Newly Leaked NSA Slides On PRISM Add To Confusion, Rather Than Clear It Up
from the hmmm dept
Over the weekend there were two "big" new leaks from the documents that Ed Snowden took. The first, about US spying on EU embassies we already covered. The second one seemed bigger, but it also might have just made things murkier. It involves the Washington Post releasing four more slides about the PRISM program from that original slide deck that already had 5 of its 41 slides revealed in previous leaks. These slides show a lot more details about PRISM. What's amazing is that I've seen people claiming completely contrary things in looking over these slides: some are insisting it shows that the companies who are "members" of PRISM don't -- as was originally reported -- open up their servers to the NSA. Others insist that the slides actually support that original reporting and show that the companies are lying.First up, here are the slides (sorry visitors from the Defense Department):
Another thing that's not entirely clear: the Washington Post annotations claim that the "FBI DITU," the "Data Intercept Technology Unit" (DITU), is on the premises of the companies listed as a part of PRISM -- but all of the companies have pretty strenuously denied this. And, honestly, from the slides, it's not at all clear that the DITU really is on-premises. Google has said in the past that when it receives a valid FISA court order under the associated program, it uses secure FTP to ship the info to the government. From that, it seems like the "DITU" could just be a government computer somewhere, not on the premises of these companies, and info is uploaded to those servers following valid FISC orders.
Others have focused in on the claims of "real-time surveillance," implying the ability to watch actual key strokes, but the slide in question (the third one above) suggests something slightly different: which is real time notifications for certain trigger events, such as logging into email or sending a message. Now, it does note that other forms of communication are available through the program, but it's not at all clear that's "real time." It's also not at all clear if the "real time" notifications apply to all companies in the program. It's entirely possible that a FISC order might require these companies to let the FBI/NSA know whenever a certain target logged into their email or chat. There are certainly some questions raised there about the appropriateness of that type of program, but it's not clear how much "real time" info is actually being sent.
It's entirely possible that the Washington Post's interpretation of these slides is accurate. It's also entirely possible that the other slides, or additional reporting from WaPo reporters allows them to have more knowledge on these things, and it could be true that the companies in questions are not being fully truthful. However, especially given how it appears that the WaPo's original reporting on PRISM was fairly sloppy, it seems worth reserving judgment until more information comes out.
Of course, if (as the NSA insists) this program is nothing more than these companies responding to valid FISC orders, I don't see why the NSA itself can't be a hell of a lot more transparent about these programs. If there's real oversight over these programs and they're really only used against actual threats (stop laughing...), then nothing revealed so far seems like it should be secret. It just shows how the system works for delivering the information that is legally required. The fact that there's so much secrecy over the program suggests either a stupid overclassification insistence by the NSA, or that there's a hell of a lot beyond this that they don't want to talk about (such as revealing that the program isn't what they claim). That seems like the most likely situation given what's been revealed so far.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: ditu, fbi, leaks, nsa, nsa surveillance, prism, washington post
Reader Comments
Subscribe: RSS
View by: Time | Thread
But I doubt anyone knows exactly what the fuck they are doing anymore beyond scooping up as much as they possibly can.
[ link to this | view in chronology ]
What they are doing
But don't take my word for it. Listen to the most blacked-out of all the NSA whistleblowers, former analyst Russell Tice. He's had a whole string of corporate media appearances cancelled lately, but he goes into some detail in interviews on the Boiling Frogs Show and the Corbett Report.
[ link to this | view in chronology ]
Re: What they are doing
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Why not ask why documents from the same source, are inconsistent with each other ? How dare they support what the companies involved have publicly stated. How dare they show they may (probably) NOT breaking the law!!
It's clear you need an experienced intelligence analysis to analyse this data for you, I believe Snowden is looking for new job. On seconds thoughts you might be looking for someone experienced. Not a low level computer tech.
[ link to this | view in chronology ]
It's taking time
Of course, if (as the NSA insists) this program is nothing more than these companies responding to valid FISC orders, I don't see why the NSA itself can't be a hell of a lot more transparent about these programs.
So you are wondering why groups like the NSA are being secretive ? Really ??
Do you honestly find it odd that the NSA would not be 'transparent' for some reason !! I guess you want to petition to Government to change the name of the Secret service to 'the public service', if that name was not already taken !
I also like how if a company says something publicly that does not fit into your world view, they are lying. And that documents that show something different to your pre-defined biases have not been interpreted correctly. Or if you don't have all the information, you will just make stuff up to fill the gaps.
[ link to this | view in chronology ]
Re: It's taking time
You seem confused. You're trying to say that they're faked, yet your next sentence you accept that they're real and say they're unimportant.
No one but you is questioning that these are actual NSA documents. They are not faked - if they were, then Snowden isn't guilty of doing anything illegal enough to cause a global manhunt and diplomatic fallout between countries. The questioning is that these documents are not internally consistent, nor are they consistent with the information stated publicly by NSA officials or with information from the tech companies. What this means is that there is a desperate need for real oversight and transparency - because the picture as to what communications are being illegally captured is very murky.
[ link to this | view in chronology ]
The first slide
Special FISA Oversight and Processing) SV4
It's one of the two BIG boxes right at the top.
Has anyone wondered what this means ??
Research & Validation NO USPERs
NO US PERs, does anyone know what is particular to the US that would warrant a bit, and in caps a NO as a note ????
I would guess that has something to do with not being allowed to do something to people IN THE US !
There also appears to be quite a large number of Reviews/Validation steps required, does not at all look like a vacuuming up of non-targeted information. It appears to be very selective, with special rules in relation to US Citizens. Does not look like wholesale data gathering at all
[ link to this | view in chronology ]
Re: The first slide
I'll leave it to the solar panel engineer to explain why he isn't worried they aren't spying on him in australia. Since they've made it clear they don't spy on Americans, only foreigners.
[ link to this | view in chronology ]
Re: The first slide
If you read the slide correctly you will see that the NO USERs clause is only invoked at that one step, and not the others. That means EVERYTHING is potentially surveilled but STORED COMMS can only be retrieved after checking for NO USERs.
If the FISA court doesn't care about what it gives warrants for (which appears to be the case) the other levels could quite easily ask for everything in this arrangement.
[ link to this | view in chronology ]
Re: The first slide
That means that anyone who might not want to bother with the upper layers (say, a disgruntled contractor or perhaps a "secret agent", haha) has access to everything.
According to this slide the ONLY thing with any oversight is "Pending stored comms".
[ link to this | view in chronology ]
Re: Re: The first slide
[ link to this | view in chronology ]
Re: The first slide NO USPERs
Simple
NO US Persons !!!!
Oh no, your worst nightmare.
[ link to this | view in chronology ]
Re: Re: The first slide NO USPERs
This is like installing a filter on a urinal to avoid drinking sh1t tainted water.
[ link to this | view in chronology ]
Re: Re: Re: The first slide NO USPERs
Second, you would probably not get too much shit in a urinal, therefore not too much shit tainted water. Unless you do not understand how a toilet works !!
If it was a flow chart, it's position would be irrelevant, at the start or the finish does not make any difference to the process and it's function.
Like it or not (and it's clear you don't) these documents only go towards supporting NSA claims as factual, and only weakens Snowden's position and reliability.
[ link to this | view in chronology ]
Re: Re: Re: Re: The first slide NO USPERs
Maybe it's true. No American has their emails read via the "pending stored comms" branch of this chart. At least until they have been stored for 180 days, then it's open season as an NSL can be used to read these old emails sitting on a server. A very important question to ask is can email content for emails less than 180 days old be read via the "surveillance" branch of this chart. Does the secret interpretation of FISA/FAA allow this?
Additionally, what is meant by "stored comms"? The second new slide describing content type only lists "search" which I assume means browser search terms used by the target. Other content collectable via PRISM (e.g. basic subscriber information)could be collected via a NSL but the chart does not indicate that. I don't see these new slides as being anywhere near supporting NSA claims that no information on Americans is stored via PRISM.
[ link to this | view in chronology ]
Re: The first slide
[ link to this | view in chronology ]
Re: Re: The first slide
You might, but most cannot see it as a problem, most (rightly) simply cant see what you are worried about, what is it you are actually shocked about, it's not like this have been a massive secret, it's been well know for years.
I expect my Government is conducting levels of surveillance, in fact I KNOW they are, it's just I don't care.
Even if they do after great effort find out what type of pizza I ordered last Friday night, I don't think that information will be of great value to them. (unless they decide to buy me a free one!)
Who are you spending your days talking too that you think might draw attention to you ?? your girlfriend ?? (sorry if you don't have one)..
Talk about paranoid.. real tin-hat stuff.
[ link to this | view in chronology ]
Re: The first slide
For evidence: note that "Research & Validate NO USPERs" comes *after* PRINTAURA. Note second slide, PRINTAURA is inside the NSA bubble.
NSA is sucking all the data up wholesale, passing it off to FBI for analysis, before it comes back to NSA. This is because FBI handles domestic stuff.
[ link to this | view in chronology ]
Re: Re: The first slide
That's because without looking at the meta-data they cannot tell, but once they do get that information that box clearly filters out all US Persons.
It's the nature of intelligence gathering, you have to gather more than you need, as you probably do not know what you need until you have it. I know you will find that hard to understand, but if you think about it, it does make sense.
It's the same if a crime is reported to police, they have to start somewhere, so initially everyone is a suspect, they may do considerable investigation on a suspect only to find he is innocent, but they could not determine if he is innocent until first at least assuming he was guilty. They assume all the 'suspects' are (or could be guilty) and by the process of elimination narrow down the search the better suspects and even the guilty person.
But at first you don't know who is guilty of the crime and who is not, you have to get information on all those people and conduct an investigation.
[ link to this | view in chronology ]
Re: Re: Re: The first slide
So the police are compiling a massive database of everyone's communications just on the off chance that something in there would be useful in a criminal investigation someday?
That would be no better than any other government agency doing it.
[ link to this | view in chronology ]
Re: Re: Re: The first slide
That isn't how investigations are started.
I'll refer you to every public statement where a police spokesperson says "We have no suspects at this time."
They say that, not something like "All 7 billion people on the planet are suspects."
[ link to this | view in chronology ]
Re: Re: Re: The first slide
[ link to this | view in chronology ]
Limited hangout now into full "Well, maybe it's okay..."
In fact, regardless whether we can pin down exactly how the spying works, it's by far the most invasive and comprehensive in history. Former East German Stasi marvel at it. And it's only going to get worse.
What's funny is how Mike doesn't embrace this "disruptive" technology, as he did/does with Streetview besides Google's everyday storage of on-line activities and rooting through email. Maybe because sees it intruding into HIS privacy. Pretty soon he'll be into full cranky geezer mode, but at this level: "Get your spy cam outta my bathroom!"
[ link to this | view in chronology ]
Re: Limited hangout now into full "Well, maybe it's okay..."
Until now. What's that obsession with Google? Yea, we already _know_ that they're bad, violating privacy and all that. But - did they hurt you somehow? Someone from Google dumped/beaten/cheated you?
Another possibility is that "out_of_the_blue" is several people, each spewing its own nonsense: "Google is bad", "Rich people are evil", "Internet grifters" and so on. They probably doing it for money.
Also possible, (however less probable) that this guy(s) know(s) Mike personally. So he just post opposite opinion, no matter what is the topic.
[ link to this | view in chronology ]
Re: Re: Limited hangout now into full "Well, maybe it's okay..."
[ link to this | view in chronology ]
Re: Re: Limited hangout now into full "Well, maybe it's okay..."
Either it's a complete wacko, a plant by the Tech-Dirt team since trollings seems to generate some fun in the comments sections, or someone with an insane personal vendetta.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
For example, how did they NOT know about the Boston Bombings? How come it took so long to get the information about the guys? Isn't that what this system is supposed to be for? Why wasn't it used IN AN ACTUAL TERRORIST ATTACK?
Anonymous....how did these guys NOT know about any of this? How was this NOT mentioned in any of the 'break-ins'? or found along the way?
How did any system admin NOT NOTICE this? (I figured it out something was going on a few years back when I had an oddball spam email that took some interesting hops on it's way to us. 2 of those hops were through IP addresses assigned to the DoD...one inside the US and one in England.)
I'm still shocked that there seems to be only 2 pictures of Snowden, in this day an age. It just seems strange to me how controlled this whole story is.
I'm glad I'm almost retirement age. I hate where the IT world has gone. Bastardized it just for a buck. Makes me sick.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
And its all Content not just Meta data
Email, VOIP, videos, images.
ie its everything.
[ link to this | view in chronology ]
Re: And its all Content not just Meta data
http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1
"As a result of this “expanding array of theater airborne and other sensor networks,” as a 2007 Department of Defense report puts it, the Pentagon is attempting to expand its worldwide communications network, known as the Global Information Grid, to handle yottabytes (1024 bytes) of data. (A yottabyte is a septillion bytes—so large that no one has yet coined a term for the next higher magnitude.)"
Or to put it another way:
One yottabyte is 100TB of data for each man, woman and child on the planet.
Anyone really thinks all this storage capacity is needed for 'meta data'?
In the leaked paper it says that the NSA are collecting VOIP, pictures, video etc, on a massive scale. The size of their new storage facility suggests this to be absolutely correct.
[ link to this | view in chronology ]
Re: And its all Content not just Meta data
Unfortunately, you're confusing the two different programs that have been leaked. PRISM was NEVER about "just metadata" and no one ever claimed it. The Section 215 "business records" program -- from companies like Verizon and AT&T -- is the "just metadata" program.
Everyone's admitted from the beginning that PRISM was about actual contents, just subject to FISC review.
I think this is almost part of the problem of having so many of these things leak at once. It's easy to confuse the different programs.
[ link to this | view in chronology ]
Re: Re: And its all Content not just Meta data
[ link to this | view in chronology ]
Re: And its all Content not just Meta data
[ link to this | view in chronology ]
Nobody wants to watch you skype to your grandmother as it happens in real-time while she struggles to form words without her teeth popping out, there's no manpower for that.
one you enter the system for whatever reason, they'll pullup everything they have stored and then start sifting.
[ link to this | view in chronology ]
Re: DITU "on premises"
The "room" where a DITU may be located could have its own secure entrance that only cleared personnel can enter (from ouside; never "entering" the company bldg); and both the company and the NSA probably consider that entry and connected "room" to be "outside" of the company.
Thus both sides may be telling the "truth" about it (i.e.; the least untruthful response).
[ link to this | view in chronology ]
Re: Re: DITU "on premises"
[ link to this | view in chronology ]
Apple is special?
P1 = Microsoft
P2 = Yahoo
P3 = Google
.
.
.
P8 = AOL
PA = Apple
Wait, 'PA'? Why why why is it not 'P9'? Did someone at the NSA say 'Oh, well Apple is clearly more memorable than Microsoft (PM?) or Google (PG?)' Or maybe Apple demanded that their brand identity not be reduced to a NUMBER in return for their assistance?
[ link to this | view in chronology ]
Re: Apple is special?
It is likely that there was already a P9, which was removed because it was no longer relevant or went out of business. This looks like normal programming code when it comes to a list of variables with small and obfuscated variable names (and one that programmers who actually work in the business actually try to avoid, because it is extremely difficult to keep them all in your head and troubleshoot later.)
Being government, and a bureaucracy, they choose a very small field to contain all possible values, and then when one value is no longer necessary, they drop it without resorting the list.
[ link to this | view in chronology ]
Re: Apple is special?
Expect the next provider to join PRISM to be PB, the next PC, etc. B = 11, C = 12.
[ link to this | view in chronology ]
Dont care, This is to hard to do it properly
Doing this FROM a remote location that is NOT an intersection of server groups, is MONSTROUS.
It would take a Dedicated LOCAL box watching xx servers at a time, looking for readable text(how many languages?), Voice(how many Languages?), Raw data??, encrypted data?..
I could see them doing SCANS of random data, having is shunted to the BASE/main servers, but Still its alot of data.
I have to suggest that Im from the OLD SCHOOL, where many things had to be Manually done, even on the internet.
AND DOS is an alternative even NOW.
Many people here, i dont think, have much knowledge of the Fun tricks that can be done on the net.(this AINT WINDOWS type of world) Your computer can communicate on over 65000 channels, and MANY MANY more ports for input output threw the net.
For all the data that CAN be sent from 1 computer, to Scan each port going threw a server system, to 'sample' the data, and Diagnose/tag/decrypt the data to place a value on it, and SEND out remotely to another system to be evaluated. Even looking for specific anomalies..
Example:
Patient: iv got a cough..
Doctor: Starts at the toes and scans the WHOLE BODY to find the cough.
Unless you have an IDEA of where to look, you wont start in the right area.
[ link to this | view in chronology ]
A Better Infographic
http://apps.washingtonpost.com/g/page/national/inner-workings-of-a-top-secret-spy-program /282/
I think its a much better interpretation and picture of whats going on. I think the reason the big companies have come out and said "there are no NSA computers in our data centers" is because there are FBI computers instead.
[ link to this | view in chronology ]
WP gives a bit more info on secret codenames
The systems identified as FALLOUT and CONVEYANCE appear to be a final layer of filtering to reduce the intake of information about Americans.
[ link to this | view in chronology ]
Re: WP gives a bit more info on secret codenames
What I believe PRINTAURA means comes from S3532. this is a section of USC. 44 which deals with public printing and documents that are created by the government. Section 3532 deals with definitions relating to security. I believe Printaura is a device or step that effects security details such as authentication. What is not clear is if this only applies to those who access PRISM to control the targets and filters or it also applies to protecting the collection data stream as it is directed to the NSA cloud.
[ link to this | view in chronology ]
This is like a contingent clause in a real estate contract that looks real small, but keeps nagging until you get to closing, and then it blows up sky high.
[ link to this | view in chronology ]
number of active targets
It would make sense that the 117,675 "records" in PRISM refers to cases that are assigned "case notations" as described in the previous slide. My reading of this is that for a particular target, whether that is just an individual, a group, or individuals with "connections" to the stated target out to 2 degrees of separation (which is apparently the standard for terrorism investigations), there is a case number generated for each data source (i.e. Yahoo, Facebook etc.) for a specific calendar year. A new case number would have to be generated for each year the target is being actively monitored.
Active entries is certainly a misnomer. A target may no longer be actively monitored but it would not make sense to delete existing information from the PRISM database based on that. I suppose the NSA/CIA/FBI might agree to delete information about a particular target that they no longer considered suspicious. I would expect that deletion rate to match that of removing individuals from the "No Fly List".
Note that the maximum number of records/per source/per year is 10 million. They would obviously over provision that so the maximum would never be reached, but still, that's a disturbingly large number.
[ link to this | view in chronology ]
Re: number of active targets
PRISM records may simply be - a description of the surveillance target, both general target and the specific person involved.
- Specifies a particular source (e.g. Google).
- specifies the list of services being monitored (i.e. content type).
- Specifies the database(s) the collected information will end up in (i.e. CIA/FBI/NSA). Additionally, for the NSA, at least, there are separate storage databases for metadata, voice content, and videos.
- May specify the legal justification for monitoring the target.
- Specifies the year in which monitoring started.
The final slide appears to be of a web page that instructs personnel in how to use PRISM. The reader is warned to seek help if the current number of active entries is much less than the number of active entries as of April 5, 2013 (117,675). That may mean active cases are not retired very often, but it depends how often this instructional web page is updated.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]