Google et al allows PRISM watchdog
By Christopher Mims From Quartz
Google, Facebook, Microsoft, others allegedly allow the US government to “watch your ideas form as you type”
The Washington Post is reporting that a ”horrified” career intelligence office has provided slides detailing a secret US government spying program in which the US National Security Agency (NSA) and the FBI allegedly have direct access to the servers of Microsoft, Yahoo, Google, Facebook, AOL, Skype, YouTube and Apple. (Update: NBC says it has confirmed PRISM’s existence with anonymous sources, but “a government official says it is a data collection program rather than a data mining program.” Which may be so, though if one collects data, one can always mine it afterwards at one’s leisure.)
Here are the alleged details, as reported so far by the Post and the Guardian:
One in seven NSA reports are using data gathered from the system, called PRISM
Data from the PRISM program appeared in 1,477 articles in President Obama’s daily brief in 2012
Data is apparently piped directly from the servers of Google, Yahoo, etc. to NSA systems, where it is filtered for “foreignness.” User accounts where security analysts have at least 51% confidence in a target’s “foreignness” may be examined.
The filter for “foreignness” is imperfect, so data from many US citizens is also examined by intelligence analysts, but, according to one government presentation slide provided to the Post, “it’s nothing to worry about.”
Without referring to PRISM specifically, Google in a statement appeared to deny involvement. The company said “From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a ‘back door’ for the government to access private user data.” (Update: Google has since provided a more specific denial.)
Facebook has also denied involvement, telling The Next Web that “We do not provide any government organization with direct access to Facebook servers. When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.”
Apple has denied involvement as well, telling CNBC that “We have never heard of PRISM. We do not provide any government agency with direct access to our servers.”
Microsoft also appeared to deny involvement, in a statement that said, “We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers.”
Update: Yahoo has added itself to the list of companies denying involvement, telling the Guardian, “Yahoo! takes users’ privacy very seriously. We do not provide the government with direct access to our servers, systems, or network.” Some have wondered about the remarkably similar wording in Facebook’s, Apple’s and now Yahoo’s statements.
Update: Dropbox, which was alleged to be “coming soon” into PRISM, also says it is “not part of any such program.”
The report alleges that NSA can access Google services including Gmail, voice and video chat, files stored on Google Drive and photos. Search terms can be monitored in real time.
Everyone in a suspected terrorist’s email inbox or outbox is effectively swept in with the data gathered on a target
Microsoft was the first corporate partner of the spying program, beginning in May 2007.
For unknown reasons and by unknown means, Apple held out for five years after Microsoft joined the program, but is now a part of it. Twitter doesn’t appear to be part of it, according to the documents.
Growth in use of data from the PRISM program by analysts has been “exponential.”
“They quite literally can watch your ideas form as you type,” the anonymous intelligence officer told the Post.
See some of the government slides about the program leaked to the Post at http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/
For more on the story go to:
http://qz.com/91909/nsa-fbi-secret-surveillance-google-facebook-microsoft-yahoo-aol-and-skype/
Related story:
Through a PRISM, darkly: Tech World’s $20 Million nightmare
By Chris Taylor, Mashable
This post reflects the opinions of the author and not necessarily those of Mashable as a publication.
If you’re still not feeling queasy after reading Thursday’s revelations about the National Security Agency tapping Internet records, you’re probably not paying close enough attention.
In short: a leaked intelligence presentation, verified by multiple major news sources, claimed to reveal the existence of an NSA program called PRISM. This program allegedly lets the NSA tap in to the servers of major Internet organizations, possibly at will.
The names of those organizations include Facebook, Google, Apple, Microsoft, Yahoo, YouTube and Skype. It’s a who’s who of popular, often beloved tech services. Who among us does not have one of these company’s web pages open on their browser right now, or carry one of their devices in your pocket?
Nearly all of those companies quickly denied knowledge of PRISM Thursday. But it was interesting that they all did so in pretty much the same way — denying that there is any kind of NSA “direct access” to their company’s servers (leaving the door open to some form of warrantless indirect access), then pointing out that they comply with the law.
If PRISM exists, it is almost certainly perfectly legal under the Patriot Act and similar legislation. Take this little piece of light reading, the amended foreign intelligence surveillance Act of 2008 [PDF]. Skip forward to section 702. It has a very interesting section about compensating tech companies for their troubles. The annual budget of the PRISM program is $20 million; we don’t know where that is supposed to be going.
Indeed, the “how” of PRISM is still murky; there’s only so much you can glean from a bad Powerpoint. (And it is a pretty appalling example of the form, complete with borrowed clip art.) But put it together with other metadata tools and wiretapping powers the NSA has acquired over the last decade. Something that used to sound like a conspiracy theory has become an open secret: the NSA is potentially aware of your Internet activity right now.
No doubt whatever snooping is taking place is being done in a very safe, anonymized way. They’re looking for metadata, or for certain behavioral characteristics that denote terrorist activity, right? Emails to known potential bad guys abroad in quick succession, that sort of thing.
The Director of National Intelligence has insisted that the leak reports were “full of inaccuracies”, without denying the accuracy of the leaked document itself; he was also careful to point out was that American citizens were not “targeted.” But here’s the rub: at the level of anonymized metadata, how are you supposed to distinguish between citizens and non-citizens? On the Internet, we’re all 1s and 0s.
“Procedures,” said the DNI dryly, “minimize the acquisition, retention and dissemination of incidentally acquired information about U.S. persons.”
Your comfort level, then, largely depends on how much you trust America’s most secretive intelligence-gathering apparatus, and what exactly you imagine they’re up to. By dint of what the NSA is, it doesn’t ever talk about what it does, so your mileage may vary. The NSA’s $8 billion-a-year budget dwarves that of other intelligence agencies. So we like to hope it’s on our side, whatever side we imagine that to be.
True, the alleged $20 million cost of PRISM is a drop in the NSA bucket. But that’s still $20 million spent creating an Orwellian metadata monitoring service that could go to giving us jobs or education or research or, you know, roads.
Tear Down This Prism
The “how” is murky; the “what now” is not. If PRISM or something like it exists, it’s because we stood by and watched it assemble itself. That is, we in the tech community and we in the U.S. as a whole. If you disagree with it, if you think it an overreach, if you think enough is enough, PRISM or no PRISM, then you have to demand change from Congress.
And changing laws as entrenched as these — passed with bipartisan support — will require you to get SOPA mad, Occupy Wall Street mad, Tea Party mad, Howard Beale mad. Labels hardly matter on an issue of this magnitude. Let your democratic representatives hear, and fear, your voice.
When you’ve done that, by all means keep the conversation going on Twitter, where it has been buzzing nonstop all evening. Not only will that help keep the issue front and center, it also supports a company that — so far as we know — is not embroiled in this security state apparatus.
Depending on how you feel about boycotts and your confidence level in this report, you might want to swap your Apple or Android device for one by BlackBerry, another company not implicated in PRISM.
Either way, that queasy feeling is probably a good thing. If this kind of activity is out in the open, if the NSA is leaking for what is really the first time, then there are some on the inside who feel the same way. And we can start to have a great national debate about what it means, whether it is necessary, and when — if ever — we should start reining it in.
Image via iStockphoto, BrianAJackson
For more on this story go to:
AND
INTELLIGENCE CHIEF: WaPo And Guardian Reports On ‘PRISM’ Program Have ‘Numerous Inaccuracies’
By Brett LoGiurato From Business Insider
PHOTO: James Clapper intelligence NSA
The Director of National Intelligence defended the Obama administration from reports that the National Security Agency mined data from major Internet companies, releasing a statement saying it is necessary for national security interests and does not target U.S. citizens.
James Clapper said that the intelligence collected in the program is “among the most important and valuable foreign intelligence information we collect.” He was responding to reports in The Guardian and The Washington Post detailing the program, which until now had been secret.
The program, dubbed “PRISM,” was revealed by a whistleblower who was reportedly “horrified” at its capabilities.
Here’s Clapper’s full statement:
The Guardian and The Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. They contain numerous inaccuracies.
Section 702 is a provision of FISA that is designed to facilitate the acquisition of foreign intelligence information concerning non-U.S. persons located outside the United States. It cannot be used to intentionally target any U.S. citizen, any other U.S. person, or anyone located within the United States.
Activities authorized by Section 702 are subject to oversight by the Foreign Intelligence Surveillance Court, the Executive Branch, and Congress. They involve extensive procedures, specifically approved by the court, to ensure that only non-U.S. persons outside the U.S. are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about U.S. persons.
Section 702 was recently reauthorized by Congress after extensive hearings and debate.
Information collected under this program is among the most important and valuable foreign intelligence information we collect, and is used to protect our nation from a wide variety of threats.
The unauthorized disclosure of information about this important and entirely legal program is reprehensible and risks important protections for the security of Americans.
For more on this story go to:
