Hi Reddit! Bill Binney here to answer your questions – live from Amsterdam.

Hi, William; Barrett Brown here. First I want to thank you for your work in protecting those like myself who were investigated for bringing attention to these issues, such as by your involvement with the Courage Foundation, which has helped me, Lauri Love, and several others over the past few years. I'm scheduled to do an IAMA two hours from now and will be going into all of that then.

My question is, in your opinion, does there come a point at which the weight of criminal conduct by the state is sufficient to justify resistance to its activities, regardless of whether or not the state derives its powers from the consent of the citizenry, informed or otherwise? And does a republic have greater rights to engage in oppression of domestic and foreign populations than would a dictatorship simply by virtue of deriving its powers from the citizenry?

There is such a point. It is historically true. We aren't there yet, so peaceful, democratic options are still available. We have been heading toward a totalitarian state since "Darth" Cheney said we must "go to the dark side" in 2001. This infection has now spread throughout the Free World. Corruption, greed, and desire for control by Elitists rule the day.

Considering how over the past few decades, surveillance technology has been 'baked in' to our communications infrastructure - Is it even possible to turn it off?

Also, what is the likelihood of US domestic surveillance being co-opted by a foreign government?

A VERY good question. It is possible, but requires a high degree of tech know-how to do it - both hardware and software. For example, need to check the luminosity down a fibre optic line in order to detect tap points and physically remove them. Also check hardware/software associated with it.

Likelihood of foreign takeover of US intel would be low because of the difficulty of knowing where to hack into the intel systems.

Good Afternoon Bill!
I'm currently reading No Place to Hide by Glenn Greenwald, and I'm enjoying it. I'm very interested in the whole intelligence process from start to finish. I'm lucky enough to be learning a brief amount of it in the Navy currently. What advice do you have for someone who is about to separate from the Navy with no debt and a G.I. bill? I would like to work in the intelligence community, however I really wouldn't enjoy being trapped between an ethical hard place and being jobless. Thanks, for this and everything else you do!

I believe in infiltration. Keep your principles once you join the intel community and maybe you can make a change on the inside.

Hi Bill!

First I want to say I believe the world owes you a debt of gratitude for doing the right thing in a system that went off the rails. Without people like you, Thomas, and Edward, we still wouldn't know the true scope of the NSA's constitutional violations. We need intelligence services, but unchecked mass suspicionless surveillance is a cancer to a free society. Public servants with their hearts in the right place can safeguard the people and the constitution when all else has failed. Thank you for being one of the good guys.

Question 1: Warrantless mass surveillance typically drops off the public's radar after a few news cycles, and it's very abstract for most people to consider. Do you think the USA's national consciousness will ever care enough to hold the bad actors legally accountable, and address the core institutional problems?

Question 2: Some of us see commercial profit-based surveillance, such as from Facebook, Google, etc, as a threat to a free and open internet. Do you think we can build systems providing the advantages of those things, while also being robust against totalitarianism as governments increasingly pressure private industry into censorship and "sharing" data gathered during for-profit mass surveillance?

Question 3: Are there lessons you see in how Germany handled the aftermath of the Stasi era for modern day USA and the NSA?

To Number 1 No. Because there are too many people involved in all upper levels of government.

To Number 2 Yes. It requires a monitoring program to track everything on the network.

To Number 3 Yes, there is only one reason government collects data about everyone and it isn't good. It is done to maintain control over the population.

I know many people that buy into the delusion, that surveillance is the only way to prevent terrorist attacks from happening. Which is contratrary to the evidence: most of the identified attackers were already under surveillance.

When and how did it happen, that mass surveillance became a commodity? Why do people fear a loss of surveillance more than they fear a loss of freedom?

It began with Darth Cheney and Shrub (Bush) who were motivated to obtain information about everyone to get a leg up on political enemies, just like Nixon did. They peddled the concept that data is intelligence, and therefore, the more you have, the more intelligence you have. This is absolutely false. Until you understand the data you have and what it means, you have no intelligence. Obama simply doubled down on this philosophy, so he is in effect Darth squared.

People fear the loss of surveillance because they are conditioned to think data is intelligence, therefore more is better. Government is treating the population as Pavlov's dogs.

Do your instincts (or your sources within intelligence agencies) believe Russia 1) is responsible for the DNC leak/hack and/or 2) attempted to hack U.S. election systems in 2016?

No, not Russia, and if it was there would be direct evidence of it. Also, CIA using Vault 7 tools can make an attack it carries out look like it comes from another nation/party. The fact NSA does not provide a track for the packets reflecting fact of no hack attack means it was an insider job/leak. See Consortium News for related article.

No, not Russia, and if it was there would be direct evidence of it.

Do you expect a developed country with at least a modicum of talented IT professionals to not be cautious of leaving any direct digital evidence? As you assuredly know, anyone can basically use a daisychain of IPs to obfuscate their origins.

CIA using Vault 7 tools can make an attack it carries out look like it comes from another nation/party

Yes, many agencies of many countries can possibly use falseflag options but it doesn't mean they do.

The fact NSA does not provide a track for the packets reflecting fact of no hack attack means it was an insider job/leak.

Anyone can fire up a TOR session and possibly hide their origins as you know. They can command a node, be it a PC or any tech device, then use it as a regular proxy or another TOR server, therefore obfuscating themselves even more, many times over. When you have the power of a nation state, this is very feasible. Also IP addresses within government domains are sometimes not public information, as you probably also know. It's a weak "security by obscurity" technique but if they published IPs of sensitive nodes, it invites any nation state to come knocking on the door.

I don't see how that's enough information to conclude it was an inside job. I'm not saying it was a country or any one person but until we have the information at hand, it's hard to conclude either way, which you seem to be doing. Maybe you know more about this than I but considering your answer here and below, I suspect you're not fully aware of network security as I thought. Could your bias against the institution that fired you be influencing some bias on your part?

It is difficult to know the true origin - must be able to trace the packets and look inside of them in order to know. Called Deep Packet Inspection.

But even packets can be changed en route, source and destination both as well as obfuscated by a litany of routes by using proxies and something as TOR. I don't know why you put so much influence on thinking this would be the proof.

REF 1st Quote: That is one of the reasons we believe the CIA carried out the attack. Because no self-respecting spy agency would leave such an obvious trail.

REF 2nd Quote: Yes, but it doesn't mean they don't.

REF 3rd Quote: Guess what? NSA can track the TOR packets. That's why NSA has embedded trace-route programs on hundreds of switches all over the network to reconstruct the TOR network.

REF 4th Quote: It is true that Service Providers can change the IP's of originators and recipients of packets, but in doing so, when the packets reach the border gate to the next Service Provider, they convert them back to the originals, otherwise the packets get lost. This means we have to work out the formula for internal changes in packets and reverse it when moving to the border gate provider.

Hi Bill. A bit of a technical question. Since the leaks from a few years ago, more and more companies are switching to SSL/https to encrypt their web traffic. I understand that the NSA can decrypt some of this traffic via backdoors installed in certain router hardware. Besides that, how likely is it that the NSA has the secret keys for the SSL traffic of companies like Google so they can just decrypt the traffic from the raw data, without needing to hack any hardware?

From my neck of the woods, "this don't surprise me none" What you are suggesting is very likely the case.

Thanks to you and the other Whistle-blowers!!!

Any thoughts on a REAL 9/11 Commission (run by citizens, not politicians)?

9/11 is the original sin--Iraq/Afghan "wars" and CIA Torture, etc.

Until we overcome the lies surrounding what happened that day the USA will be on a path of war and destruction...and war profiteering, of course.

Spot-on!

Hi Bill,

As a private citizen I'm well aware of my "privacy" on the internet, but I'm not using vpn, pgp, etc because it seems like a hassle. So I have two simple, practical questions:

What is one thing I should stop doing today, to protect my privacy a little bit better? And of course, what should I start doing from today on?

Use Tor if you can, change your passwords frequently, and invent your own encryption for your community of friends.

I've always heard that you should never "roll your own crypto"

Would you say it's more effective than using a known encryption method?

Yes, it IS more effective, because then there would be millions of different encryption systems not solvable by mass machine attack. It would take human interactions to solve, taking months and even years. Not practical. If you use public encryption, governments can solve one or two or very few in order to enable a machine attack on millions of users.

For fuck's sake, Bill, this is terrible advice! There's not a cryptographer on the planet who would agree with you on this. This is the kind of crank nonsense that calls any claim you've ever made into question.

Everyone: use time-tested public algorithms. The security comes from the secrecy of the key, not the secrecy of the algorithm.

There's not a cryptographer on the planet who would agree with you on this.

Because they deal in theory. In practice, the tools to decrypt your batshit crazy crypto technique don't exist. Yes, they may be theoretically "easy" to build, but they aren't built yet.

Please read Friedman and Callihamos for a better understanding of cryptanalysis. It is a four volume set. Google it and you will find where you can buy it. Quite expensive, but well worth the investment. I think it is a great read.

Hey Bill & Kirk

Peter from Denmark, here. Hope all's well with you guys.

Question: considering that in almost every terror-attack, it turns out that at least one of the perpetrators were known to authorities in advance, shouldn't we demand some kind of audit of what the intelligence agencies/govts knew (or should've known), but failed to act upon?

Yes, Peter - every govt intel agency should be audited to ensure integrity of operations. Reviewable by another entity. Intel cannot monitor itself.

Every time there is a terror attack they fail to stop, their budget should be cut by at least 10%. We should not reward failure with increased budgets!

Hey; yeah. I don't really know of any other business, in which failure is rewarded with tons of money.

Who would you suggest (in an ideal world) should do the audits? IC is quite good at hiding stuff from oversight committees etc.

I recommended (with others) to Obama (he ignored it) that hackers be cleared and authorized to inspect/audit any US Intel agency at any time. It didn't fly. Until auditing is embedded in Intel, nothing will change.

How do you think the world will look 10 years from now regarding mass surveillance and internet privacy? What will be the greatest difference to today? Will our homes remain private? Or will we get spied on by household robots?

Theresa May wants more mass surveillance in the UK! What would you recommend her to do instead to fight terrorism?

If we do not move away from mass surveillance and bulk data acquisition, the Ïnternet of Things" will provide the government and business with unprecedented access to our private lives and everything we do every minute of every day.

All politicians want more money, more people, and more data so they can build an even bigger empire, despite continual failure to prevent attacks from occurring. So let's object to any process that rewards failure. STOP IT! We need smarter, more efficient ways to stop terror and criminal behavior. We also need to provide real oversight of the intel agencies and verification (auditing) to ensure rights are being protected. No data stored data collection on anyone without a warrant based on probable cause. By doing this, analysts and authorities are focused on the data most likely to prevent terrorist or criminal activity.

So do you think data is worth more than gold? Will a country's wealth be determined by the amount of data stored in the future?

True to an extent, but I will always prefer gold because it is real and hard to fake.

What is the question that should be brought up more so us lay people can understand our country and world better? And what is the answer to that question?

We need to demand honest answers from our representatives. For example, Senator Wyden asked how many Americans are in intel databases. His answer from NSA in writing said, "We cannot tell you that, because it would be a violation of privacy rights of US Citizens. This is NOT an acceptable answer.

Do you think they know how many blue-eyed individuals are in intel databases? That's approximately the same problem, even though it doesn't have the same significance.

The fact of the matter is that you (and Senator Wyden) know that it is impossible to answer that question. You're just being angry for the sake of being angry.

Not so.

A simple count of the number of people in the telephone database(s) with US phones can be done by a simple software shell. And you can get the number of times a unique entry appears in the database(s). Same is true for unique IP numbers tracing back to computers/devices. My estimate is that there are about 280 million US citizens in the NSA database. Each entered several hundreds, if not thousands of times. The same would be true for each domain (financials, etc) database.

There is an alleged whistleblower whose arrest was recently announced.

They allegedly were caught after printing a hard copy of documents while at work. They also allegedly emailed the publication while at work. Then confessed when questioned rather than waiting until a lawyer could be there. These don't seem to be ideal whistleblower practices.

Have workplace whistleblowing exposure techniques gotten more sophisticated, or was this most likely a one-off case of poor judgement and practices?

I would say a one-off, poor judgement. Due to the poor quality of the report itself, this whole matter could be a ruse. I would strongly question the authenticity of the report.

What are you up to nowadays?

Aside from suing the government, and calling them all idiots in public TV and radio, my friend Kirk Wiebe is with me here in Europe talking to the EU Parliament about mandating targeted approaches to Intel surveillance into law and protecting privacy. We must have privacy and security at the same time. Further, we are also helping companies here in Europe make that a reality.

Sooooo, now that NSA, CIA, FBI, GCHQ, BND et all know we are doing this, we would be happy to help them succeed as well. Right now we do not clear them for that knowledge. Don't you just love this!!!

Why would the powerful desire to apply justice equally, when currently there is such extensive inescapable bias that the laws of the common do not even begin to apply to the laws of the elite? In other words, why would any system voluntarily surrender power to a weaker opponent, and can we expect all opponents in the future to act likewise?

At some point, the People stand up for their rights and do what is necessary. Currently this is true and that is why I call the US Dept of Justice, the "US Dept of Just Us." Only the Elites like Hillary Clinton, Gen. Petraeus, Dick Cheney, Barack Obama, and all others who have been violating the rights of citizens of the world enjoy protected status.

Hope i'm not to late here, but what would you differently if you were to go back and as the DoD IG to investigate the NSA?

Do you believe there are any actions you could have taken to make them sway towards ThinThread over Trailblazer?

We (Bill Binney, Kirk Wiebe, Diane Roark) tried everything at our disposal to warn those in positions of authority about ThinThread and the imminent failure of TRAILBLAZER. This included a member of the House Permanent Select Committee on Intelligence (HPSCI), in particular current Senator Burr, Chairman of the Senate Select Committee on Intelligence.

We do not know of any other actions that would have swayed minds, as the focus by those in power was on outsourcing big contracts to big companies.

President Eisenhower in January 1961 warned the American people about the emergence of the Military Industrial Complex which could fundamentally alter the American way of life and governance. If he could see what now exists in Washington DC, he would most assuredly turn over in his grave.

FOOTNOTE: Never underestimate the power of large numbers of stupid people.

I have this feeling, that ever since "Snowdon" ( Not to overshadow your own legacy of course. - I only mention him because of the media coverage), that everything has gotten worse, not better.

The only real reform we saw was the U.S. Freedom Act, which for all intents and purposes, legalized domestic surveillence and iirc, actually increased the amount of data available to NSA from the phone companies.

Meanwhile, at the local and state levels, we have city after city legalizing stingray use and other military technology for surveilence.

The 2016 election was the first election we had since Snowden and surveilence wasn't even mentioned by any candidate except Bernie (against), Paul (against), Johnson (Against) and Christie (Terrifying Pro). I had hopes that this would be the election where surveilence would finally be dealt with..but alas, it was reduced to a bullet point.

This doesnt even cover the corporate marketing survielence going on. We passed the privacy laws in 1974 which was honestly the last big protection ever made on behalf of the American people. The State has no reason to regulate the big data market as it relies on that same market to FISA warrant its own interests from it.

All these things, taken together, makes for a terrifying future where we have the Corporate/State on one side and the little guy on the other. As a little guy, I see no way to fight this, unless on a mass scale of unity among the little guys and that just cant happen in a society as large and addicted to consumerism as we are.

Given your knowledge and involvement in reforms, could you provide any reassurance that we actually have a chance in fighting this beast?

EDIT: sent too soon.

Lastly, how long were you treated as a "conspiracy theorist" by the masses? Or are you still treated that way?

You have captured well the beast before all of us. The only thing to do is to keep fighting, keep demanding truth and accountability from elected representative. Please pick up the phone and call your representatives office and voice your anger for subversion of your constitutional rights. Do not relent!

Mr Binney, big fan!

Did the knobs who raided your home and yanked(?) you out of the shower ever apologize?

What news outlets do you recommend?

If internet is disconnected, what options then?

Is shortwave radio still viable option?

They never apologized. So now, I am supporting four separate lawsuits going after NSA/CIA/FBI/DOJ unconstitutional surveillance.

Check out Circa News - true investigative reporting without political bias.

Shortwave radio is still viable, even desirable if it can meet your needs for distance, line of site, etc. Go analog vice digital if you can.

Have you ever seen any proof of extraterrestrial life here on Earth?

I have no direct evidence, but as a mathematician, I can - with great confidence - state that the probability of life existing somewhere else in the universe is 1, which means it's out there.

The UK wants to start Chinese style Internet monitoring. Do you think this will a) work b) prove to be the only way to keep people safe

First, the US and UK with others collect virtually everything on Internet and Public Telephone Networks. Chinese cannot match that. The question should be, have the Chinese accomplished what we are now doing. Answer is no - not yet.

We believe the report may be a fake report. If not, it is poorly written. In any case, it indicates the Russians did not break into the voting system. They were exploring for information.

When I say "we", that means most of the Veteran Intelligence Professionals for Sanity (VIPS) and some others we know with intel backgrounds believe this.

Hi Bill!

I've seen your claims in a few different forms over the years, but they've always been relatively light on the details. Can you explain exactly how your program differed from other programs? For example, in this AMA, you claim that the "efficacy was down to it being metadata focused". The NSA currently runs significant programs which are metadata focused. How, exactly, did yours differ?

Additionally, you say that it was ditched "for money". What was the source of money that caused NSA to look at a product that nominally does exactly what NSA's mission is and respond, "Nah. Let's not do that"? Where did that come from?

Thanks!

ThinThread has 3 differentiators:

1 - It filtered out all content not associated criminal and terrorist activities. Other content was ignored. 2 - Any person acquired but not yet known to be criminal or terror-related was protected by encryption of their identifying attributes. 3 - The ThinThread network was constantly monitored by software that tracked what users did when they connected to it and looked at data, what they did with the data, etc. So, this means that if Snowden had downloaded data from the ThinThread network, we would have seen it immediately and known exactly what he took. No guessing.

The source of the money was Congress who gave the funds Director Hayden requested (3.8 billion dollars) for the first five years of his program (TRAILBLAZER), despite the fact that ThinThread had already solved the essential challenges.

Basically, staff members in Congress were suggesting to NSA management (Hayden included) that ThinThread already had solved the problems and should be used accordingly. NSA ignored Congress and awarded big contracts to big companies who failed utterly to produce results.

TRAILBLAZER was declared a failure by Congress in 2005.

Mr. Binney, are you familiar with the radio program coast to coast am? Have you ever given an interview on the radio program? If yes, would you do another one in the near future? If not, would you you consider going on the show?

I have been on this program and discussed all the spy programs the agencies are using to commit mass surveillance, map locations, etc.

Hi Bill! Couple quick questions for you.

1) We all know that communications tools and social media are routinely monitored by national-level intelligence agencies. Do you worry about three letter agencies getting involved with private actors who collect/analyze big data on an official or unofficial level?

2) Can we talk about attribution? When a major hack happens, we hear reports about it being traced to X or Y actor but we never hear how. Considering that an attacker can obfuscate traffic or make it appear to an analyst that it is coming from a specific source, how do we actually know who is attacking us?

For example, the Sony attack was "linked" to DPRK but I read the USCERT report and it looks like common American phrases were used as seeds and the attack vectors were unsophisticated. Things are looking similar with WannaCry but I haven't looked into that enough. Are we being lied to by the government to prevent a public freak out when people realize how easy it is to hit companies creating hundreds of millions in losses?

Question 1 - Yes I worry - they are already doing this and getting paid for it by the government(s).

Question 2 - If the govt is telling you that country X is doing the attack, you have a 80% chance of that being a lie. It is difficult to know the true origin - must be able to trace the packets and look inside of them in order to know. Called Deep Packet Inspection.

Thanks for the reply, mind if I ask a few followups?

Its more troubling to me that the government is just paying for the data as opposed to getting it from a covert method. How can we, as average citizens, protect ourselves from this collection without becoming straight up luddites? Things like Alexa/Siri and the smart grid bother me - Is not playing the only way to win?

Do you have any thoughts on Reality Winner who was just arrested for leaking NSA reports? https://www.nytimes.com/2017/06/05/us/politics/reality-winner-contractor-leaking-russia-nsa.html?_r=0

If the government wants you, they will get you - too many resources to fight. Whatever you do might protect you from local governments but not the "big boys."

The main reason we are here in Europe is to urge rewriting of law to mandate targeted vice bulk collection of data and to help protect privacy rights.

Maybe some of this stuff is a bit hard to follow for "normal people"m especially those who haven't seen the film.

Can you guys perhaps recap:

1) WHAT do the USA/5EYES spying machine collect? 2) What do they do with all the data they collect?

They collect all data making up communications between limited numbers of people. Here is a representative list:

Videoconferencing Location information about people,
Phone calls Emails Chatter on the net SMS (texting) Financial transactions, including credit cards, etc Passive transponders (E-Z Pass etc) Travel manifests Web browsing VOIP/Skype... Social media

They also insert capture devices inside personal computers, routers, servers, etc.

Former Gen. Alexander, Director NSA said, "COLLECT IT ALL!"

Based on the information available today, do you believe Russia played a role in Donald Trump being elected?

Absolutely not. Accusations against Trump are a red herring.

What makes you think that?

It is so because all we have seen are accusations based on suspicions. Not one iota of proof has been provided. The Dir. of National Intelligence - James Clapper - himself has said there is no evidence of collusion with Russia. So has Senator Feinstein.

See article here:

http://www.nybooks.com/daily/2017/03/06/trump-russia-conspiracy-trap/

Did Thin Thread use what we now call "sentiment analysis"? I've been interested in natural language processing and post-911, probably 1/2 of the NLP research I've read is some version of "sentiment analysis" (it is also possible I've just been too narrow in my research).

Also: the Bush administration hated all-things-Clinton and ended lots of anti-terrorism stuff (including NK getting nukes) just because it had a whiff of Clinton on it. Do you think this might have been the reason for Thin Thread getting canceled?

We did not use sentiment analysis or anything involving natural language processing, other than having an interest in content directly attributable to people of interest, like criminals, terrorists et al.

No, Thin Thread was cancelled because of money and big company interest to feed off the public teat.

Hi Bill,

Why Amsterdam? Are you enjoying our weather today?

How seriously do you take your own privacy while browsing the internet?

EDIT: Spelling.

Why Amsterdam? Good food, good friends, bad weather today. I do not worry about privacy myself, because I have evidence of all the criminal activity by the US Government, and they know that.

Bill, What are your thoughts on other whistle blowers such as Edward Snowden, Chelsea (or Bradley) Manning, and recently Reality Leigh Winner being arrested over the weekend for leaking information on alleged Russian Election hacks. Do you think any of these people's actions were justified? Were they right in ho they went about distributing the information? Thanks in advance for the answers.

Snowden and Manning were motivated by moral standards, whereas the Reality Winner may have been motivated by pure politics, because the report did not show a clear connection to Russia.

Where in the world is Carmen Sandiego!?

In Los Angeles.

Huh, I thought she was in San Diego.

:)

If you could recommend a book or two as mandatory public education, what would it be?

Thank you sir for your continued fighting!

The Shadow Factory, by James Bamford Spies for Hire, by Tim Shorrock

I have also heard from friends that these are good books to read:

Data and Goliath, by Bruce Schneier No Place to Hide, by Glenn Greenwald American Spies, by Jennifer Granick

Although ThinThread (necessarily) relies on access to backbone communication links/cables, it does not rely on massive intake of content --- an opportunity to significantly reduce bulk collection, as A Good American explains. During a pre-screening in March 2016 you mentioned discussing ThinThread with governments including Germany, Denmark, Sweden, Norway, UK, Canada, Australia and New Zealand; and that Canada, Germany, Australia & New Zealand had 'picked it up'.

Q1 (to Bill): did any government, so far, indicate a willingness to consider replacing existing methods that rely on bulk collection with ThinThread (or a ThinThread-like model) -- and to then reduce or eliminate bulk collections? Or is ThinThread rather seen as an addition, and existing sigint collection upheld?

Q2 (to both Bill & Kirk): did any of the SSEUR countries, so far, consult Entity Mapping to implement ThinThread?

Q1: After leaving NSA in Oct 2001, we had no further communications with any other country's intelligence agency. We are working with the EU to improve surveillance techniques and to include privacy by design.

Q2: No, none of the SSEUR countries have attempted to contact us.

Hi Mr. Binney;

What question do you always wish people would ask you?

Thanks!

It would be, "Do you have to give up privacy to provide security?" The answer is absolutely not. Intel agencies of the free world should have adopted a targeted approach to data collection off the networks of the world. Since they did not take this approach, you can see in the tragic examples of Manchester and London, their approach is failing.

Mr. Binney, what are your thoughts about WikiLeaks and Julian Assange?

Julian Assange is a reporter and deserves the protections afforded reporters of news by the Constitution of the United States. Otherwise, the government must charge the New York Times, Washington Post and others with the same charges they would charge Julian.

[deleted]

I do not get around much, so I don't have enough information to give you a good answer.