I’m Shane Harris, a journalist and book author who writes about the NSA and cyber warfare. Ask me anything!

What do you think is the number one thing American citizens should be concerned about in regards to their privacy and security here at home? What can we do to alleviate those concerns?

As formidable as the government's capabilities are to gather information about billions of people, I think Americans should be most concerned about private companies collecting their information without permission, as well as criminals who steal personal information. I think people need to take their cyber security as seriously as they do the physical security of their home or their person when walking on the street. That means using smart password security, being careful about the Web sites you visit, and just generally getting better informed on some of the basic rules of the road in cyberspace.

How much of our information does Google have?

A lot. And the more you use Google, the more they have. It's not a surprise that the company is so important to the NSA's surveillance operations. I write in my book @War that Google and the NSA a few years back formed an arrangement, which is still classified, that allows Google to share information with the NSA about cyber threats. And yes, that does sound very vague. We also know from the Snowden leaks that Google is one of the companies that the FBI/NSA serve with court orders to gather information on the company's users. Again, not surprising, given Google's reach and the data it has. If the NSA couldn't obtain company's data, it'd be a much less powerful intelligence agency.

Do you think the NSA does more good than harm?

Probably.

Something that bothers me is how advertising seemingly uses data i know i did not enter into my phone to come up with ads.

On my computer I use adblock but not on my phone...

A recent example is that i was working with clorox bleach in the past few days...I or people around me probably said either clorox or bleach loud enough to be picked up by my phone's mic...I'm fairly certain I did not enter either of those words in my phone until just now

Yesterday or the day before I saw an ad on my phone for clorox bleach ... It just seems like way too much of a coincidence

They must have used some data I didn't enter

However it's not just this one instance and I feel like it's a bit intrusive

I also feel like if companies are able to do this then there's just a blatant disregard for privacy and any data you can possibly create is being sold

In some instances the data mining is ok...like how google determines traffic

But in most other cases it feels like the phone companies are selling your personal data

Could this also be a potential threat? Could a company or organization buy data that would endanger people? Ex: listen in on important people's conversations. ..track the position of troops etc.

This is a great question that gets to my point above about how our definitions and expectations of privacy are changing. Perfect example you give here (though I can't speak to why you're seeing bleach ads). But you're talking about companies using data in ways that you might never have imagined and that, if you had, you might not have condoned. My mother actually founded a direct mail marketing company. Her entire business was gathering huge amounts of data on cluster of people--by zip code--to understand what products they're likely to buy, and then helping companies figure out how to sell to them. But you know what? She refuses to use Facebook. It's going too far for her.

If you could meet Edward Snowden, what would be one thing you would ask him?

Where do you get the best caviar?

No, actually, I would ask him: How many times a day do you think about going home?

Any theories as to who is The Jester?

Hmmm. I think he's probably an American. Ex-military. But as to who he really is and where, I just don't know. Could be ex-NSA.

All totally plausible and equally fascinating. I hope someday we'll get the whole story. Is there any organization within the US government that engages in similar activity? Like taking down ISIS websites?

Yes. The NSA. There's also a group in the agency called Tailored Access Operations that does a lot of the very high-end offensive cyber work. I write in @War about how the NSA took down Al Qaeda Web sites during the Iraq war in 2007.

When do you expect to be killed in a completely coincidental freak car explosion accident?

Well one never expects such things, does one? But I'll say Tuesday.

What's your take on fund-sharing software like Venmo and Paypal? Are the users at risk in any capacity, and if so does that risk stem from what Venmo or Paypal could do with the information you sign away to them or would the software being hacked be the concern?

PayPal actually is a good subject for this question. It didn't become successful by become a payments processor, but rather a SECURE payments processor. The founders invested very heavily in anti-fraud protection. That said, there's always a risk when you conduct financial transactions online. If you're using a credit card, your'e going to be covered by your card issuer for any fraud. As for what companies are doing with your data, I think you have far less protection.

What's your default response to people who shrug off the concerns of privacy advocates with trite reponses like "if you've got nothing to hide, you've got nothing to fear?"

I say, That's not the way our constitutional system works.

What's the best piece of advice you've ever been given?

It came from my professor Maya Angelou when I was her student at Wake Forest: "When people show you who they are, believe them."

Do you think Public Key Cryptography can currently be cracked by the NSA?

I read in "The Code Book" that public key cryptography was developed decades before the 70's by British spy agencies. I can only imagine what the NSA has developed, maybe even quantum computing?

Any thoughts?

EDIT: deleted irrelevant info

I think anytime someone claims a code is unbreakable, the NSA sees that as a challenge. :) I'm not sure about Public Key. But you raise a great point here. The NSA has gotten a lot of press and public attention for how it collects communications (signals intelligence) and breaks into computer systems. But at its core, it's a code making and code breaking agency. It invests extraordinary amounts of money into developing new codes, breaking codes, and building super computers to aid in that mission. NSA is beyond the cutting edge in computer science, and in the development of quantum computing. It employs more mathematicians than any single organization in the United States. Cryptography is the NSA's DNA. If there's a code, they're going to try and break it.

Thanks for your answer

You're welcome. Thanks for your question.

What has been the greatest mistake of U.S. intelligence in regards to intelligence gathering, cyber warfare, or cyber security?

Underestimating the capacity of the American people to have a public debate about what our intelligence agencies should and shouldn't do.

Would that debate have come about in current force without Snowden?

I think probably not. I've been writing about these issues for years, as have other journalists, but Snowden's disclosures ignited the most significant and broad debate about these issues since 9/11.

What do you think about data security and where we're headed?

It's generally pretty weak. I think companies are starting to wake up to the fact that if they don't have a strong cyber security program in place, they're going to pay financial and reputation consequences. We're going to see a lot more high-profile breaches (think Home Depot, Target, Anthem, JP Morgan). The director of the NSA, Mike Rogers, said he thinks that within his tenure at the agency, there will be a major attack on some kind of critical infrastructure in the United States--by which we usually mean the power grid or a utility or a banking system.

Successful major attack, or "just" an attack that will make front-page news?

I think he meant both. A successful attack that would be significant and visible.

How much of our privacy is being infringed upon?

That's a great question, and a hard one to answer. If you mean to what extent are government agencies and companies collecting information about us, the answer is, a lot. As to wether that violates your privacy, and to what degree, I think there are two ways to look at that. One is through the legal lens. In terms of government surveillance, which I cover, there are a number of important legal challenges to thinks like NSA collection of metadata that have been brought in recent years, arguing that the government is violating our fundamental privacy rights in its collection of all this information. And I think there's a very good chance that the Supreme Court will consider whether 4th Amendment protections need to be extended to things like phone records. These would arguably tighten privacy laws in the United States. But I think there's a second, and maybe even more important lens through which we should view this question. And that is, what do people today really mean when they say "privacy?" Because different people have different definitions and understandings of what is private, and about the expectations we should have in a digital age. Very broadly speaking, if you're over 60 years of age, the word "privacy" connotes many more expectations than if you're under 25. Many intelligence officials I've talked to have argued that privacy isn't a "one size fits all solution" (their words). And they've been pushing to change laws and operate within existing laws in a way that isn't always transparent, and makes a lot of people nervous. But they've still hit upon the fact that what we mean by "privacy" today isn't at all what we meant 30 years ago. Not across the board, anyway.

1) What is your opinion regarding the proposed CISA and PNCA and do you think either one will pass?

2) If either does pass - do you think they will be challenged in the judicial system?

I don't have an opinion per se on either law. I think they both face an uphill climb in terms of opposition from privacy and civil liberties groups. That said, in the past few weeks we've heard members of Congress talking in pretty positive language about the chances of reconciling House and Senate bills and passing a law. Congress has been trying for years to get this done. Will they be challenged in the courts? I think that's highly likely. Will the be successfully challenged? Much harder to say. But generally, the courts show a lot of deference to the executive branch on matters of national security.

Please comment on what you know about the CIA high up who was portrayed as "The Wolf" in "Zero Dark Thirty." Also, how do you rate that film?

He's achieved something rare in the intelligence business--a public profile. You usually don't hear about the people working at Langley, and you certainly don't hear about their ominous nicknames, or their personal habits, or their reputation within the agency. A lore has built up around this individual. And of course, he's now leaving his job as the head of the counterterrorism center--which, as an aside, doesn't seem all the surprising, since he's been doing it for so long and because his boss, John Brennan, wants to reorganize the agency. I hope that the Wolf comes out from the shadows when he leaves the CIA and talks to more people like me.

I liked ZDT. I thought it was very well shot, very compelling. My only gripe with it was that I thought amid all the controversy, the filmmakers tried to backpedal from their argument about whether torture produced valuable intelligence. To my view, they clearly argued in the film that it did. I don't think they were taking a moral position on torture, but it seemed to me that they were saying it not only worked, but it helped find Osama bin Laden. But publicly they backed away from this position.

What's one piece of information regarding the NSA, cyber warfare, or U.S. intelligence that much of the American people don't know, but should?

That many of the NSA's actions taken in the name of protecting cyberspace--and by extension, the nation--could be making it more vulnerable. I write a lot in @War about the agency's collection of zero day exploits. These are, more or less, "cyber weapons," worms and viruses that take advantage of flaws in software or computer operating systems that haven't been discovered by their manufacturers. The NSA is the single largest procurer of ZDs. If the agency wants to promote cyber security, however, there is a powerful argument that they should DISCLOSE these vulnerabilities rather than hoard them. And don't take my word for it: The panel of bi-partisan experts that President Obama convened after the Snowden leaks to recommend changes in NSA policy said the agency should disclose more than it hides.

Have you been threatened, either directly or indirectly, by authorities because of the topic you are reporting on?

No.

Has any of your colleagues been pushed in front of a moving train because they were being too snoopy?

I couldn't possibly comment.

What will it take to finally motivate the US public to put a stop to spying on innocent Americans? It feels like we are close to a tipping point, but what kind of event will need to occur before it finally happens?

I think if the NSA or another gov't agency were proven to be spying on people for purely political purposes, like with the COINTELPRO scandals of the 60s-70s, then there'd be radical change in the system.

Think someone with a Computer Science degree and a background in penetration testing/software security, would find it difficult to get a job for a news outfit in these cypher/cyber times?

No, I think you'd find lots of people who want to hire you. Lots of news organizations want people who can help protect their information and also help report stories on these topics.

Thanks, I love your work. If you don't already, you should look at OWASP and follow members of the OpSec community on Twitter, crazy stuff like possible zero-day exploits for Tor show up.

Thanks! Will do.

Well I don't know much about you but we have the same first and last name, so I have that going for me...... What are some things we can do in our every day life that will help protect our privacy? Should I run Tor all the time, avoid the major search engines, avoid the Internet all together. It just seems kind of impossible to stay off the radar.

Hi, Shane! Nice name.

No, you shouldn't stay off the Internet. You don't even have to do drastic things to give yourself a good deal more personal security. Try using a password locker, which will generate random passwords for you and make it a lot harder for someone to break into your accounts. You could also encrypt your hard drive if you want to be very careful about controlling data on your machine. Don't open attachments in email from people you don't know. These are some pretty straighrforward things you can do and, while maybe a bit of a hassle sometimes, you'll get used to it.

Hi Shane. Do you think biometric identification (perhaps just a fingerprint) would be an adequate way to secure financial transactions/sign into accounts over the internet?

I think most experts agree that biometrics would be a lot better than using passwords. But I"m not sure fingerprints are foolproof. There may be better biometrics, though the tech to read them isn't as advanced. Face scanning, for instance.

If we are just normal people with nothing to hide, living like an open book and don't use social media very frequent ,? In our case should we still be protective on Internet ? I mean I'm not rich , not famous ? Why should I be worried about people stealing my privacy and private information ?

You may not be rich or famous, but you probably have a credit card and a bank account that you'd like to protect. You want to keep this information safe. It's your money!

Do you think the NSA has managed to "crack" TOR in the sense that they are able to track users through it (relay nodes)? Also, do you think TOR is as anonymous as it is made out to be?

Good question. From what we've seen in the files disclosed by Edward Snowden, it looks like the NSA hasn't been able to crack Tor--unless they've made more recent advances. I wrote about this a while back. http://foreignpolicy.com/2013/10/04/not-even-the-nsa-can-crack-the-state-depts-favorite-anonymous-network/

Do you use Google, for searching, or Gmail? Do you have a personal Facebook page? Do you use Tor?

I do use Google, and Gmail. And I'm on Facebook. And I have used Tor. I'm just very judicious about how I use them.

What do you mean by judicious? Like, nothing work-related? No banking info? What's the cutoff, in your mind?

I don't reveal too much personal information via social media. I adjust my privacy settings on Facebook. I don't send financial information in emails. I also don't let people tag me in photos w/out permission.

Ever make it out to any of the DC security meetups, e.g. OWASP NOVA/DC, ISSA, etc?

I've been to some. Happy to come again! My contact info is on my Web site. shaneharris.com

What in your opinion is the easiest way one can protect their online freedom?

Do you mean your personal security? I want to make sure I know what you mean when you say freedom. Do you mean freedom from gov't surveillance? something else?

Sorry about the vagueness, I meant from gov't surveillance.

Well, again, I think you have to be smart about how you behave online. Use multiple passwords, use encryption where appropriate, be careful about opening attachments. But as far as protecting yourself from, say, the NSA collecting phone metadata, there's not much you can do. These are legal programs, and no one is really immune from them.

Do you think adblock is a tool to help prevent people from visiting the wrong websites? Also do you use adblock yourself?

To your first question, I'm not sure. But I've used it.

[deleted]

Sure. I used a password locker. I also use encryption for email and other forms of communication. I have an encrypted phone service, for example. I'm also just generally careful about not giving away too much information about myself. I also don't answer phone surveys.

With the impending arrival of the "internet of things", everything becoming wireless, what are cyber security experts doing to prepare for the eventual possibility someone is going to try hacking our wireless microwaves, cars, and even our refridgerators?

They're cowering in fear. Ok, only a little bit. The advent of the IOT is probably one of the most discussed and fretted over topics in cyber security right now, and understandably so. If you haven't seen it, check out the 60 Minutes episode featuring DARPA's Dan Kauffman, aka DARPA Dan, who is working on this very problem.

Do you think the FCC classifying broadband provides as telco carriers is a bad thing? I found this article about legislation that was put in to effect in the Clinton administration that pretty much said that companies have to build back doors in to their network for government surveillance. The article, if I'm reading correctly, says that for that kind of thing to be legal under the constituion, the companies need to be regulated as "telecommunications carriers"

Sorry if this isn't organized well, I tried to get what I was thiniking down on here and I'm not sure I did the best job.

No, I think I understand the question and what your'e getting at. So, there is a law, called CALEA, that requires telecommunications companies to build their devices in such a way that the government can tap into them, when it has a lawful order--like a warrant issued by a court. Now, whether that's a "backdoor" per se is a kind of semantic question, because people use backdoors also in other contexts. But...suffice to say that this law does apply to telecoms, but it hasn't been applied to ALL tech companies. The law was passed back in the mid-90s, and it essentially left the Internet and Internet companies untouched.

Now as to the FCC and the Obama administration's position on treating the Internet more like a utility, what I find really interesting is that if we are going to treat the Internet that way, then it opens the door to the government imposing security standards on companies. That's not something the gov't has said it's going to do, but I think the door is opening there.

If they do impose security standards, what would that entail, you think? What would be the fallout for, for example, advertising on the web?

I should clarify that when I say security standards, I mean minimum cyber security standards that companies would have to have on their networks. I'm not talking here about restrictions on what companies can do with people's data. That's a different subject, and certainly one that a lot of lawmakers are focusing on.

Have you read Marc Goodman's book Future Crimes? Where in near future (next 3-5 years) do you see the NSA and cyber warfare going/doing? And what about the more distant future (15+ years)? Any advice for things we can do immediately to arm ourselves against cyber warfare and the nosy NSA? Haha. Thanks :)

I haven't read the book. Is it "future crime" as in that Tom Cruise movie? The one where we have skyscrapers in Washignton? Because THAT is fantasy. :) In the next 3-5 years, I think the U.S. military is going to integrate cyber offense and defense more into the ways it fights. And so are other countries. The Defense Department says that 60 countries are setting up military cyber units. 15 years from now? Really hard to say. As for what you can personally do, use different, ideally random passwords, use encryption where appropriate. Make it harder for people to get your information, including by not giving away too much of it voluntarily.

Haha no, check it out: http://www.amazon.com/Future-Crimes-Everything-Connected-Vulnerable/dp/0385539002/ref=sr_1_1?ie=UTF8&qid=1427481064&sr=8-1&keywords=Future+Crimes+marc+goodman

He also has an awesome TEDtalk: http://www.ted.com/talks/marc_goodman_a_vision_of_crimes_in_the_future

And thanks for your answer!

Thanks!

What do you think of newer muckraking ventures, such as The Intercept, to break stories critical of government abuses, versus traditional media? Broadcast journalism?

If there is a difference, is it due to their being more "wired", their sometimes non-traditional funding structure, their not being part of the Beltway circuit, their being part of vast conglomerates, other factors or a combination?

Is there any hope for the traditional media to comfort the afflicted and afflict the comfortable, or has that ship sailed?

Well, to your last point, I think there's not only hope, but that the traditional media--lets take that to mean newspapers and broadcasters--are achieving that journalistic mission. I'm really not so doom and gloom on the state of American journalism. I think we're actually in a very bright period. We've (mostly) gotten over this idea that the Internet meant we had to fundamentally change our tradecraft. I see very interesting, innovative, exciting online publications doing great work and adhering to the same core standards as newspapers and broadcasters have. I think that we at the Daily Beast are doing quality journalism every day. In our news room, the standards are just as rigorous as they've been in some much older places I've worked.

Ultimately, journalism is a craft. The means by which we distribute journalism are less important than the work itself.

Which of the following do you think is the greatest threat to our nation today and why:

(1) The continuing growth in scope of the surveillance state at home and abroad

(2) The terrorist threat the surveillance state is supposed to be protecting us from

Other Questions:

Are our sacrifices in privacy and freedom justified based on the results they're driving in stopping/impeding terrorists and/or cyber attacks/spying from foreign nations?

Based on what I've read, it seems like much of our cyber "warfare" efforts are actually means of maintaining our global economic dominance. The US seems to have made a point of calling out China over cyber-snooping our private sector and government to steal economic secrets, yet many sources say we're doing the exact same thing on a much larger scale. Would you say this is accurate? if so, how effective have these efforts been?

1

As to the sacrifices and stopping attacks, this is a hard one. I know many intelligence officials, whom I trust and find credible, who say they know of specific attacks that were stopped thanks to surveillance tools and programs the government uses. That's hard to verify, of course, but take that how you will.

We definitely spy on foreign corporations. I think the difference is that our intelligence agencies don't give that information over to private companies to benefit their bottom line. But there's a lot of wiggle room here. I would refer you to this post by Jack Goldsmith on the subject. http://www.lawfareblog.com/2015/03/the-precise-and-narrow-limits-on-u-s-economic-espionage/

Thanks for your answers and linking me to further reading material!

You're welcome.

I try to explain to my family about how everyone from the government to Google and the sites it finds are collecting data to build a profile of us; each for their own reasons. They look at me as if I had 2 heads with tinfoil.

Is this a natural reaction to not want to know truth? How do you go about informing others what they need?

I think a lot of people find it hard to believe, and I understand the reaction. I just write in as straightforward a way as possible, not trying to scare people.

What can the average American do to stop the Orwellian ways of the NSA and big business?

I've written above about things you can do to keep your personal information safe. As for stopping the NSA--not much.

Any advice for an aspiring journalist graduating from college next year?

Get an internship or a fellowship at a publication, and get some clips under your belt. Once you're in the profession, it's easier to get another gig and move up. And be patient! It's a craft, and you have to learn it. As a good friend of mine who's an actor in Los Angeles said, "You're not in a race to get famous."

[deleted]

Lee Beckmann.

What are some quick tips to help people in our daily life understand this subject?

Follow me on twitter. @shaneharris :)

There are a lot of great journalists covering this topic and explaining it in ways that are not only clear, but clear in how they apply to your every day life. Read Brian Krebs, Kim Zetter, Andy Greenberg, Kashmir Hill. And pay attention to really smart policy folks like Julian Sanchez and Chris Soghoian. Jack Goldsmith on Lawfare writes very thoughtfully on the legal aspects of cyber security.

Will do. Thank you for your advice. Have a great weekend!

You're welcome. You too.

Are we living in a cyber Cold War with Russia and China?

In many respects, though there are "hot" aspects of the conflict, too. But if by Cold War we're talking aggressive actions towards each other, mostly spying, that don't result in full-fledged war? Yes.

At this point, if you type something on an internet connected device, you have given that information away to potentially be used against you. This is something that I have assumed has been happening well before there was any real media attention about it.

My question is this, since we can assume that we are being electronically tracked/watched/listened to, what do you feel we can do as citizens of the free world to bring real change to our governments to prevent this?

Thanks!

Well, let's be more specific here. Anything you write online, such as in a forum like this, can be read by lots of people, not just the government, and there are plenty of reasons you might want that to happen. When we're talking about what the gov't can do with our communications, we're talking about matters of law--what they're allowed to collect, what they're allowed to do with that information. And there's where any of us as citizens can get involved. Be vocal about what you want to see changed. Support groups and lawmakers that support your positions.

Mr Harris, What are your thoughts on governments cataloging zero day vulnerabilities for later exploitation? Doesn't this create unnecessary risk in the cyber domain? How are cost/benefit decisions made with respect to maintaining vulnerabilities as opposed to giving them to companies to patch?

Thanks for your question. Someone asked about this earlier, so I'll repost my response. This is an issue that I think hasn't gotten a lot of attention.

I write a lot in @War about the agency's collection of zero day exploits. These are, more or less, "cyber weapons," worms and viruses that take advantage of flaws in software or computer operating systems that haven't been discovered by their manufacturers. The NSA is the single largest procurer of ZDs. If the agency wants to promote cyber security, however, there is a powerful argument that they should DISCLOSE these vulnerabilities rather than hoard them. And don't take my word for it: The panel of bi-partisan experts that President Obama convened after the Snowden leaks to recommend changes in NSA policy said the agency should disclose more than it hides.

Which country would you say is ranked highest as far as a cyber threat? Is there any country/group of people that are being overlooked as far as a cyber threat?

In terms of the threat they pose to the Internet? I make an argument in the book that the United States government is doing things in the name of security that make the Internet a lot less safe for everyone. China is certainly a source of large-scale espionage and theft. And Russia is a nexus of organized crime. (We have a lot of cyber crime in the US too.)

Do you miss the submarine show? Have you started watching Last Ship yet?

Also, did you consider Ben Wittes drone smack down strategy to be cheating??

Dude. You KNOW how much I miss that show. That was a simple injustice that it was canceled, pure and simple. I started Last Ship, but didn't finish it. I will. But Eric Dane is no Scott Speedman.

Sorry, I just saw that I didn't answer your second question. I was the judge in the Drone Smackdown, so I closely studied the rules. And I determined that Ben was not cheating. But his competitors will not be fooled again.

If you had your way, what are some services that everyone should use to secure themselves online? Such as VPN, TOR, some sort of private messenger or email service?

Password lockers and encryption. They're not that hard to use, and if I had my way, everyone would know how.

Why aren't we doing more to support the Kurds/Peshmerga?

For a group so openly pro-western, one would think we'd be throwing our entire weight behind them in the form of equipment, intelligence sharing, etc.

It's a good question. I may have some answers in the near future...

I'm in the middle of reading Legacy of Ashes, which is a comprehensive and very critical history of the CIA. I'm sure it is written with a bias against the CIA but it really paints them as an incompetent agency that backs into their few wins and has no accountability for their loses (I was particularly struck by an incident in I think Indonesia where the CIA was backing one side of a conflict and the Pentagon was backing the other). Now I'm only up to Kennedy so I'm no where near the modern age, however: Have you read this book? Do you think it is a fair assessment of the CIA and its capabilities/limitations? Is the CIA still like this today? How does the NSA compare with the CIA in these terms?

I've read the book. I don't have quite the same view of the CIA as the author. There have been failures, of course, but I don't think the entire history of the CIA is one of failure.

Thanks for the honest answer. This AMA has been very informative!

Great! I'm glad you enjoyed it. Thanks.

Sorry, a follow up: could you recommend any books that paint a more realistic view of the CIA? Or even a positive view as a counterpoint?

@War will probably be my next read so this would be for after that.

There are so many good books about the CIA. And LoA is very good, too. I don't want to denigrate it in any way. Check out The Very Best Men by Evan Thomas and the biography of Wild Bill Donovan by Douglas Waller. I hope you like @War!

I hope all commenters buy your book. What is your next project?

Thanks! I'm not sure yet. But I think I want to write a novel. Maybe on these topics.

[deleted]

Go, Deacs!

I don't know if public opinion is decisively on one side or the other on this. But I think that if he came back, he would certainly face a prosecution and almost certainly a very significant prison sentence. The government will not let him off lightly. I'm not offering an opinion on what they should do, but I think this is just a fact.

Can you suggest a book or two that would appraise a layman of the mechanics of modern-day cyberwarfare (both large and small-scale) and explain some of the broader politics motivating it?

Well, that's what I did in @War, so I'll recommend you check it out. http://www.amazon.com/War-The-Rise-Military-Internet-Complex/dp/0544251792

What are some good podcasts/audiobooks on the topic?

Check out my podcast Rational Security. http://spaghettionthewallproductions.com/rational-security/ The Diane Rehm show also does good work on cyber security. And Steptoe and Johnson has an entire podcast devoted to the topic. http://www.steptoe.com/resources-area-107-145.html

So I heard that the NSA has access to everything your phone's microphone picks up, even when it's off (unless the battery is taken out). Is this entirely accurate? Also is all of this data just stored and can it be accessed whenever or will it ever get deleted?

The NSA has the capability to track a phone when it's turned off. I write about this in my book. And hackers have actually shown how they can turn on your phone's microphone. But it's not accurate to say the NSA has access to everything your phone picks up. Having the capability to gather something doesn't give them the legal right. If you're a U.S. person--defined as a U.S. citizen or legal resident--then the government (any agency) needs a warrant to access the contents of your communications. And what you say that's picked up by a microphone is certainly content.

Are these really a thing?

Yep.

How much information does the NSA have on you?

Personally? No idea. Other than any phone records from my landline. But they have that on all of us.

What do you think about H.R.1466 - Surveillance State Repeal Act? I wrote my congressman an email last night telling him that he should support it.

I think the chances of it passing are near zero. Congress has historically been very reluctant to pull back even portions of the Patriot Act, much less the whole bill. That said, members of Congress standing up and making bold proposals as a way of focusing, or starting, a debate is, I think, a good thing. And if this bill gets you to learn more about these issues and write your lawmaker to share your view, then some piece of our system is clearly working.

Thanks for the response! I think you're sadly right, but at least it's a step in the right direction.

Keep pushing!

What is your opinion of the "Third Party Doctrine?" As well as ways to cut down on unwanted internet surveillance by advertisement companies?

I never go to more than two parties in a night. (I forgot to mention I used to do sketch comedy.)

I think that third-party doctrine is being tested in a big, big way, mainly through the government's collection of telephone metadata. The Supreme Court has signaled an interest in considering whether or not the Fourth Amendment should apply to this kind of information. Smith v. Maryland is the operative case here. I thought it was fascinating that, last year, the former AG of Maryland (I think it was the AG) came out and said he NEVER thought third-party doctrine would be applied as broadly as it is today. As for cutting down on ads and the like, I wish I had a better solution. I get flooded every day.

can you list the names of companies that collect our personal information? what techniques do these companies use to collect our information? how many data points do these companies keep track? in the future when we are all dead and these data sets are public domained what unobvious knowledge we be extracted?

Axiom, ChoicePoint, Nexis, Google, Facebook, almost any magazine you subscribe to... The list is very long. If you're talking about big data aggregators, like ChoicePoint, say, they're collecting public records. A lot of this is stuff collected by gov't agencies--like your address, or what you paid for your home--that are publicly available. If we're talking about companies like Google and Facebook, you're voluntarily giving them a lot of information about yourself just in the course of using their services. As for what information could be extracted after your demise, these companies will have a great deal of historic information that they will be able to use to, perhaps, predict future trends, assess risk, go back and figure out what kinds of sales strategies worked in the past. Just use your imagination, really.

Do you take precautions for the government spying on you and if so what are they?

Most of the precautions I take are aimed at protecting my sources. I don't want to say too much about how I do that. But in general, just for my personal protection, I use a password locker and aliases to better secure my accounts and my information.

If The Kingdom of Saudi Arabia decides to deploy ground forces in Yemen with or without the other members of Peninsula Shield or other regional military forces:

1) What is your opinion whether or not the U.S. will participate in a ground war in Yemen openly & directly?

2) What do think Iran's reaction will be - not just in terms of publicly but considering that Al Quds are on the ground in Iraq?

If for the sake of argument we're taking a ground invasion by KSA as a given--and I think there are a lot of reasons why they won't invade, namely that they sent in troops before and got clocked--then I do not think the U.S. would also send troops into Yemen. Indeed, this week we pulled out the last 100 special ops forces we had in the country. (I actually think we're more likely to put boots on the ground in Syria than in Yemen, because the buildup of terrorist forces in Syria presents a more direct threat to U.S. homeland security.) As to your second question, I think Iran would escalate--send weapons to the Houthis, more money, and ramp up either the use of irregular forces or maybe even send ground troops. But that's down the road a piece.