Dude, do you know who Steven Aftergood is? You might want to look into his background. He's the Director of the Federation of American Scientists Project on Government Secrecy and the last person who is going to inappropriately defend government for trying to keep something secret. And yes, Sen. Wyden was trying to get the DNI to reveal currently and properly classified information in open session.*

The fact of the matter is that for at least the last 35 years, phone call records, as a "business record" provided to a third party, do NOT have an expectation of privacy and are NOT covered by the Fourth Amendment. Unless and until the Supreme Court reverses Smith, that is the standing, factual law of the land.

Furthermore, the entire purpose of the BR FISA metadata collection isn't to "spy on Americans" -- it is to "collect the haystack", so to speak, that may LAWFULLY be collected, in order to have access to it when searching for bad foreign actors who may be physically operating within the US on US wireless carriers. And every query against that data requires a reasonable, articulable, and specific foreign intelligence nexus, with its own separate FISA order.

It's not NSA's job to second guess the law or its authorities. Its entire purpose is FOREIGN signals intelligence, and the fact that some people simply can't accept that won't be changed by any amount of commentary in forums like this. Foreign targets now exist in the same sea of global digital communications as you and everyone else â" there is no way to have the technical capability to target the one without having the same capability to target them all.

Which is why, again, in a democratic society based on the rule of law, it is what the LAW says that is paramount.

* For what it's worth, my own personal view is that Clapper wasn't even thinking of the phone metadata program when asked that question. He was thinking more broadly in terms of the foreign intelligence collection missions of 17 IC agencies, which can, do, and always will sometimes encounter the communications content of Americans during the execution of their duties. And the fact is, no matter how many little pissant isolated examples of someone intentionally abusing something, there is no systemic, policy, or enabling environment to illegally spy on Americans. If you want to believe there is, then there won't be any useful discussion between us. Is there room for improvement and transparency on some fronts? Sure. But intelligence requires secrecy in order to be effective, even in free and open societies.

If you think we live under the rule of law then why the fuck hasn't James Clapper being charged with perjury yet?

Because it's not as simple as you appear to wish it to be. And this is from a longtime crusader against government secrecy who is on "your side".

But you can never "know" the discovery was incidental, under any construct, because you can always assume the government is lying -- with or without the Snowden disclosures. And we didn't learn from Snowden how collection is defined in a SIGINT context; electronic collection has been defined that way since at least 1982. I agree that the FBI (or any government agency) cannot engage another agency/country/etc. in order to skirt US laws...and I didn't say they should be able to, nor do I believe they did.

Furthermore, metadata is not content -- and even that data is only queried for specifically articulated counterterrorism purposes, which means it would have nothing to do with this case. Even now, no one has ANY idea whether NSA or any other agency was involved...the FBI could be hiding its own sources and methods, or could have even omitted information or made a mistake.

And the program has been challenged, and may ultimately make its way to the Supreme Court, which may decide that technology has changed so much since 1979 that this interpretation of the Smith v Maryland ruling is no longer a valid interpretation in the context of the Fourth Amendment. But unless and until that happens, it is factual to say that phone call records, as a "business record" provided to a third party, do not have an expectation of privacy and are not protected by the Fourth Amendment. That's not a value judgment, or an opinion, it is a legal fact.

And it's not NSA's job to second guess its own legal authorities (even though it extensively does that); its job is to conduct its missions, in what I would hope would be the most aggressive way possible within the law. Its mission isn't to figure out ways around the law, or the Constitution, or to spy on Americans without warrants. Its mission is to conduct FOREIGN SIGINT against US adversaries, nearly all of whom are non-US Persons outside the US, and the reality is that these targets coexist with innocent Americans and everyone else in the global web of digital communications. There is no way to avoid this reality.

Parallel construction isn't only about the NSA...it is any alternative construction of evidence to conceal a sensitive source or method that may have led to and/or assisted in the investigation. It's very old, and the only thing some legal experts say about it is that it MAY -- key word being may -- run afoul of evidentiary rules and discovery procedures. It's a very old concept, and as long as the alternate chain of evidence is completely supportable and nothing illegal occurred* to initiate the investigation in the first place, there is nothing at all wrong with it.

* Even IF it was NSA collection that led to the FBI tip, the incidental discovery of international narcotics trafficking, when discovered, is exempt. Furthermore, it doesn't necessarily need to be an NSA "tip"; it could be that they also brought an NSA (or other IC/DOD agency) resource to bear on the issue, and don't want to reveal that because it would reveal a sensitive intelligence capability, technique, source, or method. That, too, is not illegal. So while it's an interesting story, it is just that.

So-called "parallel construction" isn't illegal or unconstitutional, and even IF -- and that's a very big if -- the initial tip came from "NSA", keep in mind that there has been a decades-old exemption for things like international terrorism and international narcotics trafficking when discovered during the course of legitimate foreign signals intelligence collection.

So, while you may not like it, nothing that is illegal or unconstitutional occurred here, and it is not the result of post-9/11 laws, or "new ways of interpreting the law", or anything else.

The simple fact is that legitimate foreign intelligence targets, to include terrorists and US adversaries who are mostly non-US Persons physically outside the US, share and use the same systems, networks, services, devices, software, tools, operating systems, encryption standards, and so on, as Americans and much of the rest of the world.

This is a simple, undeniable truth, and the only thing differentiating such traffic in the digital world is the status of the person(s) in communication -- i.e., whether they are or are not a US Person. That's it.

And guess what? The communications of US Persons WILL be encountered, and always have been, and we have a legal construct for how to deal with that, and that legal construct factually includes exemptions, again, for things like international terrorism and international narcotics trafficking.

And all of this is even IF it was "NSA" that tipped off anyone; it still could just be FBI somewhat clumsily protecting its own sources and methods...it doesn't have to be "spooks". In a free society governed by the rule of law, it is the LAW, not the capability, that is paramount.

And speaking of the law, the only person doing anything illegal here -- under our system and body of law, whether anyone agrees with it or not -- was Ulbricht.

But even here, again, when you look at a typical OS X desktop system, now many people:

1. Have apache enabled AND exposed to the public internet (i.e., not behind a NAT router, firewall, etc)?

2. Even have apache or any other services enabled at all?

...both of which would be required for this exploit. The answer? Vanishingly small to be almost zero.

So, in the context of OS X, it's yet another theoretical exploit; "theoretical" in the sense that it effects essentially zero conventional OS X desktop users. Could there have been a worm or other attack vector which then exploited the bash vulnerability on OS X? Sure, I suppose. But there wasn't, and it's a moot point since a patch is now available within days of the disclosure.

And people running OS X as web servers exposed to the public internet, with the demise of the standalone Mac OS X Server products as of 10.6, is almost a thing of yesteryear itself.

Nothing has changed since that era: all OSes have always been vulnerable to attacks, both via local and remote by various means, and there have been any number of vulnerabilities that have only impacted UN*X systems, Linux and OS X included, and not Windows, over very many years. So yeah, nothing has changed, and OS X (and iOS) is still a very secure OS, by any definition or viewpoint of the definition of "secure", when viewed alongside Windows (and Android).

An oversimplification. The US, UK, and allies variously broke many cipher systems throughout WWII. Still the US benefitted from this.

What if the Germans were using, say, Windows, Android phones, SSL, Gmail, Yahoo, and Skype, instead of Enigma machines?

I presume you wouldn't say it was "wrong" of the United States to crack the German and Japanese codes in WWII...

...so when US adversaries (and lets just caveat this by saying people YOU, personally, agree are legitimate US adversaries) don't use their own "codes", but instead share the same systems, networks, services, devices, cloud providers, operating systems, encryption schemes, and so on, that Americans and much of the rest of the world uses, would you suggest that they should be off limits?

This isn't so much a law enforcement question as a question of how to do SIGINT in the modern digital world, but given the above, and given that intelligence requires secrecy in order to be effective, how would you suggest the United States go after legitimate targets? Or should we not be able to, because that power "might" be able to be abused -- as can any/all government powers, by definition?

This simplistic view that the only purpose of the government in a free and democratic society must be to somehow subjugate, spy on, and violate the rights of its citizens is insane, while actual totalitarian and non-free states, to say nothing of myriad terrorist and other groups, press their advantage. And why wouldn't they? The US and its ever-imperfect system of law is not the great villain in the world.

Take a step back and get some perspective. And this is not a rhetorical question: if someone can tell me their solution for how we should be able to target technologies that are fundamentally shared with innocent Americans and foreigners everywhere while still keeping such sources, methods, capabilities, and techniques secret, I'm all ears. And if you believe the second a technology is shared it should become magically off-limits because power might be abused, you are insane -- or, more to the point, you believe you have some moral high ground which, ironically, would actually result in severe disadvantages for the system of free society you would claim to support.

Now is the time if you care to have everyone you know stand-up for *decreased* regulation in the last mile and locally, not more. The cost of building high speed access to your location is not in the long-haul but the local access network. Long-haul costs are at their lowest point ever, but getting to the major locations is always the expensive part. Labor costs, including engineering and permits make the cost of installing fiber or other technology insignificant.