One practical reason to object to the government holding private information on everybody is that such information might be vulnerable to theft.
This is an example of a channel for information theft. What happens when someone submits a request for your information with your (forged) signature? That would be fraud, of course, but that doesn't mean it won't ever happen. Will they get all your texts and gmail?
Maybe they check requests very thoroughly and this isn't an exploitable security hole. But it changes the equation of storing data on 3rd party services: instead of just trusting the cloud provider and his software, you also have to trust the government to never make a mistake.
Indeed. The thought behind all the spying is that it creates security... but this forgets that privacy often enhances security. The upshot is we get one arm of the government opposing encryption, and another arm trying to mandate it (HIPAA and so on). I believe eventually time will show that, on balance, more privacy-enhancing measures are needed, not only because it's the right thing to do, but because our security demands it.
And what happens if they do make a mistake? Could you imagine the effects to society if this Complete Database were leaked -- if everyone's internet record were made public? It's mind-boggling.
[Spoiler alert!] Someone makes a cheap time viewer (able to view only the past), forgetting that "5 minutes ago" is in the past. In the end the design leaks to the public, and the characters contemplate what they've just unleashed.
In 2013 that might seem unrealistic but maybe not in the not too distant future. They'll have a lot more data than that by then, but you'll still be able to get the whole of the worlds info from 2013.
But it seems like Muckrock has done this sort of thing before, and the take-away I am getting is:
----make sure to request fee estimates before completion of request ----
Yeah. I was like okay lets pull my records, it'll be interesting. Then I thought okay maybe they pull them, it gets sent through some automatic scanning process, eg "Why does this person want their information pulled? Lets put it through our automated scan-for-suspicious-behavior machine. Oh what's this? The subject was in the neighborhood at the time of an unsolved case, lets bring them in for questioning and generally disrupt their life in a horrible manner"
I think I'm going to do this, just for shits and giggles. But I wish the site said more about what they consider a valid digital signature. I wonder if the US government has a general policy on this? TBH, I've never really bothered with digital signatures on email much, so I'm pretty clueless on the topic. shrug
I have heard that "digital signature" was clarified at some point as literally being a digital scan or photograph of your signature, but I am unable to find a source for that right now. YMMV
Indeed, you can be sitting there eating dinner with your family when a remote controlled drone operated from half way across the world fires a missile at you killing you and your family instantly without any forewarning.
On the American side there is a very special awareness of England. (We are generally ignorant enough to not understand the difference between the UK and England.)
That relationship is that you're the goto example of tyranny worth rebelling against. Among politically active Republicans that I know, you're also a good source of statistics showing that implementing gun control increases the crime rate. (Never mind the fact that you changed how you collect statistics to include more crimes in your statistics, the NRA loves the fact that you implemented gun control and crime rates went up.)
He's obviously talking about "the list" where a human takes a closer look at you, and actually looks at the information that they've pulled on you. Maybe they also send out a few NSLs for even more depth on you.
They require a "digital signature" for email requests, but say nothing about the format, nor any requirements for the signing key. You'd think that the NSA, of all organizations, would not put such technological naivete on public display.
You can use the Sha-2 hash of the last 1000 URLs in your browser history. The NSA will then hash the same on its side. If the two match, they know it's you.
The only one problem is that you can clear or modify your browser history - whereas the NSA keeps everything. So that makes things a little more difficult :P
Why would anyone believe the info they offer up? Meaning how can you prove what you don't know (ie, if they actually have more info than they let up) and why would any of this stuff about 'we want transparency now' lead to the NSA actually showing their cards? It's silly to expect an agency based on secrecy to not be secretive.
So what does one do in the face of all this? I simply don't know, aside from starting from scratch.
Yes, "fun," because it's absolutely hilarious to flood your government with busy work as a valid protest. Stop being a petty child and realize that the only effect that this would have is either a stoppage of serving requests or an uptick in hiring for the department.
The NSA is exempt from disclosing investigative files on individuals, even if they have information on you. Here is a typical rejection letter if you want to see:
It's just anecdotal evidence, but I can personally confirm this. I submitted a FOIA request to see what various departments had on me. Perhaps I should be thankful that I'm not interesting enough for them to have compiled any information on me, because all of them came back with a generic letter stating that they didn't have anything for me.
The exception in this case was with the NSA, in which case they stated that they weren't going to divulge anything, much like the letter in the URL above.
Your example is not a Privacy Act request, it's a standard FOIA request. Asking for your own personal information is different than asking for information about someone else.
This will just become another record in the database of course. But is it worth it to have a record of your signature to (possibly?) obtain (some of) the data they collected on you? That's what you have to decide.
If you've ever paid taxes, gotten a state ID/drivers license, signed up for selective service (as a male), or any number of other routine, upstanding citizen activities, the government already has your signature.
This is an example of a channel for information theft. What happens when someone submits a request for your information with your (forged) signature? That would be fraud, of course, but that doesn't mean it won't ever happen. Will they get all your texts and gmail?
Maybe they check requests very thoroughly and this isn't an exploitable security hole. But it changes the equation of storing data on 3rd party services: instead of just trusting the cloud provider and his software, you also have to trust the government to never make a mistake.