung Yin: Okay, sure. Bye.
Mobistealth: Thank you so much. Bye-bye.
Ransomware Threat Leads Android Malware WoesMarch 2nd, 2016
Apple Working on ‘Harder to Hack’ iPhonesMarch 2nd, 2016