More Details On PRISM Revealed; Twitter Deserves Kudos For Refusing To Give In

from the details-details-details dept

Late on Friday, the NY Times released the most detailed explanation to date of the PRISM system that was revealed on Thursday, claiming that nine of the biggest tech and internet companies were working with the NSA to give them “direct access” to servers. The explanation explains how both the original story was substantially true, as were the “denials,” though the denials were (as predicted) a bit of doublespeak. Today, the Guardian revealed another slide from the presentation it has, which clarifies some more details.

Basically, it appears those companies all agreed to make it easier for the NSA to access data that was required to be handed over under an approved FISA Court warrant, and they appear to do this by setting up their own servers where they put that information (and just that information). From the NY Times report:

But instead of adding a back door to their servers, the companies were essentially asked to erect a locked mailbox and give the government the key, people briefed on the negotiations said. Facebook, for instance, built such a system for requesting and sharing the information, they said.

The data shared in these ways, the people said, is shared after company lawyers have reviewed the FISA request according to company practice. It is not sent automatically or in bulk, and the government does not have full access to company servers. Instead, they said, it is a more secure and efficient way to hand over the data.

This is significantly less worrisome than the original Washington Post report, which suggested full real-time access to all servers. That’s not quite what has happened, according to this report. This involves cases where the companies really do need to hand over this information. We can disagree with whether or not the FISA Court should issue these warrants, but at some point there may be information that the companies do need to hand over to the government. As for the Guardian, they published the following slide:

<img src=”” width=560″/>
As you can see, it notes multiple programs where they can get data. The programs on top are the ones such as the NSA servers installed at telcos to collect all traffic running through them, which have been revealed before. The program on the bottom is PRISM, which clearly states: “collection directly from the servers of these U.S. Service Providers,” followed by the already known list. That certainly confirms the “direct access” claim from the original WaPo report, but it could also be true in conjunction with the NY Times report, if you look at it as the companies setting up special servers where they place information they’re ordered to hand over via FISA court orders. The “denials” from the companies are also substantially true, as they mean that the NSA isn’t getting direct access to all their servers, but rather the ones set up for handing over this information.

The real question should be about what information the FISA Court is approving warrants over:

FISA orders can range from inquiries about specific people to a broad sweep for intelligence, like logs of certain search terms, lawyers who work with the orders said. There were 1,856 such requests last year, an increase of 6 percent from the year before.

In one recent instance, the National Security Agency sent an agent to a tech company’s headquarters to monitor a suspect in a cyberattack, a lawyer representing the company said. The agent installed government-developed software on the company’s server and remained at the site for several weeks to download data to an agency laptop.

In other instances, the lawyer said, the agency seeks real-time transmission of data, which companies send digitally.

Note just how broad some of those searches may be. Staying around for weeks to download logs? We’re not talking about narrowly focused searches here.

Of course, what’s now also come out is that, despite Google and Microsoft releasing transparency reports about government requests for data, they don’t include FISA requests because of the gag orders on them. It’s only recently that both Google and Microsoft were able to include “range” numbers for how many national security letter requests they get. One hopes they’re pushing to be transparent on FISA requests as well.

The article makes it clear that Twitter was alone among the companies in refusing to join this program. That does not mean that Twitter does not hand over data to the government when receiving a legitimate FISA order. I’m sure it does. But it does mean that they have not set up a special system to make it easy for the government to just log in and get the data requested. Some people have suggested that the government has little need for Twitter to join the program since nearly all Twitter information is public, but that’s not true. There is still plenty of important information that might be hidden, including IP addresses, email addresses, location information and direct messages that the NSA would likely want. Besides, YouTube is a part of the program, and most of its data is similarly “public.”

This is not, by the way, the first time that we’ve seen Twitter stand up and fight for a user’s rights against a government request for data. Over two years ago, we pointed out that Twitter, alone among tech companies, fought back when a court ordered it to hand over user info. Twitter sought, and eventually got, permission to tell the user, and allow that user to try to fight back. It later came out that, as part of that same investigation, the government also had requested information from Google and, with fighting back and losing. It never became clear whether Google fought back.

Separately, however, Chris Soghoian has noted that an “unnamed company” fought back and lost against a FISA court order… and that, according to the PowerPoint presentation, Google “joined” PRISM just a few months later. It is possible that Google fought joining the program, and then only did so after losing in court. That said, Google’s most recent denial insists that “the government does not have access to Google servers—not directly, or via a back door, or a so-called drop box.” Perhaps they don’t consider a special server set up for lawfully required information a “drop box,” but others certainly might.

In the end, it appears that the initial Washington Post report was overblown in that it suggested direct access to all servers, rather than specific servers, set up to provide information that was required. That said, it is still true that the FISA Court appears to issue a fair number of secret orders for information from a variety of technology companies, some of them quite broad, and that many of the biggest tech companies have set up systems to make it easier to give the NSA/FBI and others access to that info — though, they are often required by law to provide that information. The real outrage remains that all of this is happening in complete secrecy, where there is little real oversight to stop this from being abused. As we noted just a few weeks ago, the FISA Court has become a rubber stamp, rejecting no requests at all in the past two years.

Given the revelations of the past week, the public (and our representatives) need to demand much more transparency and oversight concerning these surveillance programs.

Filed Under: , , , , , , , ,
Companies: aol, apple, dropbox, facebook, google, microsoft, paltalk, skype, twitter, yahoo, youtube

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “More Details On PRISM Revealed; Twitter Deserves Kudos For Refusing To Give In”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: Re: Re: Re:

Thank you, but no thanks. I am perfectly capable of ignoring myself by myself.

What I will do is this:

All my calls will use opportunistic-encryption everywhere.

Retroshare and Jitsi are my new best friends.
GPG on everything, I will encrypt every bit of data that I put online.

Encrypting images, video and audio is priority now.

Anonymous proxies and networks are my new digital home.

Although I can see the value in writing your representative or at the very least, sending him/she automated letters every other day.

It may change something, something at some point if you ever get a sympathetic ear or eyeballs, which is doubtful since congress approved that crap for 7 years without raising an eyebrow.

I am the little guy, I am nobody and I will do what I always did, I will hide and keep out of the radar.

Evade and harass.

People should create their own “echelon” mapping all links politicians have and harass them until the end of times.
That is where writing your representatives could be useful, harassment, polite civil harassment to remind them that we are watching.

Also I am sure that in the cutthroat political environment there will be people more than willing to “leak” damaging stuff from their opponents to the public.

Anonymous Coward says:

Re: Re:

Depends on the details. Only the top of the pyramid has been investigated so far and it is still unclear what exactly is happening since FISA is a conspiracy-topic by its secrecy. What seems to be going down is in broad strokes what the bipartisan politicians want: Massive scale data-analysis on something that may or may not be anonymized data (since anonymized data would make the story a mostly non-issue, I am inclined to believe so) and some targeted searches that for sure isn’t anonymized.

I will wait for the answers about the specifics of how and what before I make a final judgement. No answer inside a reasonable timeframe would be admission of a huge problem, but I do not think that is what will happen in this mess. There are far too many conspiracies flying around for congressmen to just ignore it. The main problem here is secrecy and how much they will be able to keep completely hidden without the case completely exploding.

art guerrilla (profile) says:

Re: Re: Re: Re:

i am waiting for the apology from approx 75-90% of the online population who snidely marginalized those who predicted and postulated on the reality of gummint programs like echelon, magic lantern, prism, etc…
there will be no such apology, said sheeple will find some other form of denial…
these authoritarians are an impediment to revolutionary change…
art guerrilla
aka ann archy

Loki says:

Re: Re: Re:2 Re:

It is doubtful that you will get one given that most people who marginalized it then continue to do so now regardless of how much information comes out about the subject. If facebook is any indication they are all still busily posting cat and dog photos, funny or inspirational memes, or playing Zynga games.

Besides, doing so keeps them safe, even if some of them don’t realize it. Most people who are aware of what is mostly going on realize that looking for “terrorist” isn’t really about finding people who blow up buildings with planes (it certainly didn’t help them stop people from bombing a marathon) as much as it is about identifying people who might destabilize or affect the status quo (and while that likely includes people who blow up buildings with planes, that is far far from the extent of it).

Internet Zen Master (profile) says:

Re: Re: Re:3 Re:

Also, it’s finals/graduation week, so a lot of people are going to be posting about that as well.

The leak at the NSA should’ve waited until the week of the 4th of July to send this data to the Guardian. Would’ve had a a little more staying power in terms of getting sheeple’s attention.

That being said, didn’t the Guardian say they had a lot more intel to expose? I doubt this whole affair is anywhere close to being finished.

As the Zen Master says, “We’ll see.”

Loki says:

Re: Re: Re:

That will be what happens. I could link dozens of (sometimes lengthy) well researched, well written articles about this issue going all the way back to the AT&T “secret room” (and the massive multitude of articles and hubbub about that episode). Yet after 6+ years of revelation after revelation (some greater than others), next to nothing has been done about. Nobody in any branch of government (with any real position of authority or power) has been eve remotely accountable for it.

The fact is, even Reddit (perhaps the greatest “one-stop-shopping” location for information on the topic, is already showing signs of “losing interest” in the story (albeit very slowly, but it is perceptible if you spend enough time reading like I do).

And little will change, given that both parties have so totally polarized their supporters. Conservatives will blame the problem (as they’ve been trained to do with all problems) on the Democrats and refuse to hold the Republicans accountable. Liberal will blame the problem (as they’ve been trained to do with all problems) on the Republicans and refuse to hold the Democrats accountable.

Enough dissatisfaction may occur come next election that a few of the weaker districts of “smaller” Congressmen may lose their seats to the other party (or be thrown under the bus by their own if they are deemed expendable), but none of the big players – your Dianne Feinstein or Lamar Smith, your Nancy Pelosi or Orrin Hatch – are going to lose their jobs. And there will likely be enough Democrat dissatisfaction and/or Republican motivation that we are quite likely to see the Oval Office handed back to the Republicans in 2016.

And at the end of the day, a decade+ of history shows that very little is actually going to be done about the issue, nor will much change.

Violated (profile) says:

Not so nice

The main problem is two fold in that they don’t consider metadata to be protected by the Fourth Amendment and second is that the FISA Court is one for rubbing stamping the inclusion of everyone.

This extra server would also not be there to limit their access to data. This would be not unlike how MegaUpload handled the media cartels of full access to delete whatever they wanted. No delete on Facebook (normally) but indeed full access to rip metadata and details of connections. Facebook can then get on to business while ignoring this Governmental “rape box”

Anonymous Coward says:

Re: Re:

The server are a bridge between the company system, and NSA systems. Can’t give companies direct access to NSA servers, or NSA direct access to company servers, therefore put in a box that the company can write and NSA can read. The servers may also be a bridge between the company network, reachable from the Internet, and a private government network, not directly connected to the Internet.

Anonymous Coward says:

Given the revelations of the past week, the public (and our representatives) need to demand much more transparency and oversight concerning these surveillance programs.

Civic duty won’t motivate them; something more selfish is needed. I suggest pointing out to them that they are being spied on, just like everyone else. Presumably, if they realize that their every online action is being watched, they’ll develop interest in reform.

Violated (profile) says:

A Theory

This Facebook news reminded me of an event that I moaned about months ago as I will now recall.

A large part of Facebook is obviously game play. Now lets say a popular person has 100 friends and starts up a new game where they discover the fact that on average 3 to 5 of their friends are already playing where they invite the 90+ others to gain 1 or 2 more.

So there you are with your 4 to 7 game neighbours where you soon discover the fact that after 2 days of game play you can’t advance the game more because you need 8, 10, 15, 20 and even as high as 30 neighbours. No matter how much you harass your friends you can’t do this not to mention the neighbours you have are not very good anyway.

You resolve this problem by finding out the game chat page and all those people in the same situation screaming out ADD ME and wanting hard working neighbours.

Those that go this route can be BANNED BY FACEBOOK. No shit when add the wrong game friend and Facebook won’t even let you see your home page without agreeing to their terms that states very clearly “You can only add friends that you PERSONALLY know”

Wait! What? Not even my mother can dictate who my friends are but Facebook can? For a first offence Facebook bans you adding new friends for 2 days.

As I am sure Facebook is aware of the game situation then “personally known” I am sure would kill almost every Facebook game there. I have gone this far and can go no further.

Then today we may now see the real reason. The NSA would indeed want everyone to be in the personal know. They want US users who connect to Middle East users to be part of a terrorist cell. Here is this US user having Arabic rants posted to his wall but he speaks no Arabic! Clear terrorist cell wastes days of NSA work only to find out that the one sole true link is that they water each other’s crops!

Game play adds in much random linkage. The NSA do not like this hence the “people you personally know” rule.

Anonymous Coward says:

Remember: most users are outside the US

Don’t forget that more than 70% of gmail users and about 84% of Facebook users are outside the US. As I understand it, there are essentially no legal restrictions on NSA mining of those teeming masses.

Americans don’t generally give a shit about the rights of foreigners, but those numbers provide important context, both for the legal-technical aspects and for the wider global reactions.

Loki says:

Re: Re: Remember: most users are outside the US

Well they have been “kind” enough to share at least some of their data with British intelligence going back (according to several sources I’ve read) to at least 2010.

They care about their “special friends”: certain governments, certain large multinational corporations. it’s just actual people they don’t really care about.

Anonymous Coward says:

The clueless pontificators seem to be missing a critical point: PRISM is not used to collect information on US citizens, or anybody legally in the United States. The other Verizon program which was separate involves phone metadata of US persons, but no content at all. In other words NSA is doing exactly what it is supposed to do, and exactly what everyone complained that it didn’t do to prevent 9/11.

Violated (profile) says:

Re: Re: Re: Re:

It is not about paranoia but about privacy and the ability to live your life in an anonymous way not tracked all the time by the Government.

The Fourth Amendment bans unreasonable search and seizures which means that the Government has no right to violate the privacy of your life until you are suspected of committing a crime.

The Government under fear of terrorism, or monsters in the dark, cannot remove these rights. Those who sacrifice privacy to obtain security soon end up with neither.

Also Congress is like a factory churning out new laws all the time in an unstoppable endless stream. No one on this planet can know all the laws totalling millions of pages. It is without question that people violate the laws as part of their daily life.

Just be thankful that the Government has no reason to abuse or to victimise you but that cannot be said for everyone.

Anonymous Coward says:

Re: Re: Re: Re:

We know you are perfectly perfect and there is nothing that you don’t want the world at large to know. There is no information about you that couldn’t be used to force you to into doing something that you would only do to keep that information quiet.

So, assuming that you have nothing to hide, please share your passwords to all your email, cell phones, IM messaging, etc.

You have nothing to hide.

Anonymous Coward says:

Re: Re:

“PRISM is not used to collect information on US citizens”

That may or may not be the case, Either way it does not preclude the presence of some other program which does. Given the penchant for ever more data gathering by corporations and governments it is not surprising that people would suspect this to be the case.

Clearly you can not fall back upon an insistence that one only argue the facts when said facts are not publicly available.

So, your dismissive attitude towards those who might show concern is petty and unjustified.

horse with no name says:

of course

Given the revelations of the past week, the public (and our representatives) need to demand much more transparency and oversight concerning these surveillance programs.

Of course we should. Let’s make it so transparent that the people being spied on and investigated get a nice email and perhaps someone comes to their house and knocks on their door, giving them a bundle of flowers with a “you are being monitored because you are a suspected terrorist” card.

Transparency has limits, secrecy exists for a reason.

Anonymous Coward says:

Re: of course

Don’t you think that terrorists automatically assume they’re being monitored…the very nature of their organizational structure demands it.This type of monitoring of Americans and foreigners has been known for a long time…Echelon or room 641 or the new Utah data center ring a bell?
Whats the point of keeping this a secret?
The important thing now is to make sure that this type of power is not abused and that it can be turned off by the people, if it is.
The US government needs to know they are being watched too.

Anonymous Coward says:

Re: Re: of course

“Don’t you think that terrorists automatically assume they’re being monitored”

Yes, one would think so.
However, it is important to note that as far as the public is aware, all of the monitoring available did not stop or was not used to stop the Boston incident – which was perpetrated by what could be considered inept amateurs. If said monitoring is incapable of stopping those guys, how can one claim it will stop those who are better at it?

Anonymous Coward says:

America's 'outrage memory span'

We all know the American public’s memory for “outrage” is about 25 seconds, don’t worry by this time next week Masnick will be right back to raging about Prenda, or fighting in support or Kim Dotfatpig, or something equally as trivial. Just as soon as he works out it’s not generating the necessary click bait, he will work hard at finding what buttons to press to get you all upset and posting comments here.

anomynous says:

was PRISM the target of Aurora hack attack?

Chinese hackers who breached Google?s servers several years ago gained access to a sensitive database with years? worth of information about U.S. surveillance targets, according to current and former government officials.

…whoever was behind the breach was seeking to identify accounts that had been tagged for surveillance by U.S. national security and law enforcement agencies.

‘If you want to find out if your agents, if you will, have been discovered, you can try to break into the FBI to find out that way. Presumably that?s difficult. Or you can break into the people that the courts have served paper on and see if you can find it that way. That?s essentially what we think they were trolling for…’

anomynous says:

Aurora -> PRISM?

Bruce Schneier, chief security technology officer of BT, said that the Google attackers exploited wiretap backdoors mandated by the U.S. government to access the activists’ accounts. “In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access,” according to Schneier.

anomynous says:

last post...

However, the attackers also apparently were trying to access the database at Google that shows which of the company?s users are targets of lawful intercept operations.

The warrants issued to conduct that kind of surveillance are issued by the Foreign Intelligence Surveillance Court and are typically secret.

One of the unanswered questions in this operation is whether the surveillance warrant database was the actual target of the attack team or whether they just happened upon it while on Google?s network. It?s unlikely that question will be answered anytime soon,

Anonymous Coward says:

ECHELON anyone?

PRISM just looks like a digital version of ECHELON. And, as with all good government projects, they outsourced to the lowest bidder.

In this case, they didn’t have to pay anything at all. They finally figured it out, just get a court to issue an order and have other people do the dirty work for you and get blamed for it.

John Husband (profile) says:

American assisted snooping

I hesitate to say that it looks like social networking by computers and the internet was invented for this purpose, however it does look like this has been one colossal killing for the american security services, the NSA and the CIA. Everybody was taken in by the hype and willingly displayed themselves as they wanted to be seen by their neighbours in the Christian sense of the word. What they didn’t realise is that while improving communications for subscribers, the actual effect apart for making money for the companies is for America to pull a Gigantic confidence trick on the whole world, for which it must be held responsible and will be by all Yankophobes as well as by moderates who until now were fairly pro-American.

Grover (profile) says:

George Orwell's 1984 playing out

I’m just in awe of our government. They take a novel and turn it into a game plan – and it’s working for them. The hardest part of it all is realizing that citizens from all walks of life are involved, either directly or indirectly, in this, our own subjugation; and for what? Money.

It’s always about the money; whether it appears in the form of a well-paying job with a government agency – and the benefits that come with it, or huge contract with said government that makes a business owner suddenly stupid-rich. And then, we have the political route to wealth, and the power it can command; which, in turn, creates more money. Even though they creep everywhere, the twisted roots of greed go way deep in the political garden.

Voltaire’s quote, “To learn who rules over you, simply find out who you are not allowed to criticize.” seems especially poignant in view of the increasing demands by various government officials wanting to quash – viciously, in many cases, any challenge to their actions.

I must be masochistic, because checking out Techdirt always ends up with me talking to the monitor and wondering if there are any honest, morally-incorruptable souls left on Earth.

Anonymous Coward says:

The day this broke i was watching CNN. After there ‘omg we are all going to die’ story, they insisted that now the NSA can see your desktop and everything your doing on your computer, and i thought CNN, you dont have a fucking clue.

Point is, this is bad, but national news needs to get people who know what the fuck they are talking about.

Anonymous Coward says:

Double Speak

Clapper Prism isn’t data mining
Include such gems as:

?PRISM is not an undisclosed collection or data mining program. It is an internal government computer system used to facilitate the government?s statutorily authorized collection of foreign intelligence information from electronic communication service providers under court supervision,?

If it wasn’t an undisclosed facility to aid data collection, for subsequent mining, why is he upset about the revelations.

Kevin (profile) says:

Outside the USA

The more I read TechDirt the happier I am that I do not live in the USA, the land of the oppressed. I speak with authority because I have lived there and held permanent residency (Green Card)that I have since allowed for it to relapse.
The people of the USA have become so complacent over the past 40 years. You have allowed successive governments strip your constitution to pieces and handed power to a handful of corporations and organizations.
The way patents, copy right and invasion of every bit of privacy, all under the orchestrated national security issues have been allowed to continue unchecked is frighteneing.
The more I read about the USA the more convinced I am that the “Land of the Free” no longer exists and has been replaced by an authoritarian regime.
Emigrate to Australia because at present we seem to be the last real free country left on the planet and we only have seven police forces and one, yes one, security organization.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...