- Trump accuses Jewish Democrats of having ‘great disloyalty’ or a ‘lack of knowledge’ Tuesday 8:02 PM
- 1 million ‘anonymous’ users of popular porn site exposed in breach Tuesday 6:56 PM
- Khloé Kardashian angers followers with a calorie-counting joke about True Tuesday 6:14 PM
- Spider-Man may no longer be part of the Marvel Cinematic Universe Tuesday 5:28 PM
- Robert De Niro’s company is suing ex-employee for binge-watching Netflix at work Tuesday 4:41 PM
- Intentionally misgendering a character could get you banned from Borderlands 3 Tuesday 4:06 PM
- Facebook pulls Trump re-election ad for targeting ‘strong women’ Tuesday 4:03 PM
- Kamala Harris says she will restore net neutrality if elected Tuesday 3:16 PM
- All 8 of the ‘Rocky’ movies, ranked Tuesday 2:50 PM
- Everything you need to know about the Facebook conservative bias report Tuesday 2:35 PM
- Study links emoji use to more sex Tuesday 2:10 PM
- The chicken sandwich war is in full throttle on Twitter Tuesday 1:47 PM
- Netflix’s ‘Sextuplets’ proves Marlon Wayans is no Eddie Murphy—or even Mike Myers Tuesday 1:31 PM
- Facebook is finally rolling out its clear history tool Tuesday 1:13 PM
- ‘Theater etiquette’ tweets surge after YouTuber cast in ‘Waitress’ Tuesday 12:55 PM
This could be how PRISM actually works
The NSA doesn’t need a secret back door to Google’s servers to get the information it wants.
Though we don’t know the particulars of PRISM—the recently revealed program that allows the NSA and FBI to monitor users of Google, Yahoo, and Facebook, among others—a clearer picture is starting to take shape as those companies deny being part of such a system.
An NSA presentation, leaked late Thursday, says that the intelligence agency gathers communication information—everything from emails to video chat logs—directly from nine major Internet companies. What’s interesting isn’t just that these companies have issued seeming denials to these claims, but how they’ve issued them.
“Facebook is not and has never been part of any program to give the U.S. or any other government direct access to our servers. … We hadn’t even heard of PRISM before yesterday,” Facebook CEO Mark Zuckerberg said on that site. “When governments ask Facebook for data, we …only provide the information if is required by law.”
“We have never heard of PRISM,” Apple said. “We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.”
“We do not have any knowledge of the Prism program,” AOL announced. “We do not disclose user information to government agencies without a … formal legal process, nor do we provide any government agency with access to our servers.”
“We provide customer data only when we receive a legally binding order or subpoena to do so,” Microsoft said.
In other words, assuming no one is lying outright, all the companies the NSA says it taps for information agree on three things:
1) They don’t give the government direct access to their servers.
2) They do comply with court orders.
3) They haven’t heard about a specific system called PRISM.
There is absolutely nothing in these claims that contradicts a theory put forth by security expert Lauren Weinstein: that PRISM doesn’t actually tap directly into any company’s servers. Instead, it’s a quick and easy court process. Under it, the NSA and FBI can easily get a court order for targets of their choosing.
The government likely doesn’t have “back doors” into major Internet sites that would allow government access to those sites’ user data on a “willy-nilly” basis. But it does seem reasonable to assume … that the government has pressured major Internet sites to deploy the means for rapid access to specific data requests that would be mediated by gatekeepers at those firms.
That is, NSA (or whomever) would have an expedited means to present a firm with (for example) a court order…
“That’s certainly a possibility that would be consistent with what we know so far,” Matt Zimmerman, an attorney at the Electronic Frontier Foundation, told the Daily Dot, though he stressed that understanding the exact nature of PRISM is still a work in progress.
In fact, the Director of National Intelligence, James Clapper, seemed to explicitly agree with this theory in a release issued Thursday. He doesn’t refer to the program outlined in the Guardian and Washington Post articles as PRISM, but rather as a “collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act (FISA).”
FISA was renewed by law in 2012; it passed the House, dodged amendments in the Senate, and was signed by President Obama in December. FISA listens to NSA and FBI requests for information about communications—emails, phone calls—and issues something of a secret warrant for them to obtain this information. FISA rulings themselves are conducted in secret.
FISA courts—which, as of 2008, no longer require the government to show probable cause or even identify its targets to get a surveillance order—are set up to rapidly issue the exact sort of secret demands for user information that Weinstein suggested.
That leaves one hitch: What about the fact that none of those companies had apparently ever heard of PRISM? It probably doesn’t matter. There’s no particular reason the NSA would have to tell them the details of the overarching program under which it was obtaining court orders.
Besides, as cybersecurity expert Robert Graham tweeted, “Internal code names are often not shared with the counterparty. Just because NSA calls it PRISM doesn’t mean Apple/Google knows that name.”
Photo by davidsancar/Flickr
A former senior politics reporter for the Daily Dot, Kevin Collier focuses on privacy, cybersecurity, and issues of importance to the open internet. Since leaving the Daily Dot in March 2016, he has served as a reporter for Vocativ and a cybersecurity correspondent for BuzzFeed.