Wow. Nothing is sacred. The Washington Post has discovered that the US’ National Security Agency and the FBI have teamed up to tap into the servers of nine US tech companies—Microsoft, Google, Facebook, Apple, you name it—and have extracted e-mails, photographs, audio, video, documents and connection logs. They basically have free reign to take whatever they want. And they’ve been doing it since 2007.
The classified program is called PRISM and it’s absolutely scary how much reach the NSA and FBI have. The companies who are within PRISM’s grasp is basically everyone who’s ever did anything in technology: Microsoft, Yahoo, Google, Facebook, AOL, Skype, YouTube, PalTalk and Apple. (PalTalk has been used in the Syrian civil war.)
How does PRISM work? It’s terrifying, actually. The Washington Post reports that analysts who use PRISM first key in on ‘selectors’ (search terms) that are designed to produce at least 51 per cent confidence in a target’s ‘foreignness’. That’s it, just 51 per cent. And after that they can start collecting data.
And what PRISM can pry from these companies is just ridiculous. It can basically watch your every movement on the Internet. For Facebook, PRISM can obtain full access to Facebook’s “extensive search and surveillance capabilities against the variety of online social networking services”. For Skype, PRISM can take “audio, video, chat and file transfers”. For Google, PRISM can peek in on “Gmail, voice and video chat, Google Drive files, photo libraries, and live surveillance of search terms.” They basically see what you see as you type it.
According to the Guardian, Microsoft first signed up with PRISM back in 2007. Yahoo came around in 2008. Google, Facebook and PalTalk in 2009; YouTube in 2010 and Skype and AOL in 2011. Apple rounded out the nine in 2012. Twitter is a notable holdout. But those nine companies represent pretty much all of the Internet, from search to email to video to any sort of communication.
To be fair, the companies are in a tough spot to be in. If the companies don’t comply with PRISM, they can be sued. If they do comply, they can charge the government for their services. It’s pretty obvious what most companies would do at that point, right? (Hint: comply.) What’s fascinating though is how companies like Twitter (and Apple for five years) have managed to hold out from PRISM. If it’s possible to hold out, then why sell out its users? [Washington Post]
Update: Apple denies it.
Update: So PRISM totally exists. James Clapper, the Director of National Intelligence, basically confirmed the Washington Post and Guardian report about how the NSA can pry data from Apple, Facebook, Google and whoever else.
“The Guardian and The Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. They contain numerous inaccuracies.
Section 702 is a provision of FISA that is designed to facilitate the acquisition of foreign intelligence information concerning non-U.S. persons located outside the United States. It cannot be used to intentionally target any U.S. citizen, any other U.S. person, or anyone located within the United States.
Activities authorized by Section 702 are subject to oversight by the Foreign Intelligence Surveillance Court, the Executive Branch, and Congress. They involve extensive procedures, specifically approved by the court, to ensure that only non-U.S. persons outside the U.S. are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about U.S. persons.
Section 702 was recently reauthorized by Congress after extensive hearings and debate.
Information collected under this program is among the most important and valuable foreign intelligence information we collect, and is used to protect our nation from a wide variety of threats.
The unauthorized disclosure of information about this important and entirely legal program is reprehensible and risks important protections for the security of Americans.”
Okay. Translation: hey, we’re doing this because it’s all totally legal! And that there are a lot of procedures to get stuff like this done so don’t worry! And it’s all a secret! And that revealing that we’ve had access to data from bigwig Internet companies is an awful thing to do! Basically, trust us to keep you safe even if it means we’re completely untrustworthy. Ha. [DNI.gov via SFGate, Image Credit: Guardian]
Updated: Perhaps understandably, the likes of Facebook, Apple, Google, Yahoo, Microsoft et al are all flatly denying allegations that they allow the NSA direct access to their servers. Importantly, that’s not the same as not sharing data with them.
- _
- / \ _ __ ___ _ __ _ _ _ __ ___ ___ _ _ ___
- / _ \ | ‘_ \ / _ \| ‘_ \| | | | ‘_ ` _ \ / _ \| | | / __|
- / ___ \| | | | (_) | | | | |_| | | | | | | (_) | |_| \__ \
- /_/ \_\_| |_|\___/|_| |_|\__, |_| |_| |_|\___/ \__,_|___/
- |___/
- Greetings Netizens, and Citizens of the world.
10. Anonymous has obtained some documents that “they” do not want you to see, and much to “their” chagrin, we have found them, and are giving them to you.
11. These documents prove that the NSA is spying on you, and not just Americans. They are spying on the citizens of over 35 different countries.
12. These documents contain information on the companies involved in GiG, and Prism.
13. Whats GiG you might ask? well…
- 14.
- 15. The GIG will enable the secure, agile, robust, dependable, interoperable data sharing environment for the Department where warfighter, business, and intelligence users share knowledge on a global network that facilitates information superiority, accelerates decision-making, effective operations, and Net-Centric transformation.
- 16.
17. Like we said, this is happening in over 35 countries, and done in cooperation with private businesses, and intelligence partners world wide.
18. We bring this to you, So that you know just how little rights you have. Your privacy and freedoms are slowly being taken from you, in closed door meetings, in laws buried in
19. bills, and by people who are supposed to be protecting you.
- 20.
21. Download these documents, share them, mirror them, don’t allow them to make them disappear. Spread them wide and far. Let these people know, that we will not be silenced, that we will not be taken advantage of, and that we are not happy about this unwarranted, unnecessary, unethical spying of our private lives, for the monetary gain of the 1%.
- 22.
23. And now, the candy: http://thedocs.hostzi.com/
- 24.
25. Mirrors:
26. http://t.co/XVlZQ53Zhp
27. http://t.co/JYUHrhi3Ue
28. http://t.co/qR9PRzySbq
29. http://t.co/yGw2sP976W
30. http://t.co/MrmBj4kma5
- 31.
32. We are Anonymous
33. We do not forgive
34. We do not forget
35. and by now,
36. You should expect us
336,220g599L
What Is PRISM?
Last night, the Washington Post and Guardian dropped concurrent bombshell reports. Their subject was PRISM, a covert collaboration between the NSA, FBI, and nearly every tech company you rely on daily. PRISM has allowed the government unprecedented access to your personal information for at least the last six years. But what is it, exactly?
PRISM is a secret government program…
As much as PRISM might sound like a comic book antagonist of S.H.I.E.L.D., it’s the codename for a very real US government program. According to leaked documents, it went into effect in 2007, and has only gained momentum since. Its stated purpose is to monitor potentially valuable foreign communications that might pass through US servers, but it appears that in practice its scope was far greater.
SEXPAND
PRISM information, according to the Post, accounts for nearly 1 in 7 intelligence reports. That’s staggering.
…that gives the NSA unprecedented access to the servers of major tech companies…
Microsoft. Yahoo. Google. Facebook. PalTalk. AOL. Skype. YouTube. Apple. If you’ve interacted with any of those companies in the last six years, that information is vulnerable under PRISM. But how?
The initial reports from last night suggested that the process works as follows: The companies mentioned above (and who knows how many others) receive a directive from the attorney general and the director of national intelligence. They hand over access to their servers—and the tremendous wealth of data and communiques that passes through them every day—to the FBI’s Data Intercept Technology Unit, which in turn relays it to the NSA.
And that’s when things get interesting.
…which may or may not be “direct”…
Much has been made over the phrase “direct access;” most of the implicated tech companies vehemently deny providing it, and the government denies asking for it. TheNew York Times, though, reports that while access may not technically be “direct,” the secure portals companies like Google and Facebook were going to build for the NSA amounted to as much. Moreover, a PRISMpowerpoint slide released by the Guardian after its initial report clearly states that “direct access” is a part of the program.
However you want to parse it, there seems to be very little doubt that all of this is happening, and to an unfathomable degree.
…so that the agency can spy on unwitting US citizens…
It seems impossible that the NSA, an agency which by law is only allowed to monitor foreign communications, has so much access to domestic information. And yet!
There are, as you might expect, filters in place to help handle the fire hose of data that comes through daily, the trillions of bits and bytes that make up our online identities and lives. Something to ensure that only the bad guys are being tracked and not honest, everyday citizens. Actually, there’s one filter, and it’s ridiculous: an NSA analyst has to have “51 percent” confidence that a subject is “foreign.” After that, it’s carte blanche.
That’s it. That’s the only filter. And it’s an ineffective one, at that; the PowerPoint slides published by the post acknowledge that domestic citizens get caught in the web, but that it’s “nothing to worry about.”
…with terrifying granularity…
It’s something to worry about.
What’s most troubling about PRISM isn’t that it collects data. It’s the type of data it collects. According to the Washington Post report, that includes:
…audio and video chats, photographs, e-mails, documents, and connection logs… [Skype] can be monitored for audio when one end of the call is a conventional telephone, and for any combination of “audio, video, chat, and file transfers” when Skype users connect by computer alone. Google’s offerings include Gmail, voice and video chat, Google Drive files, photo libraries, and live surveillance of search terms.
Did you get all that? Similar depth of access applies to Facebook, Microsoft, and the rest. Just to be clear: this covers practically anything you’ve ever done online, up to and including Google searches as you type them.
…which is both different from and more aggressive than the Verizon scandal…
The news of PRISM broke soon after a separate report, about the NSA’s having access to Verizon customer—and, according to an NBC report, everyone else’s—phone logs. Surprisingly enough, this is a totally different program! And PRISM makes the Verizon thing look like an ACLU company picnic by comparison.
When the NSA monitors phone records, it reportedly only collects the metadata therein. That includes to and from whom the calls were made, where the calls came from, and other generalized info. Importantly, as far as we know, the actual content of the calls was off-limits.
By contrast, PRISM apparently allows full access not just to the fact that an email or chat was sent, but also the contents of those emails and chats. According to the Washington Post’s source, they can “literally watch you as you type.” They could be doing it right now.
…and has the full (but contested) cooperation of tech giants…
PRISM’s first corporate partner was allegedly Microsoft, which according to the Post and Guardian signed on back in 2007. Other companies slowly joined, with Apple being the most recent enlistee. Twitter, it seems, has not complied.
But why would all of these companies agree to this? Mostly because they have no choice. Failure to hand over server data leaves them subject to a government lawsuit, which can be expensive and incredibly harmful in less quantifiable ways. Besides, they receive compensation for their services; they’re not doing this out of charity. There is incentive to play ball.
Here’s where things get a little complicated, though. Apple, Microsoft, Yahoo, and Google have all given full-throated denials of any involvement whatsoever. Most of them aren’t just PR syntactical trickery, either; they are unequivocal.
…and which is, shockingly enough, totally legal.
What’s most horrifying about PRISM might be that there’s nothing technically illegal about it. The government has had this authority for years, and there’s no sign that it’s going to be revoked any time soon.
A little bit of history might be helpful for context. Back in 2007, mounting public pressure forced the Bush administration to abandon the warrantless surveillance program it had initiated in 2001. Well, abandon might be too strong a word. What the administration actually did was to find it a new home.
The Protect America Act of 2007 made it possible for targets to be electronically surveilled without a warrant if they were “reasonably believed” to be foreign. That’s where that 51% comes in. It was followed by the 2008 FISA Amendments Act, which immunized companies from legal harm for handing information over to the government. And that’s the one-two punch that gives PRISM full legal standing.
All of which is to say that PRISM is an awful violation of rights, but it’s one that’s not going to disappear any time soon. The government, including President Obama, is so far completely unapologetic. And why wouldn’t they be? It’s easy enough to follow the letter of the law when you’re the one writing it.