New Yorker on PRISM

The New Yorker looks at PRISM:

Snowden’s actions revealed a few distinct, though interrelated, N.S.A. programs. The first, of which we have the clearest picture—largely because government officials have acknowledged and defended the program—collects the records of nearly every call placed within the United States. Snowden leaked to the Guardian a secret court order demanding that Verizon Business turn over the records—“telephony metadata”—of calls within, to, and from the United States that cross its network. It then emerged that the N.S.A. has been collecting such records for seven years, from every major carrier in the country. The President and others in the Administration emphasized, in response, that the N.S.A. wasn’t listening to actual conversations. But the vast database of records the N.S.A. collects can say far more than a phone conversation. Metadata, which can include caller and location information, is fairly talkative. (Senator Dianne Feinstein has stated that the N.S.A. does not require a court order to search its database of call logs; it needs only “reasonable, articulable cause to believe that that individual is connected to a terrorist group.”)

So basically they have this huge database of all calls involving US telcos, and then when they want to check someone out they look at whom that person has been calling or receiving calls from.

Meanwhile, the program called Prism, which aims to collect digital intelligence about foreign targets, remains frustratingly opaque. The leaked slides of the PowerPoint presentation that formed the basis for the news—its intended audience within the N.S.A. remains unclear—claim that nine leading tech companies participate in Prism, permitting the N.S.A. to gather data like e-mails, chat records, photos, videos, file transfers, and more. An additional slide published by theGuardian states that Prism features “collection directly from the servers” of those tech companies. The Post wrote that the N.S.A. and F.B.I. “are tapping directly into the central servers of nine leading U.S. Internet companies.”

But it increasingly appears that the technical descriptions in the Post and the Guardian may have been imprecise. This would be unfortunate, whether it resulted from the limited knowledge of the reporters and their editors, or simply from flawed claims in the internal documents. The technical details of Prism matter; they carry implications in terms of the nature of the program itself and the extent of tech companies’ coöperation. While the Times, citing “people briefed on the negotiations” between the government and the companies, has described Prism as functioning like a “locked mailbox” to which the government has the key, the Post has reported that, according to anonymous “intelligence community” sources, “government employees cleared for PRISM access may ‘task’ the system and receive results from an Internet company without further interaction with the company’s staff.” It added that “companies cannot see the queries that are sent from the NSA to the systems installed on their premises.”

They key aspect seems to be the ability for NSA staff to pull data directly from the Internet companies, without those companies having the ability to check they are only taking data they have a legal right to access. But it is unclear if they can do this.

Google’s response to the allegations has also been aggressive. The company’s chief legal officer, David Drummond, wrote in a post, “We cannot say this more clearly—the government does not have access to Google servers—not directly, or via a back door, or a so-called drop box. Nor have we received blanket orders of the kind being discussed in the media.” The company has publicly requested that the government allow it to disclose the number of Foreign Intelligence Surveillance Act national-security requests it receives—which must currently be kept secret—because its “numbers would clearly show that our compliance with these requests falls far short of the claims being made.” (Microsoft and Facebook have followed suit.) What Google says is very different from what the N.S.A. documents that the Post and the Guardian have published allege. But it seems unlikely that Google would intentionally engage in even minor misdirection, given its high price: if Google were caught lying, it would lose users’ trust forever, which could actually destroy the company.

I doubt Google is lying.

We also lack details about Blarney, a program mentioned in a slide as part of the N.S.A.’s “upstream” data-collection efforts, which a leaked slide describes as the “collection of communications on fiber cables and infrastructure as data flows past.” The Post characterizes Blarney as collecting metadata about Internet communications—similar to the call-records program—possibly allowing the N.S.A. to build an index of Internet traffic and how devices and people connect. Blarney may be far more invasive than Prism, but it remains unclear. Two other presumably ongoing “upstream” data-collection programs remain unnamed, their titles redacted from the slide.

A very useful summary of the situation.

Hat Tip: Dim Post

Comments (35)

Login to comment or vote

Add a Comment