Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

As far as "We have never heard of PRISM", that could be true. When you receive a national security letter it isn't like they give you detailed info about the specific operation and why you are receiving it. It's more along the lines of "you're going to do this pursuant to US code section..."


Even internally at Apple is it common to work on projects that you do not know the name or details of. I was disclosed and worked on multiple projects that my own team members were not aware of.


Why?


Why what?


Why would you not know the name or details of a project you are working on?


Testing voice recognition models in preps of the initial HomePod is one example, but quite a few software services built for unreleased hardware would do this.


Why?


What's more, a National Security Letter is not necessarily addressed to the company's executives and lawyers. A National Security Letter could be send to somebody lower in the organization, closer to the targeted data (for instance a sysadmin) with a clause threatening them with prison time if they tell anybody, even their boss or company lawyers about it.

They can essentially conscript anybody in the company to work as a spy using (probably bullshit but still intimidating) legal threats to keep them quiet.


Is there any evidence that low-level people have been targeted, or is this just speculation around what could happen?

Yes, "evidence for a secret program" is a bit tricky to produce, but the one I know of - Doe v. Ashcroft - the president of the company was compelled to produce data. I'd be very surprised if this wasn't the universal approach.


This sounds scary, but unlikely. Do you have a source that this tactic is used and effective?

My immediate reaction to such a letter would be to contact the company legal department regardless of whether the letter said not to, simply because I'd assume unless given very good evidence (and originating from a .gov domain isn't good enough) that it was a scam.

Edit: According to the EFF you can talk to an attorney about an NSL.

https://www.eff.org/issues/national-security-letters/faq#24


I would not suggest taking legal advice from the EFF. You might as well contact the sovereign citizen movement at that point.


Letters can be intercepted, letters have tracking, letters of this magnitude will require certification, and at the very least will require a courier. All of that assumes the letter can be delivered, and also assumes that the recipient believes that the letter is authentic. If I sent you an authentic looking NSA letter, would you just do what you're told? Fat chance...

An email/phone call to a legal department is much less work and provides all the same protections.


I didn't consider that, but it aligns with my experience as well. From a C-Level perspective that is probably desirable as they don't want to get involved with that sort of thing in the first place.


While it's correct that they had never heard of PRISM, PRISM has nothing to do with NSLs. It ingests data from FISA Section 702 requests.


It might not be cited on any given NSL, but saying they've never heard of it when it's received ample news coverage is disingenuous.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: