Monday, July 22, 2013

Everything you need to know about PRISM



Everything you need to know about PRISM



A cheat sheet for the NSA's unprecedented surveillance programs


By Verge Staff on July 17, 2013 01:36 pm

By T.C. Sottek and Josh Kopstein


Since September 11th, 2001, the United States government has dramatically

increased the ability of its intelligence agencies to collect and

investigate information on both foreign subjects and US citizens. Some of

these surveillance programs, including a secret program called PRISM,

capture the private data of citizens who are not suspected of any connection

to terrorism or any wrongdoing.


In June, a private contractor working for Booz Allen Hamilton leaked

classified presentation slides that detailed the existence and the

operations of PRISM: a mechanism that allows the government to collect user

data from companies like Microsoft, Google, Apple, Yahoo, and others. While

much of the program - and the rest of the NSA's surveillance efforts - are

still shrouded in secrecy, more details are coming to light as the public,

as well as its advocates and representatives, pressure the government to

come clean about domestic spying.

June 6th, 2013


PRISM is revealed in leaked slides: The Washington Post and The Guardian

obtain a leaked 41-slide security presentation. Both publications say that

according to the slides, PRISM is considered a highly classified program

that allows the National Security Agency and Federal Bureau of Investigation

to retrieve data directly from Microsoft, Yahoo, Google, Facebook, PalTalk,

AOL, Skype, YouTube, and Apple.


Companies deny knowledge and participation in PRISM: While the Post and the

Guardian allege based on the leak that the NSA had direct access to the

servers of Microsoft, Google, Apple, and others, spokespeople representing

the companies deny involvement in the program, let alone knowledge of it.


US national intelligence director responds: Following the outbreak of the

PRISM story, the US national intelligence director, James Clapper, release

multiple statements regarding the leak. Clapper downplays the scandal,

asking the public to simply trust that the agency respects civil liberties.

June 7th, 2013


UK Government allegedly involved in PRISM: The Guardian reports that the UK

government is also involved in the PRISM program, and that the UK's

Government Communications Headquarters (GCHQ) has been able to view private

internet user-data since 2010 under the NSA's program.


President Obama responds: The president attempts to deflect outrage about

the PRISM program, claiming that Congress has known about it and approve it

for years, but says he welcomes debate.

June 9th, 2013


Whistleblower reveals himself: The man responsible for the leak, 29-year-old

Booz Allen Hamilton contractor Edward Snowden, reveals himself. He describes

himself as a whistleblower, and in refuge in Hong Kong, says he does not

expect to see home again.

June 11th, 2013


Public pressure results in action from Congress: Amid mounting public

concern, widespread media reports, and interest from lawmakers in the leak,

a bipartisan group of eight US senators announce a bill to declassify the

court opinions that allow the NSA to conduct PRISM surveillance, as well as

the phone records program that leaked days before PRISM went public.

June 18th, 2013


Government defends surveillance programs: NSA director, General Keith

Alexander, tells Congress that "over 50" terrorist plots were stopped by

surveillance efforts since 9/11. Meanwhile, President Obama defends the

NSA's program in an interview on the Charlie Rose program, but offers no new

information about PRISM.

The what


What the hell is PRISM? PRISM is a tool used by the US National Security

Agency (NSA) to collect private electronic data belonging to users of major

internet services like Gmail, Facebook, Outlook, and others. It's the latest

evolution of the US government's post-9/11 electronic surveillance efforts,

which began under President Bush with the Patriot Act, and expanded to

include the Foreign Intelligence Surveillance Act (FISA) enacted in 2006 and



There's a lot we still don't know about how PRISM works, but the basic idea

is that it allows the NSA to request data on specific people from major

technology companies like Google, Yahoo, Facebook, Microsoft, Apple, and

others. The US government insists that it is only allowed to collect data

when given permission by the secretive Foreign Intelligence Surveillance


Why is PRISM a big deal?


Classified presentation slides detailing aspects of PRISM were leaked by a

former NSA contractor. On June 6th, The Guardian and The Washington Post

published reports based on the leaked slides, which state that the NSA has

"direct access" to the servers of Google, Facebook, and others. In the days

since the leak, the implicated companies have vehemently denied knowledge of

and participation in PRISM, and have rejected allegations that the US

government is able to directly tap into their users' data.


Both the companies and the government insist that data is only collected

with court approval and for specific targets. As The Washington Post

reported, PRISM is said to merely be a streamlined system - varying between

companies - that allows them to expedite court-approved data collection

requests. Because there are few technical details about how PRISM operates,

and because of the fact that the FISA court operates in secret, critics are

concerned about the extent of the program and whether it violates the

constitutional rights of US citizens.


"Critics have questioned the constitutional validity of PRISM "


How was PRISM created?


As The Washington Post reported, The Protect America Act of 2007 led to the

creation of a secret NSA program called US-984XN - also known as PRISM. The

program is said to be a streamlined version of the same surveillance

practices that the US was conducting in the years following 9/11, under

President George W. Bush's "Terrorist Surveillance Program."


The Protect America Act allows the attorney general and the director of

national intelligence to explain in a classified document how the US will

collect intelligence on foreigners overseas each year, but does not require

specific targets or places to be named. As the Post reports, once the plan

is approved by a federal judge in a secret order, the NSA can require

companies like Google and Facebook to send data to the government, as long

as the requests meet the classified plan's criteria.


NSA's targeting and "minimization" procedures leaked The NSA's long

sought-after guidelines for targeted surveillance seem to refute Obama's

claims that PRISM "does not apply" to Americans. The documents show how the

agency tries to avoid US citizens, but reveal a broad set of circumstances

where Americans' communications can be retained.

June 23rd, 2013


Edward Snowden flees Hong Kong seeking asylum: After the US filed charges

against him and stepped up efforts to pressure Hong Kong to extradite him,

whistleblower Edward Snowden flees Hong Kong. With the help of WikiLeaks,

Snowden flew to a Moscow airport where he continues to live awaiting asylum.

June 29th, 2013


New PRISM slides revealed: New PRISM slides revealed by The Washington Post

suggest that PRISM has over 100,000 records, and the Post says these refer

to "active surveillance targets." The new slides also directly refer to

real-time monitoring of email, text, or voice chats.

July 4th, 2013


Nationwide protests in the United States: "Restore the Fourth" rallies take

place across the US on the 4th of July, protesting NSA spying.

Who is responsible for leaking PRISM?


Edward Snowden


Edward Snowden, a 29-year-old intelligence contractor formerly employed by

the NSA, CIA, and Booz Allen Hamilton, confessed responsibility for leaking

the PRISM documents. He revealed himself on June 9th, three days after

reports on PRISM were published; in an interview with The Guardian, Snowden

said, "I don't want to live in a society that does these sort of things,"

and claimed he was motivated by civic duty to leak classified information.


Snowden left the United States prior to leaking the documents in order to

avoid capture, taking refuge in Hong Kong - where he stayed until June 23rd.

With the assistance of WikiLeaks, Snowden fled Hong Kong for Moscow, and has

requested asylum in Ecuador, Russia, and other countries. He is still

residing in a Moscow airport, waiting to be granted asylum.

" "

What does the NSA collect?


While PRISM has been the most talked-about story to come out of Snowden's

leaks, the disclosures have shed light on a vast array of NSA surveillance

programs. Broadly speaking, these can be split into two categories:

"upstream" wiretaps, which pull data directly from undersea

telecommunications cables, and efforts like PRISM, which acquire

communications from US service providers. One of the slides in the leaked

PRISM presentation instructs that analysts "should use both" of these



NSA programs collect two kinds of data: metadata and content. Metadata is

the sensitive byproduct of communications, such as phone records that reveal

the participants, times, and durations of calls; the communications

collected by PRISM include the contents of emails, chats, VoIP calls,

cloud-stored files, and more. US officials have tried to allay fears about

the NSA's indiscriminate metadata collection by pointing out that it doesn't

reveal the contents of conversations. But metadata can be just as revealing

as content - internet metadata includes information such as email logs,

geolocation data (IP addresses), and web search histories. Because of a

decades-old law, metadata is also far less well-protected than content in

the US.

"NSA programs collect two kinds of data: metadata and content"


A leaked court order provided by Snowden showed that Verizon is handing over

the calling records and telephony metadata of all its customers to the NSA

on an "ongoing, daily basis." Mass collection of internet metadata began

under a Bush-era program called "Stellarwind," which was first revealed by

NSA whistleblower William Binney. The program was continued for two years

under the Obama administration, but has since been discontinued and replaced

with a host of similar programs with names like "EvilOlive" and




How does the NSA collect data?


Many crucial details on how and under what circumstances the NSA collects

data are still missing. Legally speaking, surveillance programs rely on two

key statutes, Section 702 of the FISA Amendments Act (FAA) and Section 215

of the Patriot Act. The former authorizes the collection of communications

content under PRISM and other programs, while the latter authorizes the

collection of metadata from phone companies such as Verizon and AT&T.

However, multiple reports and leaked documents indicate the statutes have

been interpreted in secret by the FISA intelligence courts to grant much

broader authority than they were originally written to allow. They also

indicate that the FISA courts only approve the NSA's collection procedures,

and individual warrants for specific targets are not required.

""Inadvertently acquired" communications can still be retained and analyzed

for up to five years"


An analyst starts by inputting "selectors" (search terms) into a system like

PRISM, which then "tasks" information from other collection sites, known as

SIGADs (Signals Intelligence Activity Designators). SIGADs have both

classified and unclassified code names, and are tasked for different types

of data - one called NUCLEON gathers the contents of phone conversations,

while others like MARINA store internet metadata.


Leaked documents show that under the agency's targeting and "minimization"

rules, NSA analysts can not specifically target someone "reasonably

believed" to be a US person communicating on US soil. According to The

Washington Post, an analyst must have at least "51 percent" certainty their

target is foreign. But even then, the NSA's "contact chaining" practices -

whereby an analyst collects records on a target's contacts, and their

contacts' contacts - can easily cause innocent parties to be caught up in

the process.


The rules state the analyst must take steps to remove data that is

determined to be from "US persons," but even if they are not relevant to

terrorism or national security, these "inadvertently acquired"

communications can still be retained and analyzed for up to five years - and

even given to the FBI or CIA - under a broad set of circumstances. Those

include communications that are "reasonably believed to contain evidence of

a crime that has been, is being, or is about to be committed," or that

contain information relevant to arms proliferation or cybersecurity. If

communications are encrypted, they can be kept indefinitely.



So, what now?


In the weeks since the PRISM documents leaked, a widespread international

public debate about the United States government's surveillance and spying

programs has engulfed the NSA, Congress, and the Obama administration in

controversy. While outspoken supporters of NSA surveillance in Congress and

the White House -including President Obama - have defended the legality and

necessity of the programs, some US lawmakers are pushing back. In June, a

bipartisan group of senators unveiled a bill that aims to rein in the

problematic legal provisions that give US intelligence agencies nearly

unfettered authority to conduct warrantless surveillance on domestic and

foreign communications. Several other lawmakers have introduced their own

measures, but legislative reform is still in early stages.

""An illegal and unconstitutional program of dragnet electronic



Meanwhile, a diverse coalition of interest groups and private organizations

are directly challenging some of the NSA's surveillance programs in court.

On July 16th, a broad coalition of plaintiffs sued the US government for "an

illegal and unconstitutional program of dragnet electronic surveillance," in

which the NSA scoops up all telephone records handled by Verizon, AT&T, and

Sprint in the US. Separate suits brought by the Electronic Privacy

Information Center and the American Civil Liberties Union are also in the

works, but the government hasn't responded to the allegations in court yet.


The companies at the heart of PRISM's controversy are also acting out, but

the specific details regarding their involvement in government surveillance

on US citizens is still unclear. Microsoft, Google, Yahoo, and others have

stepped up pressure on the government in the past month to declassify the

process which compels them to hand over user data to the government. In an

impassioned plea made by Microsoft on July 16th, the company's general

counsel Brad Smith said: "We believe the US constitution guarantees our

freedom to share more information with the public, yet the government is

stopping us."


Finally, there's the group of people most affected by PRISM and its sibling

programs: the American public. On July 4th, "Restore the Fourth" rallies in

more than 100 US cities protested the government's surveillance programs,

focusing on electronic privacy. It's not clear if public outrage will result

in reform, but thanks to the dramatic actions of a young intelligence

contractor, we now at least have the opportunity to discuss what the US

government has been hiding from the public in the name of national security.



(F)AIR USE NOTICE: All original content and/or articles and graphics in this

message are copyrighted, unless specifically noted otherwise. All rights to

these copyrighted items are reserved. Articles and graphics have been placed

within for educational and discussion purposes only, in compliance with

"Fair Use" criteria established in Section 107 of the Copyright Act of 1976.

The principle of "Fair Use" was established as law by Section 107 of The

Copyright Act of 1976. "Fair Use" legally eliminates the need to obtain

permission or pay royalties for the use of previously copyrighted materials

if the purposes of display include "criticism, comment, news reporting,

teaching, scholarship, and research." Section 107 establishes four criteria

for determining whether the use of a work in any particular case qualifies

as a "fair use". A work used does not necessarily have to satisfy all four

criteria to qualify as an instance of "fair use". Rather, "fair use" is

determined by the overall extent to which the cited work does or does not

substantially satisfy the criteria in their totality. If you wish to use

copyrighted material for purposes of your own that go beyond 'fair use,' you

must obtain permission from the copyright owner. For more information go to:











No comments:

Post a Comment