More Details On PRISM Revealed; Twitter Deserves Kudos For Refusing To Give In
from the details-details-details dept
Late on Friday, the NY Times released the most detailed explanation to date of the PRISM system that was revealed on Thursday, claiming that nine of the biggest tech and internet companies were working with the NSA to give them "direct access" to servers. The explanation explains how both the original story was substantially true, as were the "denials," though the denials were (as predicted) a bit of doublespeak. Today, the Guardian revealed another slide from the presentation it has, which clarifies some more details.Basically, it appears those companies all agreed to make it easier for the NSA to access data that was required to be handed over under an approved FISA Court warrant, and they appear to do this by setting up their own servers where they put that information (and just that information). From the NY Times report:
But instead of adding a back door to their servers, the companies were essentially asked to erect a locked mailbox and give the government the key, people briefed on the negotiations said. Facebook, for instance, built such a system for requesting and sharing the information, they said.This is significantly less worrisome than the original Washington Post report, which suggested full real-time access to all servers. That's not quite what has happened, according to this report. This involves cases where the companies really do need to hand over this information. We can disagree with whether or not the FISA Court should issue these warrants, but at some point there may be information that the companies do need to hand over to the government. As for the Guardian, they published the following slide:
The data shared in these ways, the people said, is shared after company lawyers have reviewed the FISA request according to company practice. It is not sent automatically or in bulk, and the government does not have full access to company servers. Instead, they said, it is a more secure and efficient way to hand over the data.
The real question should be about what information the FISA Court is approving warrants over:
FISA orders can range from inquiries about specific people to a broad sweep for intelligence, like logs of certain search terms, lawyers who work with the orders said. There were 1,856 such requests last year, an increase of 6 percent from the year before.Note just how broad some of those searches may be. Staying around for weeks to download logs? We're not talking about narrowly focused searches here.
In one recent instance, the National Security Agency sent an agent to a tech company’s headquarters to monitor a suspect in a cyberattack, a lawyer representing the company said. The agent installed government-developed software on the company’s server and remained at the site for several weeks to download data to an agency laptop.
In other instances, the lawyer said, the agency seeks real-time transmission of data, which companies send digitally.
Of course, what's now also come out is that, despite Google and Microsoft releasing transparency reports about government requests for data, they don't include FISA requests because of the gag orders on them. It's only recently that both Google and Microsoft were able to include "range" numbers for how many national security letter requests they get. One hopes they're pushing to be transparent on FISA requests as well.
The article makes it clear that Twitter was alone among the companies in refusing to join this program. That does not mean that Twitter does not hand over data to the government when receiving a legitimate FISA order. I'm sure it does. But it does mean that they have not set up a special system to make it easy for the government to just log in and get the data requested. Some people have suggested that the government has little need for Twitter to join the program since nearly all Twitter information is public, but that's not true. There is still plenty of important information that might be hidden, including IP addresses, email addresses, location information and direct messages that the NSA would likely want. Besides, YouTube is a part of the program, and most of its data is similarly "public."
This is not, by the way, the first time that we've seen Twitter stand up and fight for a user's rights against a government request for data. Over two years ago, we pointed out that Twitter, alone among tech companies, fought back when a court ordered it to hand over user info. Twitter sought, and eventually got, permission to tell the user, and allow that user to try to fight back. It later came out that, as part of that same investigation, the government also had requested information from Google and Sonic.net, with Sonic.net fighting back and losing. It never became clear whether Google fought back.
Separately, however, Chris Soghoian has noted that an "unnamed company" fought back and lost against a FISA court order... and that, according to the PowerPoint presentation, Google "joined" PRISM just a few months later. It is possible that Google fought joining the program, and then only did so after losing in court. That said, Google's most recent denial insists that "the government does not have access to Google servers—not directly, or via a back door, or a so-called drop box." Perhaps they don't consider a special server set up for lawfully required information a "drop box," but others certainly might.
In the end, it appears that the initial Washington Post report was overblown in that it suggested direct access to all servers, rather than specific servers, set up to provide information that was required. That said, it is still true that the FISA Court appears to issue a fair number of secret orders for information from a variety of technology companies, some of them quite broad, and that many of the biggest tech companies have set up systems to make it easier to give the NSA/FBI and others access to that info -- though, they are often required by law to provide that information. The real outrage remains that all of this is happening in complete secrecy, where there is little real oversight to stop this from being abused. As we noted just a few weeks ago, the FISA Court has become a rubber stamp, rejecting no requests at all in the past two years.
Given the revelations of the past week, the public (and our representatives) need to demand much more transparency and oversight concerning these surveillance programs.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: 4th amendment, direct access, fisa, fisa court, nsa, oversight, privacy, servers, surveillance
Companies: aol, apple, dropbox, facebook, google, microsoft, paltalk, skype, twitter, yahoo, youtube
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
Why is that?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Instead, why don't you get off your lazy ass and call your representatives, or organize a protest?
[ link to this | view in chronology ]
Re: Re: Re:
As for organizing protests, well, what did the Occupy protests accomplish? What did the anti-war protests during the Bush administration accomplish?
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
What I will do is this:
All my calls will use opportunistic-encryption everywhere.
Retroshare and Jitsi are my new best friends.
GPG on everything, I will encrypt every bit of data that I put online.
Encrypting images, video and audio is priority now.
Anonymous proxies and networks are my new digital home.
Although I can see the value in writing your representative or at the very least, sending him/she automated letters every other day.
It may change something, something at some point if you ever get a sympathetic ear or eyeballs, which is doubtful since congress approved that crap for 7 years without raising an eyebrow.
I am the little guy, I am nobody and I will do what I always did, I will hide and keep out of the radar.
Evade and harass.
People should create their own "echelon" mapping all links politicians have and harass them until the end of times.
That is where writing your representatives could be useful, harassment, polite civil harassment to remind them that we are watching.
Also I am sure that in the cutthroat political environment there will be people more than willing to "leak" damaging stuff from their opponents to the public.
[ link to this | view in chronology ]
Re: Re:
You cannot trust any of the three branches of Government when these are the people who created and gained from these schemes.
I am also doubtful you can trust the mainstream US news services who could simply place this under national security.
[ link to this | view in chronology ]
Re:
Second, why the fuck do you think TECHDIRT of all places would try to bury this? This is percisely the kind of issue techdirt places great importance on
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
I will wait for the answers about the specifics of how and what before I make a final judgement. No answer inside a reasonable timeframe would be admission of a huge problem, but I do not think that is what will happen in this mess. There are far too many conspiracies flying around for congressmen to just ignore it. The main problem here is secrecy and how much they will be able to keep completely hidden without the case completely exploding.
[ link to this | view in chronology ]
Re: Re:
I think that is the answer the internet should be trying to find out.
[ link to this | view in chronology ]
Re: Re: Re:
there will be no such apology, said sheeple will find some other form of denial...
these authoritarians are an impediment to revolutionary change...
art guerrilla
aka ann archy
eof
[ link to this | view in chronology ]
Re: Re: Re: Re:
Besides, doing so keeps them safe, even if some of them don't realize it. Most people who are aware of what is mostly going on realize that looking for "terrorist" isn't really about finding people who blow up buildings with planes (it certainly didn't help them stop people from bombing a marathon) as much as it is about identifying people who might destabilize or affect the status quo (and while that likely includes people who blow up buildings with planes, that is far far from the extent of it).
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
The leak at the NSA should've waited until the week of the 4th of July to send this data to the Guardian. Would've had a a little more staying power in terms of getting sheeple's attention.
That being said, didn't the Guardian say they had a lot more intel to expose? I doubt this whole affair is anywhere close to being finished.
As the Zen Master says, "We'll see."
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
Pigs will learn to fly unaided before NSA willingly anonymizes data.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
The fact is, even Reddit (perhaps the greatest "one-stop-shopping" location for information on the topic, is already showing signs of "losing interest" in the story (albeit very slowly, but it is perceptible if you spend enough time reading like I do).
And little will change, given that both parties have so totally polarized their supporters. Conservatives will blame the problem (as they've been trained to do with all problems) on the Democrats and refuse to hold the Republicans accountable. Liberal will blame the problem (as they've been trained to do with all problems) on the Republicans and refuse to hold the Democrats accountable.
Enough dissatisfaction may occur come next election that a few of the weaker districts of "smaller" Congressmen may lose their seats to the other party (or be thrown under the bus by their own if they are deemed expendable), but none of the big players - your Dianne Feinstein or Lamar Smith, your Nancy Pelosi or Orrin Hatch - are going to lose their jobs. And there will likely be enough Democrat dissatisfaction and/or Republican motivation that we are quite likely to see the Oval Office handed back to the Republicans in 2016.
And at the end of the day, a decade+ of history shows that very little is actually going to be done about the issue, nor will much change.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Not so nice
This extra server would also not be there to limit their access to data. This would be not unlike how MegaUpload handled the media cartels of full access to delete whatever they wanted. No delete on Facebook (normally) but indeed full access to rip metadata and details of connections. Facebook can then get on to business while ignoring this Governmental "rape box"
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[Insert telco/tech company] We request you provide all information on the following users:
dir *.* & ls -all
You will comply within 48 hours.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
You aren't actually on this course, although there are materials for the course available at [REDACTED]. Unfortunately, you have to have passed Doublespeak 302 and Psychonauticals 201.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Civic duty won't motivate them; something more selfish is needed. I suggest pointing out to them that they are being spied on, just like everyone else. Presumably, if they realize that their every online action is being watched, they'll develop interest in reform.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
A Theory
A large part of Facebook is obviously game play. Now lets say a popular person has 100 friends and starts up a new game where they discover the fact that on average 3 to 5 of their friends are already playing where they invite the 90+ others to gain 1 or 2 more.
So there you are with your 4 to 7 game neighbours where you soon discover the fact that after 2 days of game play you can't advance the game more because you need 8, 10, 15, 20 and even as high as 30 neighbours. No matter how much you harass your friends you can't do this not to mention the neighbours you have are not very good anyway.
You resolve this problem by finding out the game chat page and all those people in the same situation screaming out ADD ME and wanting hard working neighbours.
Those that go this route can be BANNED BY FACEBOOK. No shit when add the wrong game friend and Facebook won't even let you see your home page without agreeing to their terms that states very clearly "You can only add friends that you PERSONALLY know"
Wait! What? Not even my mother can dictate who my friends are but Facebook can? For a first offence Facebook bans you adding new friends for 2 days.
As I am sure Facebook is aware of the game situation then "personally known" I am sure would kill almost every Facebook game there. I have gone this far and can go no further.
Then today we may now see the real reason. The NSA would indeed want everyone to be in the personal know. They want US users who connect to Middle East users to be part of a terrorist cell. Here is this US user having Arabic rants posted to his wall but he speaks no Arabic! Clear terrorist cell wastes days of NSA work only to find out that the one sole true link is that they water each other's crops!
Game play adds in much random linkage. The NSA do not like this hence the "people you personally know" rule.
[ link to this | view in chronology ]
Remember: most users are outside the US
Americans don't generally give a shit about the rights of foreigners, but those numbers provide important context, both for the legal-technical aspects and for the wider global reactions.
http://www.slate.com/blogs/moneybox/2013/06/07/us_tech_giants_have_many_foreign_custom ers.html
[ link to this | view in chronology ]
Re: Remember: most users are outside the US
As you say: 'Americans don't generally give a shit about the rights of foreigners'.
Friends or not.
And then you wonder why the USA is unpopular ?
[ link to this | view in chronology ]
Re: Re: Remember: most users are outside the US
They care about their "special friends": certain governments, certain large multinational corporations. it's just actual people they don't really care about.
[ link to this | view in chronology ]
Re: Remember: most users are outside the US
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
In fact I challenge you to even read it for 1 hour without going to sleep.
But then again, I guess I am just not as paranoid as you are.
[ link to this | view in chronology ]
Re: Re: Re:
(2) Only the paranoid survive.
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
The Fourth Amendment bans unreasonable search and seizures which means that the Government has no right to violate the privacy of your life until you are suspected of committing a crime.
The Government under fear of terrorism, or monsters in the dark, cannot remove these rights. Those who sacrifice privacy to obtain security soon end up with neither.
Also Congress is like a factory churning out new laws all the time in an unstoppable endless stream. No one on this planet can know all the laws totalling millions of pages. It is without question that people violate the laws as part of their daily life.
Just be thankful that the Government has no reason to abuse or to victimise you but that cannot be said for everyone.
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
So, assuming that you have nothing to hide, please share your passwords to all your email, cell phones, IM messaging, etc.
You have nothing to hide.
[ link to this | view in chronology ]
Re:
That may or may not be the case, Either way it does not preclude the presence of some other program which does. Given the penchant for ever more data gathering by corporations and governments it is not surprising that people would suspect this to be the case.
Clearly you can not fall back upon an insistence that one only argue the facts when said facts are not publicly available.
So, your dismissive attitude towards those who might show concern is petty and unjustified.
[ link to this | view in chronology ]
of course
Of course we should. Let's make it so transparent that the people being spied on and investigated get a nice email and perhaps someone comes to their house and knocks on their door, giving them a bundle of flowers with a "you are being monitored because you are a suspected terrorist" card.
Transparency has limits, secrecy exists for a reason.
[ link to this | view in chronology ]
Re: of course
[ link to this | view in chronology ]
Re: Re: of course
[ link to this | view in chronology ]
Re: of course
Whats the point of keeping this a secret?
The important thing now is to make sure that this type of power is not abused and that it can be turned off by the people, if it is.
The US government needs to know they are being watched too.
[ link to this | view in chronology ]
Re: Re: of course
Yes, one would think so.
However, it is important to note that as far as the public is aware, all of the monitoring available did not stop or was not used to stop the Boston incident - which was perpetrated by what could be considered inept amateurs. If said monitoring is incapable of stopping those guys, how can one claim it will stop those who are better at it?
[ link to this | view in chronology ]
What else are they bragging about?
[ link to this | view in chronology ]
America's 'outrage memory span'
[ link to this | view in chronology ]
Re: America's 'outrage memory span'
No need. You're already doing that for him.
At least you admit that he works hard, unlike you.
[ link to this | view in chronology ]
Re: Re: America's 'outrage memory span'
[ link to this | view in chronology ]
Re: Re: Re: America's 'outrage memory span'
[ link to this | view in chronology ]
Re: Re: Re: America's 'outrage memory span'
[ link to this | view in chronology ]
Re: Re: Re: Re: America's 'outrage memory span'
[ link to this | view in chronology ]
Re: America's 'outrage memory span'
[ link to this | view in chronology ]
That doesn't sound like this monitoring is the exception to the rule, rather it IS the rule.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
was PRISM the target of Aurora hack attack?
Chinese hackers who breached Google’s servers several years ago gained access to a sensitive database with years’ worth of information about U.S. surveillance targets, according to current and former government officials.
...whoever was behind the breach was seeking to identify accounts that had been tagged for surveillance by U.S. national security and law enforcement agencies.
'If you want to find out if your agents, if you will, have been discovered, you can try to break into the FBI to find out that way. Presumably that’s difficult. Or you can break into the people that the courts have served paper on and see if you can find it that way. That’s essentially what we think they were trolling for...'
[ link to this | view in chronology ]
Aurora -> PRISM?
Bruce Schneier, chief security technology officer of BT, said that the Google attackers exploited wiretap backdoors mandated by the U.S. government to access the activists' accounts. "In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access," according to Schneier.
[ link to this | view in chronology ]
last post...
However , the attackers also apparently were trying to access the database at Google that shows which of the company’s users are targets of lawful intercept operations.
The warrants issued to conduct that kind of surveillance are issued by the Foreign Intelligence Surveillance Court and are typically secret.
One of the unanswered questions in this operation is whether the surveillance warrant database was the actual target of the attack team or whether they just happened upon it while on Google’s network. It’s unlikely that question will be answered anytime soon,
[ link to this | view in chronology ]
ECHELON anyone?
In this case, they didn't have to pay anything at all. They finally figured it out, just get a court to issue an order and have other people do the dirty work for you and get blamed for it.
[ link to this | view in chronology ]
Re: ECHELON anyone?
[ link to this | view in chronology ]
American assisted snooping
[ link to this | view in chronology ]
Re: American assisted snooping
[ link to this | view in chronology ]
Direct Access To All Servers
[ link to this | view in chronology ]
too much inferred from a non-technical slide
have any of the tech giants commented on whether NSA has access to their certificates?
[ link to this | view in chronology ]
George Orwell's 1984 playing out
It's always about the money; whether it appears in the form of a well-paying job with a government agency - and the benefits that come with it, or huge contract with said government that makes a business owner suddenly stupid-rich. And then, we have the political route to wealth, and the power it can command; which, in turn, creates more money. Even though they creep everywhere, the twisted roots of greed go way deep in the political garden.
Voltaire's quote, "To learn who rules over you, simply find out who you are not allowed to criticize." seems especially poignant in view of the increasing demands by various government officials wanting to quash - viciously, in many cases, any challenge to their actions.
I must be masochistic, because checking out Techdirt always ends up with me talking to the monitor and wondering if there are any honest, morally-incorruptable souls left on Earth.
[ link to this | view in chronology ]
Re: George Orwell's 1984 playing out
[ link to this | view in chronology ]
Point is, this is bad, but national news needs to get people who know what the fuck they are talking about.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
recent story(also if you read this story there was, at least as some point, supposedly a 3rd key - although even the people at Microsoft were apparently unaware of it).
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Double Speak
Include such gems as:
If it wasn't an undisclosed facility to aid data collection, for subsequent mining, why is he upset about the revelations.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Outside the USA
The people of the USA have become so complacent over the past 40 years. You have allowed successive governments strip your constitution to pieces and handed power to a handful of corporations and organizations.
The way patents, copy right and invasion of every bit of privacy, all under the orchestrated national security issues have been allowed to continue unchecked is frighteneing.
The more I read about the USA the more convinced I am that the "Land of the Free" no longer exists and has been replaced by an authoritarian regime.
Emigrate to Australia because at present we seem to be the last real free country left on the planet and we only have seven police forces and one, yes one, security organization.
[ link to this | view in chronology ]
Re: Outside the USA
[ link to this | view in chronology ]
Re: Re: Outside the USA
[ link to this | view in chronology ]
i ate it all
[ link to this | view in chronology ]