We've mocked the NSA for the way it always reverts to FUD about "terrorists"
to show how "successful" programs like PRISM have been, but then also reverts to talking about cybersecurity
as a focus to make the surveillance seem more like it's about protecting people, rather than spying on them. However, as some of the latest revealed documents show, perhaps the NSA has its talking points all mixed up. There's plenty to discuss concerning the revelations about the NSA spying on French phone calls
, but some people have noticed that, while some of the presentation documents
revealed with that story were revealed before, there are a few new ones as well
, including this one:
The key thing here is the report that the NSA was able to use its FAA authority (apparently via both PRISM and "upstream collection" -- which is tapping directly into the backbone via telcos) to figure out that someone, perhaps the Chinese, had gotten access to a defense contractor's network and was either preparing to, or at least had the ability to get 150 gigs of important data out. The NSA alerted the FBI which alerted the contractor and they plugged the hole the same day. While that certainly seems like a good thing, it's not entirely clear stopping such hacking is really worth giving up a ton of privacy, though it does show, again, why Keith Alexander keeps demanding access to pretty much everything. Of course, you'd think that the NSA would be a bit more forward in promoting this
success story, rather than its bogus claims about stopping terrorist attacks, which have fallen apart under scrutiny.
The other interesting slide is this one:
It shows some of the differences between PRISM and the upstream collections, both of which the NSA believes are authorized under Section 702 of the FISA Amendments Act. PRISM involves being able to collect specific data from the 9 specific companies which have been named (Google, Facebook, Microsoft, Yahoo, Apple, Skype, AOL, Paltalk, YouTube), while "upstream" is what the NSA gets from tapping the backbone via telcos. "DNR Selectors" are the phone call metadata collected under a different program (Section 215 of the Patriot Act) which they apparently can filter the upstream data collection against. "DNI" is internet data (email addresses and such). Once again, it looks like tapping the backbone provides a hell of a lot more data, but it lacks the ability to "access stored communications," which they get via PRISM.
The other interesting tidbit to me, is the "direct relationship" claim. Note that with PRISM, it says "only through FBI," which suggests a reason why the PRISM companies have insisted that they've never been involved in any NSA program. It looks like they may have only had to deal with FBI requests (and associated FISA court orders). It's just that the data the FBI gets is then shared with the NSA.