> “The terrorist watchlist is made up of people who are suspected of terrorism but who have not necessarily been charged with any crime,” Diachenko wrote. “In the wrong hands, this list could be used to oppress, harass, or persecute people on the list and their families. It could cause any number of personal and professional problems for innocent people whose names are included in the list.”
I’m curious how many journalists are on the list. Now that we are pulling out of Afghanistan, we should reevaluate the other actions we took after 9/11. The patriot act deserves another look and possible edit.
You mean being put on a restricted rights/law enforcement attention list with no due process? Definitely. I hate to be the slippery slope guy, but this began with gang affiliation lists.
Civil courts have been able to exercise significant control of your life, including extended imprisonment without due process, for longer than these lists have been in effect. Frankly Americans have a lot fewer rights than they think they have, including the non-right of due process for being on a government list.
Edit: To pre-empt some comments I know are coming, civil courts do not require due process in the way you probably think of due process: a civil court can act against you without giving you representation, without allowing you to have representation, without you present, in secret from the public, and even without notifying you
EDIT2: While I'm soapboxing I'll note the power the civil court has over you isn't much different than the power three-letter agencies have over you (since they are usually given very broad mandates), it's just that civil courts have been around so much longer it's a good retort to people thinking they used to have rights. Whatever three-letters can't do to you is generally picked up by similar state agencies.
> a civil court can act against you without giving you representation, without allowing you to have representation, without you present, in secret from the public, and even without notifying you
While there is no right to be afforded free legal representation in civil court in most US jurisdictions (some do) and a civil court can render rulings and judgments against parties who are not represented by counsel, a civil court cannot prohibit a party from having legal representation, which is what your comment seems to suggest.
A civil court can render a ruling against a party if the party is not present, but it will typically go to great lengths to ensure that notice is given to parties before doing so (pleadings served to last address by process server, notice published, etc.). There are typically strict requirements that have to be met before civil court can render a ruling or judgment without a party present, especially where there is no indication that the party has received notice first.
A lot of anecdotes about drastic judgments and rulings being handed down by civil courts happen when parties ignore notice of the proceedings. There are a lot of rules for handling cases in civil court and they are grounded in the constitutional right to due process. Notice and due process are taken really seriously in most US jurisdictions. Federal Courts are especially strict about following the rules.
"A civil court can render a ruling against a party if the party is not present, but it will typically go to great lengths to ensure that notice is given to parties before doing so"
In many types of cases, but not all. Protection from abuse order hearings generally happen without the knowledge of the target of the order.
The process is commonly abused by divorce lawyers to gain control of the house for their client, and the bar for evidence is extremely low. The way our adversarial justice system is supposed to work is that the truth comes out in a fair fight. This process obviously ignores this foundation.
If there's really enough evidence to suggest immediate violence, then they should be arrested for terroristic threats and other stuff. And let's not forget that the protective order is just a piece of paper and won't stop any violence if the person is truly motivated.
Frankly, I think a lot of civil court actions have been created just to avoid the protections guaranteed in the criminal system.
I think the brunt of their points are there are few protections and they tend to have far to much power over those who not in the 1% and can afford to drag a case out for years. Also judges are people too and quite often are affected by emotion. Statistically your are significantly more likely to get off with a better judgement if they've just had a good lunch. https://www.discovermagazine.com/the-sciences/justice-is-ser...
This is a good point for federal cases, but I meant my comment to cover civil action in state courts too. These are the courts that are most likely to affect someone's life. For instance in California small claims courts you are not allowed to be represented.
That’s by design to make justice more accessible. IIRC, you can petition the judge to adjourn the case and move it to normal court.
Also, I believe in small claims as a defendant you can appoint an attorney to represent you. I sued a tow operator in small claims court and the dude who showed up was definitely an attorney.
I've never had a good experience "pre-empting" comments that will inevitably be used to derail your thread.
In any case, I was mostly thinking that it has to be a form of privilege to feel like a particular slippery slope hasn't happened yet. I think about how the word "privilege" is used, and its more like "exemption from some inconveniences that aren't obvious". Your post about people not noticing that civil courts and agencies have these power over assumed rights is a decent example of that.
Worse than that, sometimes these intelligence agencies create said terrorists.
> Of these defendants caught up in FBI terrorism sting operations, an FBI informant was the person who led one of every three terrorist plots, and the FBI also provided all of the necessary weapons, money, and transportation.
I'm sure such a thing is something no American would agree with. I wouldn't be surprised if similar actions were happening at all levels (gangs to terrorists). I'm sure this also isn't isolated to America either, as it appears to be the incentives that causes this and how we measure success (i.e. how many criminals are caught).
These conversations are extremely complex. But I think we need large social discussions about how to actually solve crime and prevent animosity in the world. I think it is time for a big rethink. If there's 2 million people on a list, I'm not sure that list is very effective. It's like looking for needles in a haystack by adding more hay.
Here's my positions, but of course I'm open to other opinions. I wrote a big list and I realized I could distill a lot of my ideas. For one I'm a big fan of STAR and Approval voting. We've seen over a hundred years of ordinal methods in various countries (including America) and seen the failure. Time to move to what the experts are suggesting. Which brings me to the second point. Lots of these topics are extremely complex and contain a lot of nuance. Us non-experts can see a high level but sometimes these nuanced points matter a lot. So let's not be so aggressive in asserting how right we are. Also, we need to focus on unity. Mic drops and calling people names doesn't help us. We need nuanced and calm conversations. Our fellow citizens, no matter how crazy their beliefs, are not our enemies. Don't dehumanize people, that's divide and rule. Lastly, we need to stay focused. I think there is a new thing to be outraged about every other day. Let's talk about what the big important problems are and focus on those first. Let's recognize that doing so isn't dismissing the other problems. We only have so much bandwidth. Right now we have no such priority list, we're just jumping from thing to thing. Solving problems takes time (a thing we often forget). If our attention to the problem is shorter than the time it takes to solve the problem then we will never solve these problems.
Edit: One thing I wanted to add is that we can have different groups focus on different things. It's not a zero sum game. This is because not everyone is an expert in everything, and thus the utility they contribute isn't the same as every task they contribute to.
You refuse the two party system and work on a third party geared towards pre-emptive avoidance of the corruption mechanisms that got the two big ones. Do that at the local and state level first, attacking gerrymandering and other incumbent favoring electoral manipulation methods to weaken the two party strangle hold, such as heavy petitioning and lobbying to force state Secretaries of State to fix election laws.
Until we the people are actually represented in the legislative branch nothing fundamental will change. Being that the other branches are largely unaccountable to the citizenry, the legislative branch is the logical entity to focus on (and the fourth estate, heavily under attack by the executive et al)
Under the US system as it is, with first-past-the-post voting and all votes for a state going to the presidential candidate who got the most, a third party can't gain any traction. Worse, third parties under the US system are another vehicle for corruption (example: Republicans paying fees and collecting signatures to get Greens on the ballot to divide the left vote and get a Republican in office, though this problem could be fixed with some form of instant runoff). You'd need constitutional reform.
While imperfect, I think that German electoral system is much better. Any party that gets 5% or more of the vote is guaranteed fair representation, gerrymandering isn't a possibility.
However, in a multiparty system deals still have to be struck to put together governing coalitions, so a party that insists on being purist is likely to be shut out.
> to get Greens on the ballot to divide the left vote and get a Republican in office
If people are serious about voting reform (and they should be) then this "spoiler effect" can be weaponized: start a grassroots campaign to vote third party until the Democrats support changing the voting system at the state level (and vote in primaries for Democrats who support this change).
This may lead to few tight state races being lost, but that means that only a small percentage of the population would be enough to get the Democratic Party officials to take notice. To make the signal even more clear, the third party chosen should be one that focuses as narrowly as possible on voting reform, such as the Alliance Party[0], which may also encourage some disgruntled Republicans to temporarily lend their votes, whereas they would be more reluctant to support the Green Party, for example.
Of course there is a danger that voting reform would get portrayed as a pro-Democrat policy (if it isn't already), but once enough Republicans (in majority Democrat states) have experience casting their ballot in a more expressive and representative system, it will be harder for Republicans in other states to oppose it.
To be honest, a lot of this is already happening and I don't think the Democrats care. When voter turnout is high, Democrats win hands down. When voter turnout is low, Republicans win. But the kicker is that both parties thrive when they are losing. This may often be counter intuitive to many people but I think many have bad priors when modeling the game that politicians are playing.
Actually, Democrats are generally in favor of instant runoff voting, and many more liberal places have enacted it.
But yes, there are a lot of professional campaign consultants who have the system wired that they profit whether they win or lose, and many of those work for Democrats.
To be clear are we talking about the politicians or the people? The people, yes. Politicians I'm not so sure about. Also I'd encourage you to read my other comment which addresses ordinal voting (like IRV) and the issues with them. It might be why the party likes it (still having vote splitting in the primaries).
We are looking at a republican party the majority of which would happily end democracy to end the threat of them ever being tossed out again. Tipping the scales in their direction at this critical juncture to motivate Democrats seems like a spectacularly bad idea.
Seems like it would be a better and safer idea to to work towards the same goal using primaries to tilt already democratic districts in the direction of reformers.
> While imperfect, I think that German electoral system is much better. Any party that gets 5% or more of the vote is guaranteed fair representation, gerrymandering isn't a possibility.
> While imperfect, I think that German electoral system is much better.
I often see people compare the US system to European systems and use "party" in both. I think this results in a pretty bad comparison, but takes some nuance to understand why. Democrats and Republicans are more accurately compared to coalitions in European systems than they are to European parties. As a point, AOC or Bernie have very different political ideologies than say Pelosi or Biden, yet are in the same party. Similarly Trump is very different ideologically than say John Kasich. While there is variance within European political parties I believe that we see a larger variance within American parties and thus it makes it more accurate to compare to coalitions.
In addition to this we should recognize that most European systems are working under a parliamentary system which causes this proportionate representation. We don't quite have a system like that in America and it would be tough to change the entire system. This is why many people, such as myself, are proposing systems like STAR or Approval. By being able to score (or rate) candidates (instead of ranking) we can achieve a proportionate representation with very minimal change, especially since systems like Approval already work on current voting machines. It is also a lot easier and more transparent compared to many round systems from ordinal voting.
>(example: Republicans paying fees and collecting signatures to get Greens on the ballot to divide the left vote and get a Republican in office, though this problem could be fixed with some form of instant runoff
But I also want to be clear about this. Ordinal systems (such as IRV/STV) fix this kind of spoiler there is another spoiler that is fairly important: the favorite betrayer. That is because the green party here is called a weak spoiler, they don't have a large voter base. But we need to also be VERY concerned with strong spoilers. For example: if Bernie ran against Biden. Ordinal systems are still vulnerable to this type of spoiler while cardinal systems are resistant to both strong and weak spoilers.
Edit: I wanted to add that we actually saw strong spoilers in the 2016 and 2020 elections, in the primaries. In 2016 it happened in both parties. Bernie and Clinton were a split. Many people didn't vote Bernie because they thought Hillary would better beat Trump. Similarly in the Republican party you had Trump, Cruz, and Kasich. Many Republicans liked a moderate like Kasich but didn't think he was a strong candidate. In the 2020 election we again saw this vote splitting in the Democratic primaries. While these cases are more obvious, such splitting also happens a lot in congressional races and other down ballot races.
While most of the above is ease to agree with, there is this uneasy feeling that one could change "two parties" to "one", and use it in a Chinese context. Which would also hold true, after all there's nothing wrong with a single party system as long as it is democratic and consists of a wide spectrum of political ideology?
Well, in practice there kind of is. It probably doesn't have to be that way, but just from what little experience I have, I wouldn't hesitate which one I'd rather live in. The more heterogeneous system tends to bring a more heterogeneous culture and with it a wider range of ideas.
> most European systems are working under a parliamentary system which causes this proportionate representation.
Could you clarify what you mean here? There is nothing about a parliamentary system which inherently requires or leads to proportional representation, as the UK system shows. Similarly it would be possible in the US congressional system to have proportional representation by having multi-member districts (as was allowed[0] before 1967) and using a system like STV, also called multi-winner ranked-choice voting.[1]
> cardinal systems are resistant to both strong and weak spoilers.
While I support any serious alternative to FPTP, it's worth being aware of the deficiencies of Approval voting. Firstly, it can confront voters with difficult questions about whether they support a certain candidate enough to approve of them. For example, a Democrat voter might hedge their bets by voting for a moderate Republican to prevent a more extreme Republican winning, while hoping that enough Republicans approve of a moderate Democrat.
Secondly, though, I think that an important goal for a voting systems is that it doesn't increase (and ideally decreases) the dependence on voting machines. As recent events have shown, every additional element to a voting system is just expanding the attack surface for people to target FUD at, and a voting machine is a complex system which is very hard for the average voter to reason about (even if the purported hardware designs and source code were publicly available).
While it is still feasible to count Approval ballots by hand, and the process can be split between districts to produce sub-totals which can be summed, the fact that a given ballot can have multiple marks on it does increase the complexity for human counters, which makes the counting slower and more expensive. In particular, if there are N candidates in an election, then a FPTP ballot can be placed onto one of N piles, whereas 2^N piles are needed to group all possible Approval votes physically together.
I don't know how much that complexity would actually slow down the counting, but in a world where election workers are being threatened with violence for doing their job, even an extra hour of counting is hard to justify. Fortunately, though, there is a voting system which satisfies the above criteria, namely Asset Voting.[2] In its single-winner variant, the election proceeds just like a FPTP one, with the same ballot papers, instructions, and counting process, but after the count is complete, the candidates from fewest to most votes get to reassign their share to a remaining candidate, until one candidate has a majority. This removes the spoiler problem, and relies on the fact that voters are choosing someone to represent them and who can therefore be entrusted with the job of assigning their votes to the ultimate winner if necessary.
> it's worth being aware of the deficiencies of Approval voting. Firstly, it can confront voters with difficult questions about whether they support a certain candidate enough to approve of them.
I'm sorry, but I find this concern a bit in bad taste. This type of strategic voting exists in every voting system. In ordinal systems (such as IRV, STV, etc) you artificially rank candidates higher than what your actual preference is. The same thing about the second concern (you add the Republican to your ranking). It's a pretty universal strategy in voting so I'm not sure why this is a problem specific to Approval, and thus why it it is being brought up. This can easily be mitigated by using score voting. In addition, I would like to point out that the benefit of STAR is that is is extremely resistant to strategies. AFAIK it is the most resistant voting system.
> As recent events have shown, every additional element to a voting system is just expanding the attack surface for people to target FUD at, and a voting machine is a complex system which is very hard for the average voter to reason about (even if the purported hardware designs and source code were publicly available).
I'm confused by this comment. I see Arizona as the prime example of why we would NOT want an ordinal system. Ordinal systems like STV and IRV have multi rounds. Let's look at the two algorithms (at an abstract level. This will be fine for STV/IRV/Approval/Score)
Ordinal:
Count tallies of all ranked candidates. If top candidate >50% declare winner else remove argmin from list and goto top.
Cardinal:
Sum scores of all rated candidates. Declare argmax as winner.
I don't know about you, but summing columns and taking argmax seems way easier to me than the multi-round system. We've seen that in many ranked elections that you have many many rounds. The NYC Mayoral race had 8 rounds FWIW. Approval is one round (like FPTP) and STAR is at most 2 rounds (it is always 2 rounds in fact). I do not know how anyone can argue that the counting of cardinal systems are more complex. You note that even an extra hour is difficult and I'll note that IRV takes days to count, as seen in NYC and others.
I should highlight, again, that the US has had STV in the past and then many of those cities went back to FPTP because it was complicated and didn't solve the issues they wanted to.
> In its single-winner variant, the election proceeds just like a FPTP one, with the same ballot papers, instructions, and counting process, but after the count is complete, the candidates from fewest to most votes get to reassign their share to a remaining candidate, until one candidate has a majority. This removes the spoiler problem
I'm not sure why you felt it was important to explain this to me when I've already demonstrated a working knowledge and at this point I also feel that you ignored a good portion of my previous post that was about strong and weak spoilers. Where I talked about how ordinal systems prevent weak spoilers but not strong spoilers. Maybe a source would help?[0] Weak spoilers aren't a concern. Strong spoilers, aka a favorite betrayer, are. Solving weak spoilers allow third parties to exist, but it doesn't allow them to win.
As for Asset voting I'm extremely against this. That's just making collusion rings easier. Again, let's look at the 2016 and 2020 elections. That's just letting the parties dictate who can run in the elections. This is a major problem in our system.
> I'm sorry, but I find this concern a bit in bad taste.
And I'm sorry that you feel this way, as I was not trying to insult Approval Voting (which, as I indicated, I would strongly support over FPTP) nor trying to detract from the positive contribution you have made to this discussion.
> The same thing about the second concern (you add the Republican to your ranking).
I think that, at least conceptually, it is easier for a voter to say "I support Hillary more than Romney" or even to give those candidates different scores out of 10, than to say "My 'approval threshold' is calibrated such that Romney is below it and Hillary is above it".
You're probably right that in (some?) ordinal systems there are counter-intuitive outcomes that can result from ranking a less preferred candidate too highly, or even from ranking them at all (if the system doesn't require an exhaustive ranking of all candidates), but the question being asked of the voter at least doesn't require them to pick a parameter for which there doesn't appear to be a "correct" value even assuming they have perfectly formed opinions of each candidate.
> the benefit of STAR is that is is extremely resistant to strategies.
I would have difficulty predicting what would happen if I under/over-voted a candidate I grudgingly accepted, so my instinct would be to vote honestly (which is probably the best outcome of a voting system given the impossibility of a strategy-free system), but my objection to STAR is that it is harder to fill in and count by hand (requiring 2^6N piles, or the use of N calculators).
> Ordinal systems like STV and IRV have multi rounds.
Agreed. From that perspective, Approval Voting is clearly preferable.
> I should highlight, again, that the US has had STV in the past and then many of those cities went back to FPTP because it was complicated and didn't solve the issues they wanted to.
I know of examples of IRV being abandoned, which I assume is what you're referring to here. (Voting system terminology probably differs around the world, but I tend to think of STV as being a multi-winner system and IRV being single-winner).
For me, the most important property of a voting system is for it to have a strong chance of being adopted, which is the only reason I support more US jurisdiction adopting IRV, but you're right that there is a potential "well-poisoning" effect where a reform gets adopted and then quickly abandoned, harming future reform efforts. This risk has to be balanced, though, against that of a less popular reform being proposed and failing to be adopted, which is likely to be portrayed as a lack of support for any reform, and that could be just as harmful.
> I'm not sure why you felt it was important to explain this to me when I've already demonstrated a working knowledge and at this point I also feel that you ignored a good portion of my previous post that was about strong and weak spoilers.
I'm again really sorry that you seem to have taken this so personally, as I do respect your position. What I was explaining was how Asset Voting works, since I suspect most readers of this discussion would not have heard of it and I didn't know that you were familiar with it. The reason I didn't include anything in my reply about strong and weak spoilers is that I agreed with you and didn't have anything to add. You, on the other hand, completely skipped over the direct question at the start of my comment, asking you to clarify your point on parliamentary systems, but it seems that wasn't important to you.
> That's just making collusion rings easier. Again, let's look at the 2016 and 2020 elections. That's just letting the parties dictate who can run in the elections.
Asset Voting doesn't require the existence of parties at all, and I'm not sure how you think a collusion ring would work, or how the 2016 and 2020 US elections are relevant to Asset Voting. There would be no harm in voting for Kasich in the Republican primaries because he would have been able to assign his votes to Cruz, for example, if he had come third.
> but my objection to STAR is that it is harder to fill in and count by hand (requiring 2^6N piles, or the use of N calculators).
I honestly encourage you to attempt it. Create a fake election and test ballot counting with IRV, Approval, Score, and STAR. The last 3 you can actually use the same ballots so you only need two sets, one ranked and one rated (approval would be scores above a threshold).
I am absolutely certain if you do this exercise you will see that the cardinal systems are far easier. Remember, you are doing many of the same operations in both ordinal and cardinal, but in ordinal systems you have a longer outer loop. In cardinal systems you don't have that outer loop (i.e. dropping candidates). The issue is that you're not considering this into your complexity calculations.
Let's look at the algo again, but in a bit more detail.
While > 2 candidates: # This loop cannot be parallelized
- For each ballot: # This can be parallelized by prefix sum
--preference = argmin(ballot) # The highest ranked. This is a lookup on all rows btw
--preference += 1
--update table of candidate score list
- pop argmin candidate score list
We'll probably make this computationally easier by first sorting each ballot's preference. This will reduce the complexity of argmin
Now Cardinal
For each ballot: # This can be parallelized by prefix sum
- for each candidate: # This loop is trivially parallelized (prefix sum again)
-- candidate score += ballot candidate score
argmax candidate score list # You're doing this on the final score (row), not per ballot.
The second is far easier to do by hand and far more easily done by computers. You're just summing columns. Anyone with an excel spreadsheet can do this. Anyone with the spreadsheet can easily read and verify this too. I would not argue that the same can be said for ordinal systems. Take a look at the NYC Mayoral race[0]. Now imagine if Rounds 2-8 didn't exist. Easier to read and compute, right? What's happening inside each round is pretty similar. The difference is if you're doing += 1 or += score. And with cardinal systems you don't have to sort or determine who the preference is before doing the increment.
Thanks for the detailed analysis of the different systems. I think that the way you are viewing things differently to me is that you are considering the ballots as abstract entities in a data structure. For example you say "Anyone with an excel spreadsheet can do this", but my point is that people don't cast their votes in Excel, they cast them either on opaque voting machines (which you have to trust is running the firmware that your auditors approved), or ideally they are casting them on paper.
To give an example of an easy paper-based algorithm, for FPTP you can group each ballot based on the candidate marked and store those as separate piles, and then whichever candidate has the biggest pile wins. Alternatively the piles can be weighed (using a non-electronic set of balance scales if necessary). Also note that the ballot counters only need to decide on the presence/absence/location of a single mark on each ballot, and not decide, for example, whether two marks are "approvals" of two different candidates, or an approval and a crossing out of an approval. These are the sorts of factors which your Excel spreadsheet model overlooks.
I do completely agree with you, though, that IRV/STV in practice tends to be slower than both FPTP and ordinal systems, and its counting process can't be run in parallel, so I would only support it in the circumstance where it was the only reform being offered, and where I was confident that its failure modes wouldn't cause it to be quickly abandoned and used as an excuse to stick with FPTP over better alternatives. Where there is a choice of reform, I support Asset Voting because it retains all the simplicity benefits of FPTP while being resistant to the spoiler effect.
Honestly voting is high on my priority list. The reason is because I believe that voting will have a lot of downstream effects. It will make a lot of other things easier. But I don't believe we should be trying to change things at the national level at this point (that's down the line). I think we should be trying to implement systems like STAR and Approval at local levels. City, County, State. We know that these are the systems the experts are suggesting. So let's stop doing the same experiment we've seen fail a hundred times. And while the dragon is the end goal, if we can't defeat the low level monsters it would be insane to go fight the final boss.
There have been many third parties, and I'm not aware of any that have achieved even middling success (maybe Libertarian?) since I've been alive. How would this party fare any better?
An old coworker of mine was on a gang registry because of people he associated with when he was a teenager. He was in his late 20's-early 30's when we worked together. Really nice guy, super hard working, spent his free time gaming or hanging out with his girlfriend, got really into his puppy and being a dog owner. Hadn't been around gangsters for at least a decade.
He'd regularly get pulled over and hassled by cops just because when they scanned his plate he'd show up as being on the gang registry. Ended up losing his license for several months because his friend who was his passenger one time had a very small amount of weed in a bag in his pocket when he got pulled over.
Pretty much any time cops are around or even whenever he drives, there's always a chance he's going to get pulled over and harassed randomly.
Not because of anything he ever did, just because he chose the wrong friends when he was young.
plus even more relevant to HN is when authorities are using algorithms as a scapegoat. we probably know what will happen when they start using black box ML with a ton of bias baked in.
There is a scary (gross in my mind) story that reports on some dystopian pre-crime Minority Report Sheriff targeting kids.
Looks like the court case is in process, though not sure why court didn't immediately shut it down pending trial given how (to my non-lawyer brain) this seems that plaintiffs will almost definitely prevail given clear violations of multiple Amendments.
From the reporting:
"Over the span of five months, police went to his home 21 times. They also showed up at his gym and his parent’s place of work. The Tampa Bay Times revealed that since 2015, the sheriff's office has made more than 12,500 similar preemptive visits to people.
These visits often resulted in other, unrelated fines and arrests that further victimized families and added to the likelihood that they would be visited and harassed again. In one incident, the mother of a targeted teenager was issued a $2,500 fine for having chickens in the backyard. In another incident, a father was arrested because his 17-year-old was smoking a cigarette. These behaviors occur in all neighborhoods, across all economic strata—but only marginalized people, who live under near constant police scrutiny, face penalization."
I've heard of this, going back a year or two. The sheriff's target the households presented by the algorithms with the intention of fining, arresting, and otherwise legally harassing the targeted families in an attempt to drive them out of town.
Selective enforcement of laws is a problem, and there are plenty of laws to selectively enforce.
It's not even enforcement it's before any crimes, or after a crime has been adjudicated. What's worse the article shows that the visits induce crimes because of police behavior...
But yeah for sure on selective enforcement = super biased. On race and wealth.
Land of the free. The arbitrary harassment of the population is one thing, but then there is that mountain of actual laws and regulations that would be considered an overreach even by the standards of most totalitarian dictatorships in the world. What could possibly be wrong with having chickens in the back yard?
Or collecting rain water in a barrel! I wonder if here is a legal concept of the commons, sort of like a really low speed limit on the highway that would be dangerous to follow given every other car goes 15+ over it.
The slippery slope is only a fallacy if there is no reasoning presented between steps though.
"We should track who is gang affiliated" -> "We should track who has done terroristic acts" -> "We should track who is affiliated with terrorists" -> "We should track who may be affiliated with them"
All seem to be reasonable steps, which IMO makes it not a case of the slope being a fallacy.
> You mean being put on a restricted rights/law enforcement attention list with no due process?
What novel 'due process' do you believe is necessary for the police to unintrusively start investigating someone?
We already require judge-issued warrants for intrusive investigations (Searching your things, tapping your phone lines, arresting you, etc).
I don't believe there's any country in the world that requires a judge to review the police putting you on a list as a person of interest. I am no legal scholar, so I should probably cut myself off right here - but do you not think that perhaps, there is a valid reason for this? You're inventing novel legal practices without precedent, here.
If I, as a police department, put you on a secret list of possible pedophiles based on the fact that we saw you speaking to another person on that list, noticed you in a board game store patronized by many local young Magic: The Gathering fans, you were single with no children, and you were the brother of someone who once dated the sister of the cop who put you on the list, would you have a problem with that?
What if we weren't allowed to confirm or deny you were on the list, except to a prospective landlord or employer who filled out a form?
What if there were no way to find out those were the reasons I put you on the list, and no appeals process to be removed from the list?
What if you couldn't prove standing in court because there was no legal way to prove you were on the list at all without a friendly judge?
> You're inventing novel legal practices without precedent
Which is why people are forced to rely on the racial makeup of these horrifying lists in order to challenge them. The problem becomes a lot clearer if your local police force makes up a list of all Jews in the neighborhood (whatever criteria they decide to use, i.e. "valid reason") for special treatment.
edit: and, of course, what if the list leaks, and is used as an automated first step for disqualification by employers and landlords for the rest of your life?
Would I have a problem with being on a list that, from my perspective, I can't tell the difference between being on it, and not on it?
I don't know, I wouldn't be able to tell. If a tree falls in the forest, and nobody's there to hear it, does it matter to anyone whether it makes a sound?
> What if we weren't allowed to confirm or deny you were on the list, except to a prospective landlord or employer who filled out a form?
You're swinging at strawmen. Nobody in this thread is defending intrusive lists.
For some reason, though, you are conflating unintrusive lists (Which don't require oversight anywhere in the world) with intrusive lists (Which do require oversight in... well-governed parts of the world).
Do you have arguments against the former? I'm not interested in being convinced that the latter are bad, I'm already convinced that they are bad.
> edit: and, of course, what if the list leaks, and is used as an automated first step for disqualification by employers and landlords for the rest of your life?
If there's an unholy decades-long alliance between the FBI, the background check bureaus, and millions of employers and landlords, that neither my federal, state, or municipal government is interested in doing anything about, I think my main problem is not 'the FBI has a list'. I think my main problem is 'My society, on every imaginable level, is broken.'
>Would I have a problem with being on a list that, from my perspective, I can't tell the difference between being on it, and not on it?
>I don't know, I wouldn't be able to tell. If a tree falls in the forest, and nobody's there to hear it, does it matter to anyone whether it makes a sound?
Spoken like someone who hasn't had the long arm of the law drop in on them before, or a person who "doesn't care about that liberty anyway, so why not vote it away?"
Just because you don't see the problem doesn't mean it isn't there. Just because you didn't see the tree fall, doesn't mean the world is uneffected. These are concepts 3-4 year olds manage to divest themselves of once they grap the permanence of objects. Just because you don't get much out of a liberty doesn't mean that it's cool to force the loss of it on somebody else. Liberty is to be treasured and protected. The selective relinquishment, revocation, or limiting of one for anyone should be a Big. Frigging. Deal.
The fact people are so cavalier with wisking away the freedoms that underpin American Civil Life on mere suspicion of something that the State is not even required to be transparent about should disturb everybody.
I don't understand this response. He was told it was a "secret list." Why would you take such a tone in response to him saying he might not have a problem since he doesn't know about the list? It's a hypothetical about a secret list, and since he doesn't immediately agree with the conclusion, you browbeat him about not having the long arm of the law drop down on him, etc.
More importantly, this:
> Spoken like someone who hasn't had the long arm of the law drop in on them before, or a person who "doesn't care about that liberty anyway, so why not vote it away?"
Who are you quoting here? No one said this at all.
I'm actually disgusted by your comment and the logic you present in it.
Your tone is inappropriate, please try to make your point without implying GP is dumber than a third grader. It implies malicious intent and is bad for discussion.
The problem is when that list is used to prevent you from accessing common services, like fly on planes.
Edit: Because people assumed I was talking about the no-fly list specifically; I'm not. The terror watch list also winds up being used to cause problems for people.
Yes, that is a problem. But that's not what the parent poster is talking about. It's absolutely irrelevant to this conversation.
The parent poster takes issue with the fact that an unintrusive person of interest list exists, and wants oversight on it. This is an absolutely unprecedented legal take.
It doesn't help that they are conflating the two (one of which is, at a first glance reasonable, and the other is not), when they are not the same thing. All that does is muddy the waters.
If that's the case, you should have no trouble answering two simple questions:
1. What do you think happens to people on it?
2. Which of those actions should require judicial oversight, but currently don't?
So far, the only answers to those questions in this thread have been 'imagine if...' tangents. I don't need to imagine strawmen, I'd like to know what is currently wrong.
Imagining disasters is how we're in this mess, I'd like to know what the actionable problem is.
I posted some links in my original comment that talk about specific problems. That being said, "allowing those in authority to do things that could be used inappropriately... and then it turning out that they did exactly that" doesn't require ANY imagination. The US government engages in such behavior on a daily basis.
I don't see them agreeing with you at all. I see you saying "the lists are fine", whereas they are saying "the lists are not fine, but would be ok if these things were true (but they're not atm)". Personally, I don't think it's enough. I think someone being known to be on the terror watch list is likely to cause them all sorts of problems; and anyone can be put on the list for pretty much any reason.
This is how the KGB, Stasi, and other secret police organizations work. It's a way to extra-judicially monitor and control the population. This should give you pause for thought. Law enforcement that the public can trust is a big deal. Our government already bends the laws quite a bit to suppress dissent, we shouldn't enable them to do more of this.
It's a lot more straight-forward if the police investigate crimes reported to them by citizens. That's what they are supposedly there for, right?
Dismantling the State's oppression system goes further than having legal constructs expire. As long as there is parliaments, police, prisons and borders, the State will use those to oppress people, and no amount of using the oppressor's tools (legislation) can change that.
"Just" dismantle the psychopathic institutions that govern our societies (a revolution) and make sure anyone who attempts to rebuild them is look down on with contempt.
> The terrorist watchlist [...] could be used to oppress, harass, or persecute people on the list and their families.
So... what was it actually used for? Wasn't this the same list that results in extra scrutiny at airports & whatnot -- wouldn't that count as harassment?
Wouldn’t that be hard in practice though? Journalists typically have to travel for work so it would soon be apparent. And if they work for a big media outlet would be instantly litigated.
Most journalists working for big outlets are docile when asked politely not to publish on a certain topic (either by their boss, or by government agencies), and that's how they avoid problems. See for example Glenn Greenwald's choice to leave the Guardian in order to publish the Snowden papers. For the french-speaking among us (not sure you can find english subtitles), the documentary "Les nouveaux chiens de garde" (the new watchdogs) goes into detail, interviewing sociologists and journalists, about the ties between the mainstream capitalist media establishment and other circles of power (industry, political parties).
> TSA refused to allow an Air France flight from Paris to Mexico to cross U.S. airspace because it was carrying Colombian journalist Hernando Calvo Ospina
> On August 19, 2009, Air France flight AF-438 was not allowed to cross into U.S. airspace because of the presence on board of one Paul-Emile Dupret, a civil servant at the European Parliament for 18 years, who had written some articles criticizing the EU's policies toward Latin America because they are aligned too closely with those of the United States
> A U.S. citizen, stranded in Colombia after being placed on the No Fly List as a result of having studied in Yemen
> In October 2008, the Washington Post reported that Maryland State Police classified 53 nonviolent political activists as terrorists, and entered their names and personal information into state and federal databases
Seems like it's not hard in practice for psychopaths in uniforms to abuse secretive powers given to them.
It’s in the wrong hands already - the wrong hands made the list, and there are plenty of examples of what has happened to various misidentified people over the years.
I'm curious about this list too. For example are Islamic people I know on it? There are never any details on how to access these lists. The article could be fake for all I know.
Police and secret services are notably very good at ignoring existing laws protecting the rights of the people, so i don't think a law expiring changes much for those psychopaths.
Some things were made permanent under subsequent laws (or at least extended). For example, financial reporting for people depositing "large" amounts of cash. I think it started out at $10k under the patriot act. Now I think it's $5k. That is a good bit of cash, but it could easily be made selling a used car or something.
90% of the Patriot Act was permanent law and is law today. A few of the most objectionable parts had "sunset" provisions in them and those (after several rounds of modifications and numerous extensions) are what has, finally, been allowed to expire. Most of the provisions of the Patriot Act are in effect today and will be until a future Congress changes them.
To be fair, they do have to reauthorize the Freedom Unmitigated Bill for Appropriations Reconciliation Defense act every year or we're not allowed to leave our homes. Those F35-Liberty planes aren't going to pay for themselves.
this is the second backronym pun I've seen today, whats going on?
rate-limit edit:
I don't think Baader Meinhoff applies when I already know what a backcronym is and also have to extrapolate the first letter of all the words to get the joke.
Was there a show or pop culture thing that has people leaning towards this joke?
If anything, this could be a perceptive bias where I am forcing meaning into something, but a FUBAR Defense Act is exactly what that poster was going for. Who knows about the other one I saw earlier.
Likely just Baader–Meinhof phenomenon[1]. Interestingly, I think that phenomenon ignores the superset of when you actually had seen something multiple times before but for whatever reason started noticing the frequency more frequently (eg you’ve seen backronym’s before, but you’re happening but your brain has decided to notice them more because maybe you saw them in quicker succession than you’re used to).
> "On March 15, 2020, Section 215 of the PATRIOT Act—a surveillance law with a rich history of government overreach and abuse—expired due to its sunset clause. Along with two other PATRIOT Act provisions, Section 215 lapsed after lawmakers failed to reach an agreement on a broader set of reforms to the Foreign Intelligence Surveillance Act (FISA)."
I'm on a huge greenfield application project at a major bank to collect and send patriot act mandated information to FinCEN. The Patriot act expiring did not even come up and I had no idea it expired. I thought it was a shoe-in for rubber stamping.
this suggests many of the processes that have become constituative due to patriot act, maybe are still occurring outside of a legal framework, it seems patriot act is still in the system even if not renewed
There is nothing Patriotic about the Patriot Act and it needs to be fully rescinded. That law is a travesty in every way. It was knee jerk reactionary law that shouldn't have been in place more than a couple years.
Wikipedia says the no fly list only had 47k people on it. The terror watch list had about 1.9M though, so this must be the terror watch list.
1.9M people is a massive number of people
> The No Fly List is different from the Terrorist Watch List, a much longer list of people said to be suspected of some involvement with terrorism. As of June 2016, the Terrorist Watch List is estimated to contain over 2,484,442 records, consisting of 1,877,133 individual identities.
The submitted article does say watch list, it's just the title here that ~has~ had the error. (Editing it was fair enough IMO, at least to remove from 'and boy'...)
I mean, to get onto that "terrorist" list (if it is of US origin) most probably it means that the person must have traveled to or within the US by plane (or applied for a Visa, or similar), otherwise the fields of passport_id and country_of_issuance can be empty and (false or real) matches only depend on name, surname and date of birth.
In Italy something that is similar to the US SSN is the Codice Fiscale that can be thought as a condensed string based on Surname, Name, Sex, Date of birth, and place of birth (each italian comune, think of a municipality has its own alphanumeric code).
At the time it was introduced, there were of course a number of "collisions" due to homonimy or partial homonimy (the algorithm uses only some consonants of Surname and Name, making collisions more likely) and a provision for an "exception" was made, altering last character (which is a control character and normally is a sort of hash of the other data).
This allowed up to 26 people born in the same municipality on the same day and with same (or similar) surname and name to get a distinct codice fiscale.
For strangers the code for place of birth is instead of municipality the much more generic country of birth.
The amount of collisions with foreigners staying in Italy or however needing the codice fiscale (coming from a few countries) zoomed to higher than that and now there are quite a few "non-standard" codice fiscale where one (or more) of the numeric characters has been replaced by a letter character according to a substitution algorithm 0=L, 1=M, etc. starting from the last (rightmost) number.
This has raised the number of possibilities from 26 to (I believe) 128 or so and for the moment the system still works.
However, last data I could find, is 2016 and there were 36,000 "collisions" on 94,000,000 total, (in 2000 it was some 24,000 on 80,000,000 or so).
I wonder what kind of probabilities there are, if you have a common enough name and you are born in a country for which there are many entries in that list to be "picked" for homonimy, if the passport info is either empty or not used.
You know, I can understand why the Terrorist Watch List is secret ― but not why the No Fly list is. If there is a list that governmental agencies and/or commercial companies are obliged to check you're not on before providing you with their service, then surely such list must be public or at the very least, one should be able to easily inquire about whether he/she is on it or not.
For a related example, Russian government maintains a list of banned Internet resources. The list is not public — at least in theory — but there is an official web site where you can input an URL or a domain name and it would response either with "no, it's not on the list", or with "yes, it's on the list, here's who ordered it and when".
Happened to a classmate of mine in college who had the same name as some hokani commander’s wife. Luckily her brother worked at the state department and knew some Clintons.
I knew a Mexican citizen with a green card who was always having trouble reentering the US and never knew why. I looked at the most wanted list and saw there was a fugitive with the same first and middle name, albeit no resemblance and different family name. Didn't matter. He would have to be interviewed for 30 minutes to verify identity.
>The researcher considers this data leak to be serious, considering watchlists can list people who are suspected of an illicit activity but not necessarily charged with any crime.
"In the wrong hands, this list could be used to oppress, harass, or persecute people on the list and their families."
I'd imagine being on a list that limits your personal freedom without being charged with a crime and convicted falls pretty squarely within the definition of being oppressed & persecuted before even considering any second order effects of the list being leaked.
As expected, it is only a matter of time untill all the intensely private data collected by NSA and pals is leaked or stolen and used by criminals for fraud and extortion.
The main databases the NSA has are far too large to be easily leaked.
Even blueleaks was <1T (~300GB iirc) and many people had trouble downloading it. I am sure many IC databases are several hundreds or thousands of times larger even without indices.
It's not like you could just throw up a 4000TB torrent for a 7z of all of the north american phone call metadata for last year.
When I worked on the main NRO ground processing station for electro-optical collections, we were generating double-digit petabytes daily, and that back in 2008. Don't even know what it's up to now.
Not only is there no practical way for anyone other than maybe Google or CERN to download that much data, unlike the no-fly list, actual classified information isn't attached to any networks that can be accessed from outside of a secure facility. This means the only way to egress data is for an inside threat to copy it onto USB drives or possibly optical media, maybe steal hard drives. But there are pretty hard limits to what you can just bulk copy. It can't be much more than a person can hide in a bag.
In a really bad situation, couldn't someone make a hard Ethernet link to something connected to the public internet?
I wouldn't be surprised if some other non-us government or 5 has already established this kind of stuff. The amount of computers accessing the classified info intranet would be very, very large I would imagine, such that a few modified computers here and there would go virtually undetected. Just look at all the classified crap abandoned at Afghanistan for example.
Double digits PB/d is way more than 10Gb/s. 10Gb/s is about 100TB/d, so off by two or so orders of magnitude. So, OK you say, let's bond 100Gb/s links or something, but you need machines that can do that, too, and now you can download one copy of one day, per day, of data -- maybe, plus you need all that storage for that one very very vulnerable copy. Can't be done.
Big data is hard to deal with. You can't just download the stuff.
A single tiny SD card can store 1TB, so I fail to see how anyone who is in the business to abuse people's data for profit would be troubled.
Sure, they can't download the entire database, but a 10 - 100 TB sample of that would fit on a normal desktop and enable anyone to commit massive identity theft and credit card fraud.
Well, there are reports that the Taliban have gained control of a bunch of biometric scanning and reporting tools used by the US forces in Afghanistan so...
It's amazing how many hacks and data breaches all come down to dangerous default settings. Elasticsearch defaulted to no security, anyone hitting the IP has full access to the cluster. MongoDB is another infamous example. Even today, one of my sites is being DDoSed by a bunch of 2007-era Ubiquiti network devices which use ubnt / ubnt as the root login and naturally got exposed to the internet. Bad defaults linger for a long time.
The freaking FBI leaked your info. Not a stupid private organization. The FBI. And also, because the FBI doesn't tell people they are watching them, there was absolutely nothing - no product, no service - you could have just not signed up for to avoid this leak.
They don't disclosed how many parties were included, but their description of their validation (they verified it against 60-some public figures who had separately disclosed their tax filings) suggests that it's probably a significant fraction of the US population.
Wonder if they did it on purpose. I can't figure out what the purpose might be - a whistleblower wanting to raise awareness about it and realizing they didn't want to have to relocate to Russia or say live an Ecuadorian embassy for years. Or, I can imagine, a rogue agent wanting to warn someone they are on the list without communicating with them privately, so there is no metadata linking them, and they "accidentally" leaked the whole list.
Just an hour ago I was having a dialogue with someone on Hacker News saying we needed a national ID system after the T-Mobile hack. I said that the US Government should not be trusted to be any more secure than T-Mobile with such a system.
A national ID doesn't necessarily have data security implications any more than the current state-by-state DMV system does.
The relevance of a national ID is (presumably) so that banks can check identity more reliably, i.e. making security breaches like the T-Mobile one irrelevant. It wouldn't matter if your SSN was public information.
Most states in the current system seem to have a crude biometric identity verification of a photo plus point in time stats of height/weight/coloring, all of which is nominally protected/validated by counterfeit protection. How would a national ID be any different?
Do you have to have a 'crude state ID'? Is there any legal pressure to keep the data on it up-to-date? Are the standards for 'crude state IDs' identical between states or would you have to know the rules and regulations of 50 different jurisdictions?
It is not an explicit legal requirement but encouraged through a coercive network of public/private regulation.
> Is there any legal pressure to keep the data on it up-to-date?
There are legal consequences for failing to update data.
> Are the standards for 'crude state IDs' identical between states or would you have to know the rules and regulations of 50 different jurisdictions?
Yes, within the United States there is a "Real ID" standard promoted across states by the federal government. A business operating in any particular jurisdiction is benefited by counsel regarding localization.
Conversely, is there a reason we should be optimizing the regulations we, actual human beings, live under for the convenience of national/international corporations?
It's not like "the government" doesn't already have all of this information. Most information on an ID is OSI anyways. I can go from my name to everything on my state-issued license from public records.
We already have a national identity card- the social security card. Problem is, it's absolutely terrible at being an ID card, so we should replace it with something more secure that is purpose-built.
If we're going to treat this magic number like a national ID number, the least we can do is buff it up a little.
We already have a national id system. It’s called a passport, a birth certificate, a DMV id or driver’s license, a social security number. Those are all national id systems.
Genuine question because I don't really understand how IDs work in the US: is there a database or a system that would allow an agency to keep track of all of your IDs, like driving licenses from different states, etc.? Is there anything similar that institutions like banks could use? Also, my understanding is that most Americans use a driving license as their ID. Are passports the only national, i.e., not state-level, IDs available to Americans?
Passport and SSN are national ids. They are issued by the Federal government, so it is nation wide database.
On top of that, states have their own ID systems. Typically there are 2 options: just a state ID or driver’s license, that serves also as an ID. Most people in the US get driver’s license early(permits as early as 15), so there aren’t that many who has just the ID.
Now, SSN is issues upon birth. Before you know it, you can already start paying taxes.
For passport you need to apply, typically you would need it if you wanted to travel outside of the US. Otherwise, you rarely need it. This is because for the most part you deal with state bureaucracy, as most of the day to day life falls within state’s jurisdiction. Driving, getting married, divorced, buying things like a vehicle or a real estate, opening a bank account, domestic aur travel, etc. Some can live their entire lives without a passport, because a state ID will suffice. Even for things like voting in federal elections - you don’t need a passport. Contrary to many people’s beliefs, in the US the states vote, not people. This is/was by design. Now it gets more centralized, but the original concept is close to EU in terms of states autonomy. This means, that even for federal elections procedures vary greatly by state (its been on the news a lot lately). Moreover, you aren’t required to have an ID. It is not illegal not to have an ID or be off the grid.
Before 9/11 you could even go to Canada using state ID only. Now I think even it’s possible, probably only if you have some special kind of ID.
This is how things have been until recently. Then REAL ID came around. Because states rules governing ID issuance, they vary greatly. So we ended up with some states’ IDs that were as easy to counterfeit as printing a piece of paper. Some states would not do a due diligence verifying your name or address and would just take your word for it. READ ID is to addresses: mandates minimum protection level, due diligence a state needs to do to confirm address, etc. New federal regulations does not allow air travel with state ID that don’t comply with REAL ID requirements. Few states still don’t, so residents of those states will need passports for domestic travel. I think this trend will continue beyond air travel.
States aren’t required to share this data with federal government or each other. It is, however, a requirement for REAL ID. At the same time there are many businesses, that specialize in aggregating various identity information a out people. Credit bureaus are such businesses as well. They aren’t only in business of credit checks, but also identity verification, employment verification, etc. Some of these companies have federal, state and local agencies among their clients.
Fun fact: you can board a domestic flight without an ID. For example, if you lost it. TSA has a procedure to establish your identity. This includes asking you a bunch of facts about your life, such as where you lived in year X, last 3 cars you owned, your spouse full name and birthday, etc. I suspect they maybe using one of the credit bureaus identity verification product offerings.
That sounds like five half-assed ID systems. Such is the fear of government databases: it prevents a central database with proper oversight so fifteen worse ones take its place and store stuff that never would have been admitted to the hypothetical single DB.
What really bugs me about these lists isn't just that they exist, but that there's continuous clamoring to expand the scope in which they are applied. For example:
Databases of people are the exact opposite of human rights. IBM famously enabled the nazi holocaust to go faster/further because of their punch-card databases. Eastern Germany Stasi, and KGB/FBI scandals famously pushed for privacy regulations in pretend-free countries like France (Loi Informatique et Libertés, 1978). Anything that uniquely identify someone else (ID card, phone number, DNA) is a tool of tyrants to oppress their people.
It is amazing what the hunt for terrorism has done to modern countries. They only look fearful and weak, exactly what professional terrorists always wanted them to be.
Anyone who knows bureaucratic behavior knows that even in the absence of real terrorists, people will find their way onto lists like these.
I hope the lists will leak to a wide audience. Find the cases that are wrong and sue those responsible behind the desks. This is the only way this can stop.
The website is extremely horrible. Did use a dev browser without adblock. Grave mistake.
> [cybersecurity researcher Bob Diachenko] was able to find about 1.9 million records detailing individuals’ no-fly statuses, full names, citizenship, genders, passport numbers, and more.
> “it seems plausible that the entire list was exposed”
Would love to know how the FBI dealt with transliteration deduplication of non-Latin names, cf. the many spellings of Muammar Gaddafi. Although I guess they would just use whatever’s on the passport?
They didn’t. I know of several people with an extremely common name (Basically Muslim equivalent of “John Smith”) who were unable to fly or cross borders, even with the “Redress numbers” that they are supposed to give out in case of mistaken identity.
This reminds me of "interstate crosscheck", in which a "Tyrone E. Brown" voting in Pennsylvania was enough to kick a "Tyrone M. Brown" off the voting rolls in Kansas.
The person who you're quoting is likely a "SelfAwarewolf":
"A person who, when trying to criticize those who match a certain description, fails to realize that they have (in the process of criticizing others) revealed themselves to match the exact same description"
So somebody found the terrorist watchlist and didn't upload it anywhere or start a torrent, but instead took some screenshots and gave vague descriptions of the data to journalists?
These people are morons! They claimed to be crème de la crème and watch. Few years ago they wanted to force Apple to create a "secure backdoor". Hope we gonna get more details.
I mean, the FBI should 1000000% know better than to expose their unsecured Elasticsearch cluster to the internet. While Elasticsearch should be more secure by default, I'd say the blame is much more on the agency.
Elasticsearch has nothing to fix - the product does precisely what the config tells it to. Maintainers of various distros ES packages are largely responsible for any [mis]configuration there.
X-pack is free now, they don't make you license it anymore. I wasn't aware of how to setup username/pass without it though (other than something like an nginx proxy in front of 9200/tcp with basic auth)
I think it's reasonable to expect the FBI to not expose this. I'm with you on Elasticsearch being too insecure but you're talking about secret government info. If they put that on the open internet that's a serious failure on their part and they'd have fucked it up with another tool if they weren't fucking it up with ES.
Not much to tell... old forum friend from back when forums were the big thing. We'd play videogames together that weren't too sensitive to lag in our off hours. She had a few stories from life there, I forget what her role was. At one point she got to shake the hand of the president and she showed me a picture of it. We lost touch and I have no idea what she's up to now.
> Additionally, the researcher noticed some elusive fields such as "tag," "nomination type," and "selectee indicator," that weren't immediately understood by him.
I'm not sure about the others, but "selectee indicator" might be whether the individual is on the Selectee list used for SSSS flagging[1].
I’m curious if anyone who is on the leaked list now has standing in court to litigate their status, whereas they could not prove their status/data before.
One of my biggest complaints with national security programs is that they tend to argue that transparency (even to the voters and elected representatives whom these programs ostensibly protect) threatens the program. Sometimes when leaks happen, it gives the citizens a tool they didn’t previously have to challenge those programs.
Doubly so. No passwords _and_ it was exposed. There's no real reason to ever directly expose a database to the internet for 0.0.0.0/0. Heck, there's no reason to expose to any routable address.
Yeah sure zero trust or whatever. Still, why even risk it? Layers.
At least last time I looked at it, ElasticSearch is shockingly insecure by default (as are Mongo, Cassandra, Hadoop, and everything else that's popular in the relatively recent Java ecosystem).
For a system like ES there is encryption in transit and encryption at rest.
https://docs.aws.amazon.com/elasticsearch-service/latest/dev... amazon elastic search gives you the option of encrypting the data at rest (meaning it is encrypted by amazon ES when stored persistently) - they use KMS for key management, so it should have a per record symmetric key that is encrypted by master symmetric key. It's notable that the amazon fork has added this functionality, this does not seem to be part of elastic search proper (please correct me if I am wrong)
Now you can possibly encrypt the records at the application level, but that makes them unsearchable; however the ability to search the stuff is arguably the point of having it in elasticserarch.
1. Secure by default makes for a higher barrier to entry. It's human nature to want to keep barriers of entry low for your life's work. (I have similar thoughts around copyleft licenses being better for the users but hard to sell to the creators.)
2. Security is "available" to anyone savvy enough to clear all the hurdles to secure the system, so the creators feel justified to blame the user.
3. The product is developed with an assumption that something outside the product is supposed to provide security. For example, the Go.CD devs (excellent product otherwise) scoffed at the idea of improving their crappy password hashing (single round of SHA256 with no salt IIRC), instead suggesting that I should wrap the service in some other, safer authentication mechanism.
It looks like it was "leaked", as in, publicly exposed server indexed by a few search engines. It's possible that this researcher was the only one to come across it, and reported it immediately. In which case it'll never see the light of day.
"The exposed server was taken down about three weeks later, on August 9, 2021. It's not clear why it took so long, and I don't know for sure whether any unauthorized parties accessed it."
three weeks open on the internet; it seems unlikely that no other party accessed it.
Once government agencies are given approval from congress they typically have very little oversight from that point on including from congress. Its why we get abusive behavior from so many of them.
NSA: Prism
DEA: Asset forfeiture
FBI/CIA: Abusing fisa and using five eyes to spy domestically
ATF: Approving background checks on known traffickers and continuing to sell them guns even after there were concerns they couldn't track the weapons. (And ruby ridge, and waco... )
ATF is the one of the few federal agencies that's simultaneously hated by both the right and the left. They bring crime to poor urban areas with their anti-gun trafficking operations and violate people's 2a rights left and right with their mundane administrative operations and enforcement thereof. Nobody who knows what they do likes them.
I have no clue if i'm on the list. However as an anarchist i believe there are chances i'm on there, because we anarchists are opposed to all forms of domination and exploitation, so there's a lot of people in power who are angry at us. The ancestor of Interpol, the first international conference gathering psychopaths from political police from across the planet in 1898, was famously a conference "for social defense against anarchists": https://en.wikipedia.org/wiki/International_Conference_of_Ro...
I have had many friends over the years go through prison and put on "terrorism" lists by the french secret service for their political activities. Government is tyranny. Governments only exist to serve the rich and powerful, and ensure nothing ever changes. If you're not convinced, you can look up FBI's "COINTELPRO", of which the current no-fly list program and terrorism-creation program (search for "How the FBI creates terrorists", plenty of documented cases) are just a continuation of COINTELPRO and other FBI/CIA programs designed to prevent the people from exerting their free will and right to organize.
Think I've posted this before but my employer paid Elastic for the official training - and even that course included everything on how to set up, run and tune ES but applying any security was only covered in the advanced course that you had to pay another $x thousand dollars to attend.
So even doing official Elastic training still leaves you with a nice footgun.
By default, Elasticsearch is unsecured. If you manage your own ES cluster, you have to go through a few steps to secure it manually. Lots of people either don't know/don't care about this though, so they regularly expose their data to the whole internet.
You could've distilled your answer to the question by simply saying, "Pure speculation based on a faulty assumption that only US citizens are on this list".
So are you saying you're just guessing because you believe the government has it out to get Trump supporters? If, it turned out, there was a similarly large number of people on the list prior to Trump's election, would that change your mind? I think the concern that an extra-judicial list this large certainly has the potential for abuse, and America's 3-letter agencies have historically used the auspices of national security to target and harass political opponents and personal enemies. However, you don't have any reason to suspect that this list contains that group specifically, right? Other than just some perceived marginalization by mainstream society, that is.
I’m curious how many journalists are on the list. Now that we are pulling out of Afghanistan, we should reevaluate the other actions we took after 9/11. The patriot act deserves another look and possible edit.