NSA has direct access to tech giants' systems for user data, secret files reveal

Discussion in 'privacy general' started by Dermot7, Jun 6, 2013.

  1. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    http://www.guardian.co.uk/world/2013/jun/06/us-tech-giants-nsa-data

    http://www.theverge.com/2013/6/6/44...-apple-google-facebook-microsoft-others-prism
    http://www.wired.com/threatlevel/2013/06/nsa-tapped-internet-servers/
     
    Last edited: Jun 6, 2013
  2. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Direct access? This has to be a nightmare.

    Oh. My. God.

    Right on the heels of yesterday's story. Greenwald's aiming for a Pulitzer. Bravo to him.

    I am shocked -- and I don't shock easily. We thought the outrage was bad yesterday. Like I said, shocked.
     
  3. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    From breaking news accounts.....

    According to The Washington Post, the program's slides were provided by a "career intelligence officer" that had "firsthand experience with these systems, and horror at their capabilities," and wished to expose the programs "gross intrusion on privacy."

    The program, codenamed PRISM, is considered highly classified and has never been made public before. The list of companies involved are the who's who of Silicon Valley: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple. Dropbox, though not yet an official part of the program, is said to be joining it soon. These companies have all willingly participated in the program, says the Post.​


    Yes, they are participating and stay silent or face "harsh penalties."
     
  4. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    Absolutely horrifying.
     
  5. MarcP

    MarcP Registered Member

    Joined:
    Jun 9, 2009
    Posts:
    708
    I just assumed this was always the case...
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    I have too :(
     
  7. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    According to WP article and also other sources, it's not so sure that web giants have granted automatic access to their servers.

    Several companies contacted by The Post said they had no knowledge of the program, did not allow direct government access to their servers and asserted that they responded only to targeted requests for information.
    “We do not provide any government organization with direct access to Facebook servers,” said Joe Sullivan, chief security officer for Facebook. “When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.”

    “We have never heard of PRISM,” said Steve Dowling, a spokesman for Apple. “We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.”

    It is possible that the conflict between the PRISM slides and the company spokesmen is the result of imprecision on the part of the NSA author. In another classified report obtained by The Post, the arrangement is described as allowing “collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,” rather than directly to company servers.


    http://www.washingtonpost.com/inves...0da8-cebf-11e2-8845-d970ccb04497_story_1.html

    Here some NSA's slides:
    http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/

    However you guys who live in the US should not be worried too much, this program targets non US citizens....:D :D

    Shortly after publication of the reports by the Guardian and the Washington Post, the U.S. Director of National Intelligence, James Clapper, released a statement confirming that for nearly 6 years the government of the United States had been using large internet services companies such as Google and Facebook to collect information on foreigners outside the U.S. as a defense against national security threats.[10] The statement read in part, "The Guardian and The Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. They contain numerous inaccuracies."[13] He went on to say, "Section 702 is a provision of FISA that is designed to facilitate the acquisition of foreign intelligence information concerning non-U.S. persons located outside the United States. It cannot be used to intentionally target any U.S. citizen, any other U.S. person, or anyone located within the United States."[13]
    Clapper concluded his statement by asserting, "The unauthorized disclosure of information about this important and entirely legal program is reprehensible and risks important protections for the security of Americans."[13]


    https://en.wikipedia.org/wiki/PRISM_(surveillance_program)
     
    Last edited: Jun 7, 2013
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    The "conflict" likely reflects penalties for confirming participation in PRISM ;)
     
  9. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Being a potential surveillance target makes me feel soooo good! :D
     
  10. new2security

    new2security Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    492
    A nightmare. But I'm not that surprised.
    SSL, "secure login sessions", certificates, encryption etc all these things seem not matter anymore. Privacy as we want to know it simply doesn't exist.

    Anyone notice how the majority of the tech giants state they have never given them direct access to their servers? It obviously means they gave them indirect access to their servers.
     
  11. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    Ok, but what does "indirect" mean?
    They give access upon a warrant or a court order to the whole server (then all data resident on that server can be exploited)?
    They give access upon warrant only for specific individual users (meaning that they hand over the data but without letting XYZ to access to their server)?
     
  12. new2security

    new2security Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    492
    I have no idea. It could mean something banal like accessing the servers via an API and that in turn could mean "indirect access", since the techie companies did not provide them with the API itself.
     
  13. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    LOVE Greenwald!

    I assume all companies are complicit and are lying. Move, or limit your use of their services, as much as you can.

    PD
     
  14. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    http://www.theverge.com/2013/6/7/4406760/palantir-denies-prism-software-related-to-surveillance
     
  15. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
  16. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,086
    That WP blurb:
    is interesting and seems consistent with some discussions pertaining to the cybersecurity system they want. Whereby, data of interest from companies of interest is funneled into (and for supposed cybersecurity purposes, through) effectively NSA controlled systems and the NSA can remotely command the later to perform the desired collection, analysis, blocking, etc. An architecture which would allow the NSA to go about its business without having its data manipulation activities ("content tasking instructions") open to observation by the companies that are feeding data to it.

    The Guardian article mentioned:
    and various people have pointed it out that all it would take is one person sharing encryption keys and then the company's data could be MITMd. I think this too fits with some descriptions of the cybersecurity system and how data will be passed to "a small group telecommunications providers and cyber security providers" that will house the equipment that the NSA sends tasking orders to.
     
  17. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    http://www.theverge.com/2013/6/7/44...sm-internet-surveillance-whats-the-difference
    https://secure.huffingtonpost.com/2...3405382.html?1370647485&utm_hp_ref=technology
    http://www.bbc.co.uk/news/uk-politics-22824379
    http://www.slate.com/blogs/future_t..._from_google_microsoft_skype_apple_yahoo.html
     
    Last edited: Jun 8, 2013
  18. Dogbiscuit

    Dogbiscuit Guest

    Tech Companies Concede to Surveillance Program
     
  19. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
  20. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,086
  21. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    http://www.bbc.co.uk/news/uk-22832263

    Law-abiding people needn't worry...how many times have we heard that 'reasoning' rolled out, by many, including certain Mr ES of Google...They're all on same side anyway, we know that.
    The point is Privacy, Privacy, Privacy....is it respected on an ongoing basis??
    http://www.theverge.com/2013/6/9/44...tion-happens-without-tech-companies-knowledge
     
    Last edited: Jun 9, 2013
  22. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
  23. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
  24. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    That is a perfect explanation.

    Big Internet (you know who they are) have been given immunity from any repercussions as long as they deny, deny deny. They are perfectly capable of saying "nobody has direct access" but knowing that semantics is slippery - and government protection is there.
     
  25. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    Last edited: Jun 9, 2013
Loading...