Emailing Saudi Arabia From Afghanistan

From Mozilla Foundation
Jump to: navigation, search

""



A demonstrator in Hanover, Germany, makes his feelings known about PRISM, the infamous U.S. surveillance system on June 29, 2013.



© Peter Steffen/dpa/Corbis



If you need a layman's analogy to understand the PRISM surveillance system, one of the more apt comparisons would be to the HBO show "The Wire." Just substitute "United States government" for Baltimore police, "Internet data and content" for phone wiretaps, and name the target as "pretty much anyone" instead of drug traffickers. (Unfortunately, you'll have to take out the copious beer drinking and crab eating altogether.)



Here are two things you might've learned from "The Wire" that also apply to PRISM (aka Planning Tool for Resource Integration, Synchronization and Management): First, it's illegal to target any random Jane Doe U.S. citizen without probable cause and a warrant. Second, it takes a lot of short stories to create the sprawling history of an intelligence-gathering program, and when it comes to PRISM, we're barely pushing novella, as information has only slowly leaked (ha!) out. Not entirely surprising, considering that the U.S. government (and cooperating companies) has a tendency to be a bit tight-lipped about top-secret intelligence programs.



Well, yeah, sources in the intelligence community are saying it's a collection system or tool [source: Ambinder]. Whether or not it's transparent is still up for debate. Also important: A U.S. citizen -- or anyone within the United States -- cannot be targeted by the PRISM program. It's strictly for foreign intelligence. Lest you feel too comfortable, we'll discuss what kind of "reasonable" suspicion government officials need to assume they're dealing with a foreign target. (Hint: not much.)



So grab some snacks, open a "private" browsing window on your computer, and settle in for season 1 of "The PRISM System" (subtitle: "So Far As We Know.").S. Army Gen. Keith Alexander takes his seat to testify at the U.S. Capitol before a U.S. House Permanent Select Committee on Intelligence hearing on NSA surveillance programs on June 18, 2013.



© Jonathan Ernst/Reuters/Corbis



The first season of our show starts with a flashback. The year was 1978, and the Foreign Intelligence Surveillance Act (FISA) was signed into U.S. law. At the time, FISA was enacted to ensure the government obtained orders from a secret FISA court before conducting surveillance on suspected terrorists in the United States. After FISA, they had to go to a special court of federal judges to prove probable cause of compromised national security on each case [source: Totenberg]. This mirrors domestic law enforcement: Unless there is a warrant issued through probable cause, you can't put a wire up to intercept phone calls or telecommunications.



After Sept. 11, 2001, things changed. President George W. Bush authorized warrantless wiretaps, skipping the part where the special court reviewed each case. When there was outcry after the program became public, the Bush administration proposed changes to FISA that were adopted in 2008 through the FISA Amendments Act. The result was that now the federal intelligence agencies like the National Security Agency still didn't need a warrant but did have to have that FISA secret court review the target and techniques. Let's hear it from the Director of National Intelligence: "In short, Section 702 facilitates the targeted acquisition of foreign intelligence information concerning foreign targets located outside the United States under court oversight" [source: Wittes]. When it comes to the Internet, "foreign" isn't hard to find: There's loads of foreign Internet traffic going through U.S. servers, or saved on them. E-mailing Saudi Arabia from Afghanistan? Still probably going through a U.S. server to get there. FISA's rejiggering basically allowed for the government to ask companies to pretty please let them look at that information -- including content -- if they could be "reasonably sure" it wasn't a U.S. citizen or anyone inside the U.S.



According to the initial reports, PRISM was a program that allowed the government to directly access servers from some huge players, like Facebook and Google. As the Guardian first reported, "Companies are legally obliged to comply with requests for users' communications under US law, but the Prism program allows the intelligence services direct access to the companies' servers" [source: Greenwald and MacAskill]. (We'll discuss - and dispel -- this claim more later.)



In other words, if the leaked documents were to be believed, the government was basically able to search private company servers for anything it wanted, without having to make individual, targeted requests. Once they had that data, they just had to make sure -- with "51% confidence" -- of the "foreignness" of the target [source: Gellman and Poitras]. So if you're thinking no problem, you're outside the U.S. or have no foreign contacts, not so fast. The reality is with such a large search, there's a huge trove of "incidental" data collected. Although analysts may be scrutinizing only foreign data, that doesn't mean they're not collecting information about U.S. citizens or those on U.S. soil in the process [sources: Gellman and Poitras, Fresh Air].



© Bobby Yip/Reuters/Corbis



As we enter season 2 of our saga, we begin to focus in on some of the specifics -- and specific players -- that are part of the PRISM program. And there are some doozies: Microsoft, Yahoo, Google, Facebook, PalTalk (what, you don't know PalTalk?), YouTube, Skype, AOL and Apple all agreed to cooperate, according to the leaked documents between 2007 and 2012.



And what are they supposedly taking from those servers? Well, e-mail, chats (video or voice), videos, photos, stored data, Skype conversations, file transfers, logins, social networking. Everything. The government was getting the idea that to track terror, it needed e-mails -- and the content of those e-mails -- from key terrorism players. The NSA would go to Microsoft and ask for boatloads of information from its servers, related to foreign targets. It was time-consuming for all involved (engineers had to comb through masses of information), especially as the targets and the information piled up [source: Braun et al.]. Finally, the government threw up its hands and probably said something like, "There oughta be a better way!"



And that's when, in 2008, Section 702 was added. Section 702 changed the FISA process. Instead of specific individual targets, an order from the Director of National Intelligence and Attorney General is written that broadly describes the surveillance that they want to take place -- maybe a list of e-mails, or even people living in a certain area. It just can't target any U.S. citizen or anyone on U.S. soil. A group of judges approves this broad plan, to ensure that "special court review" takes place. From there, the government can give directives to these specific companies, like Google and Yahoo, asking for the information they need [source: Braun et al.]. No judge is reviewing each case, in other words, on these targeted, specific directives. But the companies also appear to not be just handing over wide troves of content or information, nor do they report giving access to their servers [source: Braun et al.]. Having just finished copying various classified documents from the NSA Hawaii office, he tells his boss he needs time off for epilepsy treatment; he gives his girlfriend a vague story about having to work out of office for a while. (At the time of posting, he was in Russia.) He promptly flies to Hong Kong, and begins contacting a few reporters with his story.



What exactly he leaked to the media outlets is not entirely clear, although we know there's at least a PowerPoint presentation of 41 slides. (Proving that secret government meetings are just as boring as your weekly office check-ins.) It appears to be a presentation designed to train operatives, but keep in mind the Guardian and Washington Post only released a few of these slides. (A SIGAD is a data collection site) [source: Ambinder]. As Stewart Baker, former NSA general counsel, said in an interview after reviewing the documents, they seem "suffused with a kind of hype that makes it sound more like a marketing pitch than a briefing" [source: McCullagh].



First reports from the Washington Post and other outlets initially claimed that one of the major differences of PRISM was that it allowed the government direct access to company servers.



It's important to note the press backed off that claim and subsequently acknowledged that instead companies are likely setting up secure servers or dropboxes to facilitate easier transfers when given a direct order by the government [source: Gellman and Poitras]. So that's kind of like a accessing a server directly, but only semantically -- it's much different than the government scrolling through our e-mails whenever they want, in real time.



Taking Data From Fiber OpticsWhile there's lots of uproar over PRISM, it should be noted that the government has been snatching foreign Internet traffic for years when it enters and leaves the United States. Copying the data as it travels through the fiber-optic cables of the Internet, the NSA routinely analyzes and reviews it. Some argue that while PRISM is more personally invasive, it's this large-scale capture of data that really compromises privacy [source: Braun et al.]. The government, we learned, seems to be using a little bit of legal chicanery to create broad orders (reviewed by a court) that let the NSA request specific, targeted information from companies. By pretty much every account, government agents are not getting direct access to servers as initially reported. They are making it really easy to obtain lots of information without some slow-reading judge reviewing every single request, or an engineer sifting through tons of data to find it. No problem, you might say, if you're the kind of person who doesn't mind Agent Z from the Maryland field office knowing you plan on eating ice cream for dinner and watching "The Bachelorette" after work.



And let's be straight: After the initial leak and subsequent outrage, the PRISM program began to look a little less intrusive on further review. Pretty much every company rather forcefully denied giving access to nontargeted data, in general [source: McCullagh]. People even began to question Edward Snowden's own knowledge of how the NSA works and his lack of discretion when deciding what to actually leak [source: Toobin, Drum]. Wouldn't it follow suit that these companies would have to lie about their involvement to protect a top secret program? Wouldn't the government also lie about the existence of it, or at least fudge some details to make it more appetizing (or legal) to media outlets and the general public? Why, in other words, should we trust the technology conglomerates and the government when presented with some data that says they're lying? (This sounds like a job for the Stuff They Don't Want You to Know team!)



And thus -- our series continues to unfold. We won't know the answers for a good long while, and it's doubtful any resolution will come in the finale. But in the meantime, it's probably best to assume that if government security analysts want to read your e-mail, listen to your phone calls or check your calendar -- they can.



Government FactsGen. Keith B. Alexander, director of the National Security Agency, said that PRISM and programs like it have prevented more than 50 terrorism events around the world, and PRISM contributed in 90 percent of the cases [source: Chang]." But after learning about PRISM, there was a shift in thinking. It's not so much the actual program as it's taking place now, but the fact that our government isn't static. While I certainly don't fear that I've said anything that could get me in trouble ... policies change. Administrations change. Regimes, in fact, change. It's the fact that the government might not necessarily be analyzing my information -- but able to access it, now or in the future -- that should give one pause.



Is your workplace tracking your computer activities?



How Spies Work



How Wiretapping Works



Sources



Ambinder, Marc. "Solving the mystery of PRISM." The Week. June 7, 2013. (June 20, 2013) http://theweek.com/article/index/245360/solving-the-mystery-of-prism



Braun, Stephen, et al. "Secret to PRISM program: even bigger data seizure." The Associated Press. June 15, 2013. (June 20, 2013) http://bigstory.ap.org/article/secret-prism-success-even-bigger-data-seizure



Buchanan, Matt. "The NSA's Prism remains opaque." The New Yorker. June 13, 2013. (June 20, 2013) http://www.newyorker.com/online/blogs/elements/2013/06/nsa-prism-snowden-what-we-know.html



Change, Alisa. "Secret surveillance credited with preventing terror acts." National Public Radio. June 19, 2013. (June 20, 2013) http://www.npr.org/2013/06/19/193347739/secret-surveillance-credited-with-preventing-terror-acts



Dreyfuss, Ben and Dreyfuss, Emily. "What is the NSA's PRISM program?" CNET. June 7, 2013. (June 20, 2013) http://news.cnet.com/8301-1009_3-57588253-83/what-is-the-nsas-prism-program-faq/



Drum, Kevin. "Some questions for and about Edward Snowden." Mother Jones. June 13, 2013. (June 20, 2013) http://www.motherjones.com/kevin-drum/2013/06/some-questions-and-about-edward-snowden



Eichenwald, Kurt. "PRISM isn't data mining and other falsehoods in the NSA 'scandal'." Vanity Fair. June 14, 2013. (June 20, 2013) http://www.vanityfair.com/online/eichenwald/2013/06/prism-isnt-data-mining-NSA-scandal



Firestone, David. "Snowden's questionable new turn." The New York Times. June 17, 2013. (June 20, 2013) http://takingnote.blogs.nytimes.com/2013/06/17/snowdens-questionable-new-turn/?hp



Fresh Air. "'The Watchers' have had their eyes on us for years." National Public Radio. June 19, 2013. (June 20, 2013) http://www.npr.org/2013/06/19/192770397/the-watchers-have-had-their-eyes-on-us-for-years



Gellman, Barton and Poitras, Laura. "U.S., British intelligence mining data from nine U.S. internet companies in broad secret program." The Washington Post. June 7, 2013. (June 20, 2013) http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/



Greenwald, Glenn and Ewan MacCaskill. "NSA Prism program taps into user data of Apple, Google and others." The Guardian. June 6, 2013. (June 20, 2013) http://www.guardian.co.uk/world/2013/jun/06/us-tech-giants-nsa-data



Greenwald, Glenn et al. "Edward Snowden." The Guardian. June 9, 2013. (June 20, 2013) http://www.guardian.co.uk/world/2013/jun/09/edward-snowden-nsa-whistleblower-surveillance



Harris, Shane. "Total recall." Foreign Policy. June 19, 2013. (June 20, 2013) http://www.foreignpolicy.com/articles/2013/06/19/total_information_awareness_prism_nsa_bush_poindexter



Kerr, Dara. "Obama: NSA spying doesn't mean 'abandoning freedom.'" CNET. June 17, 2013. (June 20, 2013) http://news.cnet.com/8301-1009_3-57589741-83/obama-nsa-spying-doesnt-mean-abandoning-freedom/



Lee, Timothy B. "Here's everything we know about PRISM to date." The Washington Post. June 12, 2013. (June 20, 2013) http://www.npr.org/2013/06/19/192770397/the-watchers-have-had-their-eyes-on-us-for-years



Logiurato, Brett. Extreme mining "Here's the law the Obama Administration is using as legal justification for broad surveillance." Business Insider. June 7, 2013. (June 20, 2013) http://www.businessinsider.com/fisa-amendments-act-how-prism-nsa-phone-collection-is-it-legal-2013-6



McCullagh, Declan. "No evidence of NSA's 'direct access' to tech companies." CNET. June 7, 2013. (June 20, 2013) http://news.cnet.com/8301-13578_3-57588337-38/no-evidence-of-nsas-direct-access-to-tech-companies/



Miller, Claire Cain. "Tech companies conceded to surveillance program." The New York Times. June 7, 2013. (June 20, 2013) http://www.nytimes.com/2013/06/08/technology/tech-companies-bristling-concede-to-government-surveillance-efforts.html



The Washington Post. "NSA slides explain the PRISM data-collection program." June 6, 2013. (June 20, 2013) http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/



Totenberg, Nina. "Why the FISA court is not what it used to be." National Public Radio. June 18, 2013. (June 20, 2013) http://www.npr.org/2013/06/18/191715681/why-the-fisa-court-is-not-what-it-used-to-be



Weiner, Eric. "The Foreign Service Intelligence Act." National Public Radio. Oct. 18, 2007. (June 20, 2013) http://www.npr.org/templates/story/story.php?storyId=15419879



Wittes, Benjamin. "DNI statement on 'Facts on the collection of Intelligence Pursuant to Section 702 of the Foreign Intelligence Surveillance Act." Lawfareblog.com. June 10, 2013. (June 20, 2013) http://www.lawfareblog.com/2013/06/dni-statement-on-facts-on-the-collection-of-intelligence-pursuant-to-section-702-of-the-foreign-intelligence-surveillance-act/