NSA has direct access to tech giants' systems for user data, secret files reveal

http://www.guardian.co.uk/world/2013/jun/06/us-tech-giants-nsa-data

http://www.theverge.com/2013/6/6/44...-apple-google-facebook-microsoft-others-prism
http://www.wired.com/threatlevel/2013/06/nsa-tapped-internet-servers/

 

Direct access? This has to be a nightmare.

Oh. My. God.

Right on the heels of yesterday's story. Greenwald's aiming for a Pulitzer. Bravo to him.

I am shocked -- and I don't shock easily. We thought the outrage was bad yesterday. Like I said, shocked.

 

From breaking news accounts.....

According to The Washington Post, the program's slides were provided by a "career intelligence officer" that had "firsthand experience with these systems, and horror at their capabilities," and wished to expose the programs "gross intrusion on privacy."

The program, codenamed PRISM, is considered highly classified and has never been made public before. The list of companies involved are the who's who of Silicon Valley: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple. Dropbox, though not yet an official part of the program, is said to be joining it soon. These companies have all willingly participated in the program, says the Post.​

Yes, they are participating and stay silent or face "harsh penalties."

 

Absolutely horrifying.

 

I just assumed this was always the case...

 

I have too

 

According to WP article and also other sources, it's not so sure that web giants have granted automatic access to their servers.

Several companies contacted by The Post said they had no knowledge of the program, did not allow direct government access to their servers and asserted that they responded only to targeted requests for information.
“We do not provide any government organization with direct access to Facebook servers,” said Joe Sullivan, chief security officer for Facebook. “When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.”

“We have never heard of PRISM,” said Steve Dowling, a spokesman for Apple. “We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.”

It is possible that the conflict between the PRISM slides and the company spokesmen is the result of imprecision on the part of the NSA author. In another classified report obtained by The Post, the arrangement is described as allowing “collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,” rather than directly to company servers.

http://www.washingtonpost.com/inves...0da8-cebf-11e2-8845-d970ccb04497_story_1.html

Here some NSA's slides:
http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/

However you guys who live in the US should not be worried too much, this program targets non US citizens....

Shortly after publication of the reports by the Guardian and the Washington Post, the U.S. Director of National Intelligence, James Clapper, released a statement confirming that for nearly 6 years the government of the United States had been using large internet services companies such as Google and Facebook to collect information on foreigners outside the U.S. as a defense against national security threats.[10] The statement read in part, "The Guardian and The Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. They contain numerous inaccuracies."[13] He went on to say, "Section 702 is a provision of FISA that is designed to facilitate the acquisition of foreign intelligence information concerning non-U.S. persons located outside the United States. It cannot be used to intentionally target any U.S. citizen, any other U.S. person, or anyone located within the United States."[13]
Clapper concluded his statement by asserting, "The unauthorized disclosure of information about this important and entirely legal program is reprehensible and risks important protections for the security of Americans."[13]

https://en.wikipedia.org/wiki/PRISM_(surveillance_program)

 

The "conflict" likely reflects penalties for confirming participation in PRISM

 

Being a potential surveillance target makes me feel soooo good!

 

A nightmare. But I'm not that surprised.
SSL, "secure login sessions", certificates, encryption etc all these things seem not matter anymore. Privacy as we want to know it simply doesn't exist.

Anyone notice how the majority of the tech giants state they have never given them direct access to their servers? It obviously means they gave them indirect access to their servers.

 

Ok, but what does "indirect" mean?
They give access upon a warrant or a court order to the whole server (then all data resident on that server can be exploited)?
They give access upon warrant only for specific individual users (meaning that they hand over the data but without letting XYZ to access to their server)?

 

I have no idea. It could mean something banal like accessing the servers via an API and that in turn could mean "indirect access", since the techie companies did not provide them with the API itself.

 

LOVE Greenwald!

I assume all companies are complicit and are lying. Move, or limit your use of their services, as much as you can.

PD

 

http://www.theverge.com/2013/6/7/4406760/palantir-denies-prism-software-related-to-surveillance

 

http://money.cnn.com/2013/06/07/technology/security/nsa-data-prism/index.html

 

That WP blurb:

is interesting and seems consistent with some discussions pertaining to the cybersecurity system they want. Whereby, data of interest from companies of interest is funneled into (and for supposed cybersecurity purposes, through) effectively NSA controlled systems and the NSA can remotely command the later to perform the desired collection, analysis, blocking, etc. An architecture which would allow the NSA to go about its business without having its data manipulation activities ("content tasking instructions") open to observation by the companies that are feeding data to it.

The Guardian article mentioned:

and various people have pointed it out that all it would take is one person sharing encryption keys and then the company's data could be MITMd. I think this too fits with some descriptions of the cybersecurity system and how data will be passed to "a small group telecommunications providers and cyber security providers" that will house the equipment that the NSA sends tasking orders to.

 

http://www.theverge.com/2013/6/7/44...sm-internet-surveillance-whats-the-difference

https://secure.huffingtonpost.com/2...3405382.html?1370647485&utm_hp_ref=technology

http://www.bbc.co.uk/news/uk-politics-22824379

http://www.slate.com/blogs/future_t..._from_google_microsoft_skype_apple_yahoo.html

 

Tech Companies Concede to Surveillance Program

 

http://www.guardian.co.uk/world/2013/jun/08/nsa-boundless-informant-global-datamining#

 

A should read, particularly page 2:
http://www.washingtonpost.com/world...3bb234-d07d-11e2-9f1a-1a7cdee20287_story.html

 

http://www.bbc.co.uk/news/uk-22832263

Law-abiding people needn't worry...how many times have we heard that 'reasoning' rolled out, by many, including certain Mr ES of Google...They're all on same side anyway, we know that.
The point is Privacy, Privacy, Privacy....is it respected on an ongoing basis??

http://www.theverge.com/2013/6/9/44...tion-happens-without-tech-companies-knowledge

 

Analysis: Few options for companies to defy U.S. intelligence demands:

http://www.reuters.com/article/2013/06/08/us-usa-surveillance-legal-analysis-idUSBRE9570EL20130608

 

What 'direct access' means.

-- Tom

 

That is a perfect explanation.

Big Internet (you know who they are) have been given immunity from any repercussions as long as they deny, deny deny. They are perfectly capable of saying "nobody has direct access" but knowing that semantics is slippery - and government protection is there.

 

http://www.bbc.co.uk/news/world-us-canada-22836378

http://www.guardian.co.uk/world/2013/jun/09/nsa-secret-surveillance-lawmakers-live