- Freddie Prinze Jr. will straight-up school you about the Force don’t @ him 6 Years Ago
- Woman hosts Instagram funeral after she ‘killed’ $102K in student debt 6 Years Ago
- YouTube beats Netflix as go-to streaming platform for teens Today 11:41 AM
- The tallest man in America posts emotional YouTube video from hospital room Today 11:31 AM
- Nintendo Switch subreddit implodes amid Hong Kong protests Today 11:14 AM
- Biden yelling at Warren becomes relatable workplace meme Today 10:33 AM
- Tulsi Gabbard was conservatives’ favorite debater Today 10:07 AM
- ‘Rogue One’ co-writer to direct several episodes, write the pilot for Cassian Andor series Today 9:50 AM
- ‘The Two Popes’: Anthony Hopkins and Jonathan Pryce shine in Netflix’s pope comedy Today 8:57 AM
- AOC, ‘Squad’ to endorse Bernie Sanders Today 8:44 AM
- ‘Ghosts of Sugar Land’ explores what happens if your friend joins ISIS Today 7:00 AM
- Andrew Yang upset porn fans with his criticism of Bing Tuesday 10:34 PM
- Kamala Harris really wants Trump kicked off Twitter Tuesday 10:22 PM
- Bernie Sanders jokes he didn’t use medical marijuana before tonight’s debate Tuesday 9:47 PM
- Tulsi Gabbard says she’s not a Russian asset—which is just what a Russian asset would say Tuesday 9:20 PM
This could be how PRISM actually works
The NSA doesn’t need a secret back door to Google’s servers to get the information it wants.
Though we don’t know the particulars of PRISM—the recently revealed program that allows the NSA and FBI to monitor users of Google, Yahoo, and Facebook, among others—a clearer picture is starting to take shape as those companies deny being part of such a system.
An NSA presentation, leaked late Thursday, says that the intelligence agency gathers communication information—everything from emails to video chat logs—directly from nine major Internet companies. What’s interesting isn’t just that these companies have issued seeming denials to these claims, but how they’ve issued them.
“Facebook is not and has never been part of any program to give the U.S. or any other government direct access to our servers. … We hadn’t even heard of PRISM before yesterday,” Facebook CEO Mark Zuckerberg said on that site. “When governments ask Facebook for data, we …only provide the information if is required by law.”
“We have never heard of PRISM,” Apple said. “We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.”
“We do not have any knowledge of the Prism program,” AOL announced. “We do not disclose user information to government agencies without a … formal legal process, nor do we provide any government agency with access to our servers.”
“We provide customer data only when we receive a legally binding order or subpoena to do so,” Microsoft said.
In other words, assuming no one is lying outright, all the companies the NSA says it taps for information agree on three things:
1) They don’t give the government direct access to their servers.
2) They do comply with court orders.
3) They haven’t heard about a specific system called PRISM.
There is absolutely nothing in these claims that contradicts a theory put forth by security expert Lauren Weinstein: that PRISM doesn’t actually tap directly into any company’s servers. Instead, it’s a quick and easy court process. Under it, the NSA and FBI can easily get a court order for targets of their choosing.
The government likely doesn’t have “back doors” into major Internet sites that would allow government access to those sites’ user data on a “willy-nilly” basis. But it does seem reasonable to assume … that the government has pressured major Internet sites to deploy the means for rapid access to specific data requests that would be mediated by gatekeepers at those firms.
That is, NSA (or whomever) would have an expedited means to present a firm with (for example) a court order…
“That’s certainly a possibility that would be consistent with what we know so far,” Matt Zimmerman, an attorney at the Electronic Frontier Foundation, told the Daily Dot, though he stressed that understanding the exact nature of PRISM is still a work in progress.
In fact, the Director of National Intelligence, James Clapper, seemed to explicitly agree with this theory in a release issued Thursday. He doesn’t refer to the program outlined in the Guardian and Washington Post articles as PRISM, but rather as a “collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act (FISA).”
FISA was renewed by law in 2012; it passed the House, dodged amendments in the Senate, and was signed by President Obama in December. FISA listens to NSA and FBI requests for information about communications—emails, phone calls—and issues something of a secret warrant for them to obtain this information. FISA rulings themselves are conducted in secret.
FISA courts—which, as of 2008, no longer require the government to show probable cause or even identify its targets to get a surveillance order—are set up to rapidly issue the exact sort of secret demands for user information that Weinstein suggested.
That leaves one hitch: What about the fact that none of those companies had apparently ever heard of PRISM? It probably doesn’t matter. There’s no particular reason the NSA would have to tell them the details of the overarching program under which it was obtaining court orders.
Besides, as cybersecurity expert Robert Graham tweeted, “Internal code names are often not shared with the counterparty. Just because NSA calls it PRISM doesn’t mean Apple/Google knows that name.”
Photo by davidsancar/Flickr
A former senior politics reporter for the Daily Dot, Kevin Collier focuses on privacy, cybersecurity, and issues of importance to the open internet. Since leaving the Daily Dot in March 2016, he has served as a reporter for Vocativ and a cybersecurity correspondent for BuzzFeed.