« | »

US Searches Data From Top Internet Companies

From the Washington Post:

Documents: U.S. mining data from 9 leading Internet firms; companies deny knowledge

By Barton Gellman and Laura Poitras | June 6, 2013

The National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track foreign targets, according to a top-secret document obtained by The Washington Post.

"Tapping directly into central servers"? What does that even mean?

The program, code-named PRISM, has not been made public until now. It may be the first of its kind. The NSA prides itself on stealing secrets and breaking codes, and it is accustomed to corporate partnerships that help it divert data traffic or sidestep barriers. But there has never been a Google or Facebook before, and it is unlikely that there are richer troves of valuable intelligence than the ones in Silicon Valley.

Equally unusual is the way the NSA extracts what it wants, according to the document: “Collection directly from the servers of these U.S. Service Providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.”

Again, it’s not quite clear what "collection directly from the servers means."

PRISM was launched from the ashes of President George W. Bush’s secret program of warrantless domestic surveillance in 2007, after news media disclosures, lawsuits and the Foreign Intelligence Surveillance Court forced the president to look for new authority…

Ah so. It’s Bush’s fault.

Congress obliged with the Protect America Act in 2007 and the FISA Amendments Act of 2008, which immunized private companies that cooperated voluntarily with U.S. intelligence collection. PRISM recruited its first partner, Microsoft, and began six years of rapidly growing data collection beneath the surface of a roiling national debate on surveillance and privacy…

The court-approved program is focused on foreign communications traffic, which often flows through U.S. servers even when sent from one overseas location to another. Between 2004 and 2007, Bush administration lawyers persuaded federal FISA judges to issue surveillance orders in a fundamentally new form. Until then the government had to show probable cause that a particular “target” and “facility” were both connected to terrorism or espionage.

In four new orders, which remain classified, the court defined massive data sets as “facilities” and agreed to certify periodically that the government had reasonable procedures in place to minimize collection of “U.S. persons” data without a warrant.

In a statement issue late Thursday, Director of National Intelligence James R. Clapper said “information collected under this program is among the most important and valuable foreign intelligence information we collect, and is used to protect our nation from a wide variety of threats. The unauthorized disclosure of information about this important and entirely legal program is reprehensible and risks important protections for the security of Americans.”

Clapper added that there were numerous inaccuracies in reports about PRISM by The Post and the Guardian newspaper, but he did not specify any…

We actually think Mr. Clapper is right in this instance.

Several companies contacted by The Post said they had no knowledge of the program, did not allow direct government access to their servers and asserted that they responded only to targeted requests for information.

"We do not provide any government organization with direct access to Facebook servers,” said Joe Sullivan, chief security officer for Facebook. “When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.”

“We have never heard of PRISM,” said Steve Dowling, a spokesman for Apple. “We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.”

It is possible that the conflict between the PRISM slides and the company spokesmen is the result of imprecision on the part of the NSA author. In another classified report obtained by The Post, the arrangement is described as allowing “collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,” rather than directly to company servers…

We actually suspect this is the case. The ‘slides’ that the Post is talking about here are just using ‘short hand’ to try to fit their points on the slide.

An internal presentation of 41 briefing slides on PRISM, dated April 2013 and intended for senior analysts in the NSA’s Signals Intelligence Directorate, described the new tool as the most prolific contributor to the President’s Daily Brief, which cited PRISM data in 1,477 items last year…

Which Obama ignores anyway. So why bother?

PRISM is an heir, in one sense, to a history of intelligence alliances with as many as 100 trusted U.S. companies since the 1970s. The NSA calls these Special Source Operations, and PRISM falls under that rubric…

The Obama administration points to ongoing safeguards in the form of “extensive procedures, specifically approved by the court, to ensure that only non-U.S. persons outside the U.S. are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about U.S. persons.”

And it is true that the PRISM program is not a dragnet, exactly. From inside a company’s data stream the NSA is capable of pulling out anything it likes, but under current rules the agency does not try to collect it all.

Analysts who use the system from a Web portal at Fort Meade, Md., key in “selectors,” or search terms, that are designed to produce at least 51 percent confidence in a target’s “foreignness.” That is not a very stringent test. Training materials obtained by The Post instruct new analysts to make quarterly reports of any accidental collection of U.S. content, but add that “it’s nothing to worry about.”

Even when the system works just as advertised, with no American singled out for targeting, the NSA routinely collects a great deal of American content. That is described as “incidental,” and it is inherent in contact chaining, one of the basic tools of the trade. To collect on a suspected spy or foreign terrorist means, at minimum, that everyone in the suspect’s inbox or outbox is swept in. Intelligence analysts are typically taught to chain through contacts two “hops” out from their target, which increases “incidental collection” exponentially

For the record, the Post even tells us about the heroic soul who leaked this information, in the final paragraph of their article:

Firsthand experience with these systems, and horror at their capabilities, is what drove a career intelligence officer to provide PowerPoint slides about PRISM and supporting materials to The Washington Post in order to expose what he believes to be a gross intrusion on privacy. “They quite literally can watch your ideas form as you type,” the officer said.

The overblown paranoia of that last sentence should give you some idea of what kind of person this ‘officer’ is.

This article was posted by Steve Gilbert on Friday, June 7th, 2013. Comments are currently closed.

5 Responses to “US Searches Data From Top Internet Companies”

  1. U.S. President Barack Obama gives the commencement address to the graduating class of The Ohio State University at Ohio Stadium on May 5, 2013 in Columbus, Ohio

    “Unfortunately, you’ve grown up hearing voices that incessantly warn of government as nothing more than some separate, sinister entity that’s at the root of all our problems. Some of these same voices also do their best to gum up the works. They’ll warn that tyranny always lurking just around the corner. You should reject these voices. Because what they suggest is that our brave, and creative, and unique experiment in self-rule is somehow just a sham with which we can’t be trusted.”

    Well, bubba, guess what?

    • Rusty Shackleford

      What’s curious is the circular logic that this twit uses. I mean, for crying out loud, the founders of the nation KNEW that government becomes the enemy when they are uncontrolled and unaccounted for.

      Yet, then he uses the line, “that our brave, and creative, and unique experiment in self-rule” without considering what he’s done to it. It’s not the peple that have done this, moron. It was you.

      The obvious indication from him being that government must be allowed to do what government does.

      No and….NO!

      He pretty much laid out his (once again) straw-man argument by throwing out, “You hear some folks sayin’ ” and such but although he may think he has his fingers on his opposition’s position on things, he’s mentally depraved enough to ignore the logic in the arguments that follow his supposed straw-man statements.

      Maybe there’s a reason why “some folks’ sayin’ ” there Barry. But we’ve been onto you for some time now where you pick apart a small piece of an argument such as its premise and then ignore the logical conclusion.

      In other words, you’re a bullshitter. Apparently this “skill” that you learned someplace in the dorm rooms of wherever you went to school was a fun enough hobby that you utilized it to be an antagonist to people you thought needed to be bothered. You still do it and you cannot change.

      You’re not very bright or even clever. You’re an angry little boy who wants to one-up everyone in the room and then also put gum on everyone’s shoe. It’s how you derive satisfaction. Never BUILDING anything; Only tearing things down.

      I can’t wait til we can tell you to shove off.

  2. canary

    The Democrats paid yahoo with 24/7 presidential add campaigns and biased news to get Obama re-elected. And I knew their complaining to people who signed up for new Google for cookies made no sense and now one is to believe that was fixed?

  3. Curiosity

    I don’t believe the analyst is paranoid. Rather, I suspect the officer’s statement on “watching ideas form as you type” is dead-on, though I imagine it’s hard for an operator to monitor more than a handful of people at a time. Google has been doing this for a while, and I know that places like Carnegie Mellon have been working on non-keyboard typed idea formation tracking for decades, which only requires access to a webcam (so it can do eye tracking)… any computer with a webcam that isn’t covered at all times except when in use can be collecting image data. I’ve also heard of companies claiming to use webcam-based emotion recognition to get feedback on customer experience during use of their products.

  4. yadayada

    then barry boy has a summit with Chinese diplomat to discuss cyber-spying. so chilling it makes my bones ach. I’m sure he’s getting pointers on how to it better.
    he tries to convince the low infos that he’s trying to prevent cyber war with the chi-coms. hey barry, if you don’t want the Chinese to infiltrate our data don’t buy tech gear made in china where they design it to be accessed by Chinese government. oops.




« Front Page | To Top
« | »