Again with the 'carefully worded denials' - the denials were similar because they were accused of the same thing, which is allowing "direct access".
The most worrisome and misunderstood part of these reports is the "direct access" bit: can the government arbitrarily query company servers? their denials address that, they clearly say that is not the case, instead they sftp the data after being served with court orders or warrants and yes also the secretive FISA requests.
So by revealing the number of FISA requests they receive and their scope they hope to clear this "direct access" mess. As even FISA orders are much more acceptable than wholesale access.
As for the development being reported here: I think it has merit seeing how this clearly falls under the first amendment, but I'd like a lawyer to chip in.
From what Google's said, it appears the government can't arbitrarily query Google's servers. Google has stated pretty clearly that someone at Google has to check off before an account is pushed to a machine that the government can access and that the data cannot be accessed without this happening.
That's Google. We've yet to hear from many of the other companies in the program about whether this sort of access is technically impossible, or whether it's an honor system that the government is supposed to follow.[1] I haven't been closely following the Facebook, Microsoft, or Apple statements, so maybe they have also been explicit that it is a restriction that is implemented by technical means. Some of the companies haven't said anything yet.
How many of the companies really make sure there is legitimate documentation for each request? Do they really do this every time, or have they become resigned to the fact that there's nothing they can do, so they just rubber stamp each request coming through, even without the proper legal documentation?
[1] This seems to be a major issue--the President and NSA leaders have claimed that analysts "cannot" access your phone metadata and phone call content without the correct legal instruments. But by "cannot", they seem to mean "they are not allowed to" rather than "it is not possible for them to".
> Google has stated pretty clearly that someone at Google has to check off before an account is pushed to a machine that the government
my understanding of PRISM and all this is that the entire internet is vacuumed and everything is stored, just in case. I cannot imagine a guy "checking off" on every email or every mailbox for millions of gmail users every day or even once a month manually. With 11K terabytes of digital data created per hour by US, I cannot imagine any sort of manual system being implemented.
It has to be totally entirely automatic, otherwise it won't fly.
Any understanding of PRISM outside the classified world seems to be incomplete. Some people version of PRISM seems to involve caching the whole Internet. That might sound implausible, yes. But we won't know until or if the whole thing gets declassified.
Yes, but that vacuuming is apparently being done, just not under PRISM (for example, see https://en.wikipedia.org/wiki/Room_641A). PRISM is just one method of getting the data.
There was a fifth Powerpoint slide published by the Guardian[1] which clearly distinguished between PRISM and "Upstream" methods which collect "communications on fiber cables and infrastructure as data flows past."
The PRISM program mentioned in the Powerpoint slides is very likely the same program that is mentioned in unclassified documents such as Army Field Manual (FM) 3-55, Information Collection[2]:
> 6-12. Two joint ISR planning systems—the collection management mission application and the Planning Tool for Resource, Integration, Synchronization, and Management (PRISM)—help facilitate access to joint resources. PRISM, a subsystem of collection management mission application, is a Web-based management and synchronization tool used to maximize the efficiency and effectiveness of theater operations. PRISM creates a collaborative environment for resource managers, collection managers, exploitation managers, and customers. In joint collection management operations, the collection manager coordinates with the operations directorate to forward collection requirements to the component commander exercising tactical control over the theater reconnaissance and surveillance assets. A mission tasking order goes to the unit responsible for the collection operations. At the selected unit, the mission manager makes the final choice of platforms, equipment, and personnel required for the collection operations based on operational considerations such as maintenance, schedules, training, and experience. The Air Force uses the collection management mission application. This application is a Web-centric information systems architecture that incorporates existing programs sponsored by several commands, Services, and agencies. It also provides tools for recording, gathering, organizing, and tracking intelligence collection requirements for all disciplines
They don't need to store all the data if they can just compel whoever is storing it to give them access to said data. (Which seems to be what is alleged).
re: [1]... Right. In fact, this morning I think we heard this is definitely policy and not technology. We were told that for this to happen [paraphrasing from memory] "One person would have to break the law [analyst], his boss would have to break the law [because he's supposed to approve the access], and remember this entire process is 100% auditable, so we'd catch them for sure."
Of course, this isn't remotely reassuring for a bunch of reasons. Most of all though, I'd be curious to hear more about how the auditing process works. He kept saying "auditable" I noticed, not you know... "actually audited".
Snowden mentioned in the Q&A that 5% of the GCHQ accesses are audited, as one example. He mentioned 5% as if it's a low value but that's actually fairly high, especially if randomly-picked.
Yeah, there are generally two things keeping society in order. Ethical beliefs about right and wrong and fear of punishment from the powers that be for breaking the law. My concern with the NSA is that there is a culture of "the current laws are unduly stifling on our jobs, so us ignoring them is 'required'", coupled with management's belief in same and thus non-interest in prosecuting people that cross the line. Not to mention such prosecution would inevitably be public and thus the program exposed and the public seeing it is being abused. Taken together you have a perfect recipe for safeguards that exist in theory and are utterly ignored in reality, "for the greater good".
Why do people assume that Google has the only copy of what is on Google's servers. It is not hard for the NSA, since they are already admittedly the "man in the middle" to have copies of all data going in and out of any server they target.
Google and Facebook are trying to clear their name here.
But what I'm afraid of is that this mess with deciding exactly how much access the government has to Google will turn into a distraction from the larger picture. Which is that, in all likelihood, the NSA does not have access to Google. What they do instead, and what the name PRISM implies, is that they connect to the backbone (Verizon/AT&T), scoop up ALL data, and store it in their freshly built data center in Utah.
The slides I saw seemed to indicate when certain applications or filters came online. Such as a filter for Facebook data, or a filter for Google search/map/GPS data, etc. That's how I interpreted the graph, at least. It would indicate the NSA is rolling out specialized applications to handle data coming to and going from specific sites. Which allows them to more intelligently decipher what is being said, in more or less shotgun fashion.
Hence, the name PRISM. It's a project to split the full Internet stream into a Facebook bucket and a Google bucket, etc.
The problem I have with the "duplicate the Internet" theory is that it favors the hard solution vs the easy solution.
The hard solution is to secretly duplicate traffic from every data center operated by each of these companies, reverse engineer every HTTP request that goes back and forth so that the data can be parsed, maintain it for every product change that happens at these companies, circumvent HTTPS by compromising the certificate authorities, store it all, and still maintain a massive analytics tool that can make sense of the astounding amount of data coming through.
The easy solution is to avoid all of the technical ugliness of acquiring the data, and just legally make the companies give you the relevant information, neatly structured and packaged. NSLs are the ultimate hack.
It honestly wouldn't surprise me if the gov't has issued a secret subpoena for every PRISM provider's SSL key (e.g. Google/Facebook/Yahoo/etc). That way they get to claim "hey, we're not giving them full access" and the government gets what they want anyway.
As I understand it, they don't have to focus to the data center of those companies when doing the duplication.
For example for emails: emails travel unencrypted through the hops, and they would store them all, and then constantly analyzing them. When something suspicious comes up, they would go to the email provider to ask for more data. So for example if gmail address is there, they would go to Google and use their PRISM interface to get more data associated with that gmail adress, if it will be yahoo email, they will go to Yahoo for more data, etc.
Gmail users sending to each other will only relay inside Google's own private network. If all of my co-conspirators are using Gmail, there are no external relays to be tapped. Someone would have to read all of our SSL/TLS traffic to see what we're writing about.
This is even more complicated when the data centers are in other countries, and none of the data actually enters the US. So if two EU users were accessing Gmail from the EU, the data may never enter the US at all. This means any network tapping would have to be done in the EU as well, requiring cooperation from many international telecom companies.
It's still easiest to just force Google to hand it over via NSL. Google's still legally bound to deliver the data even if it isn't physically stored in the US.
I wouldn't be so sure if that was the easy solution, as it depends on the cooperation of those companies.
They at least have the choice to resist in some way or another.
They also could be using both solutions simulatneously.
From their perspective, why not?
A lot of the communication won't be encrypted anyways, and some of it will be, but they may be able to decrypt it at some point in the future.
The hard solution isn't just a little bit harder ... it's several orders of magnitude harder and more expensive. It's also highly vulnerable to simply using encryption. The easy solution works because the US companies are bound by law to cooperate. There's no reason to believe that legal pressure on these companies has failed to get the government what it wants.
It doesn't help just to have network transmission data if the data is encrypted. Google has increasingly been moving all of their services to https, I think facebook might be also.
If the government had a wiretapping program for fiber-optics, they wouldn't call is PRISM. Why? Because you don't name your top-secret stuff with descriptive names that imply what it does.
PRISM is a web-app. The slides make it pretty clear its a web-app. The army field manual link helpfully posted before in this discussion outright says its a web-app.
> So by revealing the number of FISA requests they receive and what sort of data is being sought they hope to clear this "direct access" mess. As even FISA orders are much more acceptable than wholesale access.
Not necessarily. As another commenter pointed out [1], a single FISA order doesn't have to correspond to a single citizen. One order can encompass millions of accounts.
> their denials address that, they clearly say that is not the case, instead they sftp the data after being served with court orders or warrants and such, including the secretive FISA requests.
While I think it's reasonable to doubt the claim that the NSA has true direct access to servers, I haven't been given a reason to doubt that information can be requested without court orders, warrants or FISA requests.
> Not necessarily. As another commenter pointed out [1], a single FISA order doesn't have to correspond to a single citizen. One order can encompass millions of accounts.
They would want to publish the scope of the FISA requests.
The other companies aren't going this far and I think they deserve a credit for what they're doing.
And I disagree with commend you link to, the solution isn't limiting data collection, sure it makes you a target but more data equals a better product. It's an issue of government overreach not engineering decisions.
I agree with this entire comment. Even the part where you disagreed with part of the comment I linked to. I even responded to that poster before replying to you. :-)
(Sorry about that. I meant to link to the comment for the text of the FISA order, and not for the jab against Google.)
Steve Gibson presented a good case[1] that the companies are telling the truth, but that NSA nevertheless has the equivalent of full access by tapping the tier-1 or -2 router nearest to each. Fiber-optic "splitter" makes the codename "Prism" cogent.
You didn't add any valuable information to this discussion. Why doesn't Gibson know what he's talking about? Explain what exactly regarding SSL breaking? What's the jump?
If you're talking about this, you should have a cursory understanding of what SSL is and why the MitM attack Gibson is describing is, at best, far fetched.
His point wasn't "all fibre optic" but that by tapping specific routers, e.g. one close to Facebook where FB traffic is concentrated, the NSA can filter and store nearly all FB traffic while FB has full deniability. At the referenced link are links to court documents in which exactly this kind of tap was revealed to exist at AT&T.
As to SSL, is there a claim that NSA has broken it? I wasn't aware of that. Not relevant to Gibson's idea, anyway.
> At any rate, assuming all fibre optic is tapped, how does that explain breaking SSL?
Large governments don't need to break SSL. They have SSL root keys and can man-in-the-middle at will. Doing so across the board would likely be detected, but targeted usage likely wouldn't be.
If this was widespread, I'd expect someone to have found a Google cert signed by different root. Then again I suspect Google pins their certs in chrome for a reason.
> Doing so across the board would likely be detected but targeted usage likely wouldn't be
This whole conversation is about wholesale data access, so targeting is not relevant. Besides, even if you are talking about targeting, the claim is, they are storing data and then targeting 'retrospectively'. So without a time machine there's no way they are going to be able to go back and MITM the targeted conversations they want to listen to after the fact. They would have to be MITM everything all the time.
> how does that explain breaking SSL? That's a really big jump.
How about this: the NSA has issued a secret subpoena for the private SSL key of every listed provider (Google/Facebook/Yahoo/etc). They are using those keys to transparently decrypt traffic and suck up what they want.
This is a distinction without a difference. If I (the NSA) can request yesterday's backups, isn't that close enough? I don't particularly care if they have direct access to Google's servers. Having access to the backups (through sftp or whatever other mechanism) is bad enough.
It's a checks and balances thing. If you're a large ISP and you retain physical control over your servers and network, if you're asked to hand over too much information, it's at least possible to delay and fight it in court. If they have root then you don't even know what they've done.
If they had to request anything from Google or FB, they wouldn't need such huge storage capacities. My guess is that these large companies have been forced to forward data (e-mail, chat lines, posts...) to the NSA as it arrives. It's not "direct access", it facilitates all the searches the NSA could wish for on NSA's own servers and does not contradict any of Google's, FB's or the NSA's claims so far from what I can tell (they store the data, then "collect" it as needed).
First of all, it doesn't really matter what Google says because they could be lying. Second of all, there are trivial ways around "direct access". Google will have world class mirroring capabilities, so they need only mirror to a government server. They could do this manually (per request) or automatically. This would fit within "no direct access".
When news of the PRISM program was first revealed two weeks ago, officials at Facebook, Google and other tech firms informally conferred on a public response...
The leaked slides say clearly the government can query the servers at will. They get real time login data, logout data and payload data.
I don't know why people keep putting this into question, giving Google the benefit of the doubt, when they were caught pants down, no questions asked.
If the companies mentioned in the slides just complied with the law, why would they be singled out in those slides? Honoring search warrants and FISA requests is an obligation, not an extra.
The reason Google was singled out as a partner since 2009 is because they gave the government full unrestricted access.
The reason Google was singled out as a partner since 2009 is because they gave the government full unrestricted access.
Which part of the PRISM slides make you think that? They certainly indicate pretty much full access to accounts which have been OK'd by Google (at least in archive form), but that is very different from 'full unrestricted access' to servers. I'd say we don't really know the extent of it, and welcome Google's decision to try to challenge the government in court to reveal more details.
As far as I read them the few PRISM slides we've seen don't really indicate:
1) The extent of access (how many accounts, how many accounts per order etc)
2) The mechanisms for FISA access
3) Any time delay in receiving documents/access
4) Whether data is realtime or not after access is granted
and the figures that FB, MS, Apple have announced hardly constitute full unrestricted access to all accounts as you seem to be implying. It's still a serious invasion of privacy, there are serious doubts about the efficacy of the FISA court supervision, and for foreigners I'm not even sure there are any protections at all (the NSA might not even feel obliged to get specific permission for non-US communications), so for everyone outside the US this is really invasive, but I'm not sure I can agree with your characterisation of these slides as showing full access (full access to what, to all Google servers, seriously?).
Well, judging by your comment history(about 100% anti-Google), I won't be taking your word for it. I'm still waiting for the dust to settle and see where Google ends up.
Right now, it's just a bunch of people pointing fingers at each other. The truth will be found once everyone calms down.
The most worrisome and misunderstood part of these reports is the "direct access" bit: can the government arbitrarily query company servers? their denials address that, they clearly say that is not the case, instead they sftp the data after being served with court orders or warrants and yes also the secretive FISA requests.
So by revealing the number of FISA requests they receive and their scope they hope to clear this "direct access" mess. As even FISA orders are much more acceptable than wholesale access.
As for the development being reported here: I think it has merit seeing how this clearly falls under the first amendment, but I'd like a lawyer to chip in.
[edit: clarity]