- Netflix warns users to be cautious of new phishing scam 6 Years Ago
- PewDiePie takes big lead in subscription race after YouTube deletes spam 6 Years Ago
- RIP, delivery robot that spontaneously caught fire 6 Years Ago
- Netflix plans to release 90 original movies in 2019 6 Years Ago
- The first trans Miss Universe contestant didn’t win the crown, but she won the internet 6 Years Ago
- Meet the woman who got plastic surgery to match her filtered selfies Today 10:02 AM
- Trump calls for ‘boarder security’ instead of ‘border security’ Today 10:00 AM
- Construction company fires employees for mocking wildfire devastation Today 9:52 AM
- Women are sharing pictures of weird things in men’s bathrooms Today 9:41 AM
- The best last-minute gifts for every budget Today 9:30 AM
- What the American Chopper meme taught us in 2018 Today 9:09 AM
- ‘Aquaman’ is a shallow but entertaining rehash of ‘Black Panther’ and ‘Thor’ Today 8:59 AM
- Russia used every social media platform to disrupt 2016 election, Senate says Today 8:29 AM
- Shane Dawson is the YouTuber of the year Today 8:18 AM
- Alex Jones is still doing live broadcasts on Instagram Today 7:58 AM
The NSA doesn’t need a secret back door to Google’s servers to get the information it wants.
Though we don’t know the particulars of PRISM—the recently revealed program that allows the NSA and FBI to monitor users of Google, Yahoo, and Facebook, among others—a clearer picture is starting to take shape as those companies deny being part of such a system.
An NSA presentation, leaked late Thursday, says that the intelligence agency gathers communication information—everything from emails to video chat logs—directly from nine major Internet companies. What’s interesting isn’t just that these companies have issued seeming denials to these claims, but how they’ve issued them.
“Facebook is not and has never been part of any program to give the U.S. or any other government direct access to our servers. … We hadn’t even heard of PRISM before yesterday,” Facebook CEO Mark Zuckerberg said on that site. “When governments ask Facebook for data, we …only provide the information if is required by law.”
“We have never heard of PRISM,” Apple said. “We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.”
“We do not have any knowledge of the Prism program,” AOL announced. “We do not disclose user information to government agencies without a … formal legal process, nor do we provide any government agency with access to our servers.”
“We provide customer data only when we receive a legally binding order or subpoena to do so,” Microsoft said.
In other words, assuming no one is lying outright, all the companies the NSA says it taps for information agree on three things:
1) They don’t give the government direct access to their servers.
2) They do comply with court orders.
3) They haven’t heard about a specific system called PRISM.
There is absolutely nothing in these claims that contradicts a theory put forth by security expert Lauren Weinstein: that PRISM doesn’t actually tap directly into any company’s servers. Instead, it’s a quick and easy court process. Under it, the NSA and FBI can easily get a court order for targets of their choosing.
The government likely doesn’t have “back doors” into major Internet sites that would allow government access to those sites’ user data on a “willy-nilly” basis. But it does seem reasonable to assume … that the government has pressured major Internet sites to deploy the means for rapid access to specific data requests that would be mediated by gatekeepers at those firms.
That is, NSA (or whomever) would have an expedited means to present a firm with (for example) a court order…
“That’s certainly a possibility that would be consistent with what we know so far,” Matt Zimmerman, an attorney at the Electronic Frontier Foundation, told the Daily Dot, though he stressed that understanding the exact nature of PRISM is still a work in progress.
In fact, the Director of National Intelligence, James Clapper, seemed to explicitly agree with this theory in a release issued Thursday. He doesn’t refer to the program outlined in the Guardian and Washington Post articles as PRISM, but rather as a “collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act (FISA).”
FISA was renewed by law in 2012; it passed the House, dodged amendments in the Senate, and was signed by President Obama in December. FISA listens to NSA and FBI requests for information about communications—emails, phone calls—and issues something of a secret warrant for them to obtain this information. FISA rulings themselves are conducted in secret.
FISA courts—which, as of 2008, no longer require the government to show probable cause or even identify its targets to get a surveillance order—are set up to rapidly issue the exact sort of secret demands for user information that Weinstein suggested.
That leaves one hitch: What about the fact that none of those companies had apparently ever heard of PRISM? It probably doesn’t matter. There’s no particular reason the NSA would have to tell them the details of the overarching program under which it was obtaining court orders.
Besides, as cybersecurity expert Robert Graham tweeted, “Internal code names are often not shared with the counterparty. Just because NSA calls it PRISM doesn’t mean Apple/Google knows that name.”
Photo by davidsancar/Flickr
A former senior politics reporter for the Daily Dot, Kevin Collier focuses on privacy, cybersecurity, and issues of importance to the open internet. Since leaving the Daily Dot in March 2016, he has served as a reporter for Vocativ and a cybersecurity correspondent for BuzzFeed.