First, I'm intrigued by the fact that WaPo is doing this. It's been fairly well established that WP prints whatever the administration wants, and even were that not the case I never trust redacted "leaks." Obviously these slides were prepared beforehand for media decemination; otherwise, there would not be blacked out portions. That combined with the Administration's heavy-handed nature in punishing whistleblowers in the past (as bad as Nixon, if not worse) and their previous habbit of "official leaks" (see: drone program memo) and I am convinced that this was a pre-planned move orchestrated by the white house. Everyone certainly had their scripts rolled out and ready to go:The Washington Post wrote:The National Security Agency and the FBI are [...] extracting audio and video chats, photographs, e-mails, documents, and connection logs[. ...A]ccording to the document: “Collection directly from the servers of these U.S. Service Providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.”
Clearly, Citizen Ashcroft needs to make a reappearance.In a statement issue late Thursday, Director of National Intelligence James R. Clapper said “information collected under this program is among the most important and valuable foreign intelligence information we collect, and is used to protect our nation from a wide variety of threats. The unauthorized disclosure of information about this important and entirely legal program is reprehensible and risks important protections for the security of Americans.”
This one's my favorite. "We've never heard of Prism." As if that's how the NSA works, you get a call from some midlevel aid to someone "Hey, you remember that thing I was telling you about, last Thursday, at golf? Yeah, Prism! That thing. We all set and ready to go on that HIGHLY SECRET PLAN to spy on everybody? ACES!" "we do not provide any government agency with direct access to our servers; instead, we put everything up on mediafire." But here's what, in my mind, counts as a straight adminition of guilt rather than teh denial it's meant to look like: any government agency requesting customer data must get a court order.”“We do not provide any government organization with direct access to Facebook servers,” said Joe Sullivan, chief security officer for Facebook. “When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.”
“We have never heard of PRISM,” said Steve Dowling, a spokesman for Apple. “We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.”
You mean that order, Apple? That's right, I think you do! Speaking of Apple:In four new orders, which remain classified, the court defined massive data sets as “facilities” and agreed to certify periodically that the government had reasonable procedures in place to minimize collection of “U.S. persons” data without a warrant.
Anyone who can't figure that one out is a complete fool, but I will give you a hint: it starts with the letter S, and ends with the letters teeve Jobbs. It doesn't say it in the article anymore but Apple joined in October 2012, clearly coinciding with their CEO getting cancered. Skype, meanwhile, joined in 2011, which would be about the time Microsoft acquired them. I would assume that until then, either it lacked the infrastructure to make it work or eBay didn't want to go along with the program. As for why they're classifying Google and Youtube as separate companies, and why youtube only got added in 2010, I have no idea.Apple demonstrated that resistance is possible when it held out for more than five years, for reasons unknown
This brings to mind two possibilities. The most obvious one is that the FBI/NSA have a device that they install, with or without the knowledge of service providers, in or near the physical company HQ. The NSA could also have gone to companies like Qualcom and Intel and convinced them to program access directly into the hardware. My guess is that it's the second option but you're supposed to think it's the first so that privacy advocates will tire themselves out trying to find bugs that aren't there and look ridiculous. It's kind of a moot point though because:the arrangement is described as allowing “collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,” rather than directly to company servers.
That implies that it is in fact possible to withdraw from the program.Government officials and the document itself made clear that the NSA regarded the identities of its private partners as PRISM’s most sensitive secret, fearing that the companies would withdraw from the program if exposed.
This flatly contradicts the Microsoft statement, below:“98 percent of PRISM production is based on Yahoo, Google and Microsoft; we need to make sure we don’t harm these sources,”
"[W]e only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it.”
So are they just lying? If so, they're headed straight for an ugly court fight with civil rights advocates and putting the NSA right in the middle. Unwise, to say the least.
Anyway, the real question is whether or not this database is used to used as a blackmail tool, or in connection with crimes not specifically related to foreign spying or acts of terrorism. This is not exactly reassuring:
Interesting how when you have secrets, you shouldn't have them unless you're hiding something, but when the government keeps secrets, you shouldn't know them because it might reveal others' secrets, which they shouldn't have anyway if they're not hiding anything but LA LA LA LA LALAAAAA! Hurray for circular logic.Wyden repeatedly asked the NSA to estimate the number of Americans whose communications had been incidentally collected, and the agency’s director, Lt. Gen. Keith B. Alexander, insisted there was no way to find out. Eventually Inspector General I. Charles McCullough III wrote Wyden a letter stating that it would violate the privacy of Americans in NSA data banks to try to estimate their number.
Call me paranoid, but I interpret that to mean, "Be sure to give us your quarterly reports on any time you 'accidentally' dob an American into the database. That way we can review it , determine there was no malicious intent for the courts, then file it to dev/nul because we are INCAPABLE of retaining that information, remember?" In other words, it trivializes the sweeping in of American contacts as long as it's reported, in order to encourage doing it in a deliberate, targetted way without telling anyone. Because if you don't do it at all, *that* would be strange and suspicious and have you filed your TPS report on time?Analysts who use the system from a Web portal at Fort Meade, Md., key in “selectors,” or search terms, that are designed to produce at least 51 percent confidence in a target’s “foreignness.” That is not a very stringent test. Training materials obtained by The Post instruct new analysts to make quarterly reports of any accidental collection of U.S. content, but add that “it’s nothing to worry about.”