Prism: how it spies on YOU when YOU are online
Posted: Mon Dec 09, 2013 12:51 pmPRISM is a covert collaboration between the NSA - FBI - and nearly every tech company you rely on daily. PRISM has allowed many governments worldwide unprecedented access to your personal information for at least the last six years.
PRISM is a secret government program:
As much as PRISM might sound like a comic book antagonist of S.H.I.E.L.D., it's the codename for a very real US government program. According to leaked documents, it went into effect in 2007, and has only gained momentum since. Its stated purpose is to monitor potentially valuable foreign communications that might pass through US servers, but it appears that in practice its scope was far greater.
PRISM information accounts for nearly 1 in 7 intelligence reports. That's staggering and it gives the NSA unprecedented access to the servers of major tech companies.
Microsoft. Yahoo. Google. Facebook. PalTalk. AOL. Skype. YouTube. Apple. If you've interacted with any of those companies in the last six years, that information is vulnerable under PRISM.
The initial reports suggested that the process works as follows: The companies mentioned above (and who knows how many others) receive a directive from the attorney general and the director of national intelligence. They hand over access to their servers—and the tremendous wealth of data and communiques that passes through them every day—to the FBI’s Data Intercept Technology Unit, which in turn relays it to the NSA.
Much has been made over the phrase "direct access;" most of the implicated tech companies vehemently deny providing it, and the government denies asking for it. The New York Times, though, reports that while access may not technically be "direct," the secure portals companies like Google and Facebook were going to build for the NSA amounted to as much. Moreover, a PRISM slide show released clearly states that "direct access" is a part of the program.
However you want to parse it, there seems to be very little doubt that all of this is happening, and to an unfathomable degree - so that the agency can spy on unwitting US citizens and anyone in any other country in the world who connects directly with any of those aforementioned companies.
There are, as you might expect, filters in place to help handle the fire hose of data that comes through daily, the trillions of bits and bytes that make up our online identities and lives. Something to ensure that only the bad guys are being tracked and not honest, everyday citizens. Actually, there's one filter, and it's ridiculous: an NSA analyst has to have "51 percent" confidence that a subject is "foreign." After that, it's carte blanche.
What's most troubling about PRISM isn't that it collects data. It's the type of data it collects including:
Audio and video chats, photographs, e-mails, documents, and connection logs… [Skype] can be monitored for audio when one end of the call is a conventional telephone, and for any combination of “audio, video, chat, and file transfers” when Skype users connect by computer alone. Google’s offerings include Gmail, voice and video chat, Google Drive files, photo libraries, and live surveillance of search terms.
Did you get all that? Similar depth of access applies to Facebook, Microsoft, and the rest. Just to be clear: this covers practically anything you've ever done online, up to and including Google searches as you type them.
PRISM apparently allows full access not just to the fact that an email or chat was sent, but also the contents of those emails and chats. According to the Washington Post's source, they can "literally watch you as you type." They could be doing it right now and have the full (but contested) cooperation of tech giants.
PRISM's first corporate partner was Microsoft, which signed on back in 2007. Other companies slowly joined, with Apple being the most recent enlistee. Twitter, it seems, has not complied as yet, but uncertain if it is secure.
But why would all of these companies agree to this? Mostly because they have no choice. Failure to hand over server data leaves them subject to a government lawsuit, which can be expensive and incredibly harmful in less quantifiable ways. Besides, they receive compensation for their services; they're not doing this out of charity. There is incentive to play ball.
What's most horrifying about PRISM might be that there's nothing technically illegal about it. The government has had this authority for years, and there's no sign that it's going to be revoked any time soon.
A little bit of history might be helpful for context. Back in 2007, mounting public pressure forced the Bush administration to abandon the warrantless surveillance program it had initiated in 2001. Well, abandon might be too strong a word. What the administration actually did was to find it a new home.
The Protect America Act of 2007 made it possible for targets to be electronically surveilled without a warrant if they were "reasonably believed" to be foreign. That's where that 51% comes in. It was followed by the 2008 FISA Amendments Act, which immunized companies from legal harm for handing information over to the government. And that's the one-two punch that gives PRISM full legal standing.
All of which is to say that PRISM is an awful violation of rights, but it's one that's not going to disappear any time soon. The government, including President Obama, is so far completely unapologetic. And why wouldn't they be? It's easy enough to follow the letter of the law when you're the one writing it.
PRISM is a secret government program:
As much as PRISM might sound like a comic book antagonist of S.H.I.E.L.D., it's the codename for a very real US government program. According to leaked documents, it went into effect in 2007, and has only gained momentum since. Its stated purpose is to monitor potentially valuable foreign communications that might pass through US servers, but it appears that in practice its scope was far greater.
PRISM information accounts for nearly 1 in 7 intelligence reports. That's staggering and it gives the NSA unprecedented access to the servers of major tech companies.
Microsoft. Yahoo. Google. Facebook. PalTalk. AOL. Skype. YouTube. Apple. If you've interacted with any of those companies in the last six years, that information is vulnerable under PRISM.
The initial reports suggested that the process works as follows: The companies mentioned above (and who knows how many others) receive a directive from the attorney general and the director of national intelligence. They hand over access to their servers—and the tremendous wealth of data and communiques that passes through them every day—to the FBI’s Data Intercept Technology Unit, which in turn relays it to the NSA.
Much has been made over the phrase "direct access;" most of the implicated tech companies vehemently deny providing it, and the government denies asking for it. The New York Times, though, reports that while access may not technically be "direct," the secure portals companies like Google and Facebook were going to build for the NSA amounted to as much. Moreover, a PRISM slide show released clearly states that "direct access" is a part of the program.
However you want to parse it, there seems to be very little doubt that all of this is happening, and to an unfathomable degree - so that the agency can spy on unwitting US citizens and anyone in any other country in the world who connects directly with any of those aforementioned companies.
There are, as you might expect, filters in place to help handle the fire hose of data that comes through daily, the trillions of bits and bytes that make up our online identities and lives. Something to ensure that only the bad guys are being tracked and not honest, everyday citizens. Actually, there's one filter, and it's ridiculous: an NSA analyst has to have "51 percent" confidence that a subject is "foreign." After that, it's carte blanche.
What's most troubling about PRISM isn't that it collects data. It's the type of data it collects including:
Audio and video chats, photographs, e-mails, documents, and connection logs… [Skype] can be monitored for audio when one end of the call is a conventional telephone, and for any combination of “audio, video, chat, and file transfers” when Skype users connect by computer alone. Google’s offerings include Gmail, voice and video chat, Google Drive files, photo libraries, and live surveillance of search terms.
Did you get all that? Similar depth of access applies to Facebook, Microsoft, and the rest. Just to be clear: this covers practically anything you've ever done online, up to and including Google searches as you type them.
PRISM apparently allows full access not just to the fact that an email or chat was sent, but also the contents of those emails and chats. According to the Washington Post's source, they can "literally watch you as you type." They could be doing it right now and have the full (but contested) cooperation of tech giants.
PRISM's first corporate partner was Microsoft, which signed on back in 2007. Other companies slowly joined, with Apple being the most recent enlistee. Twitter, it seems, has not complied as yet, but uncertain if it is secure.
But why would all of these companies agree to this? Mostly because they have no choice. Failure to hand over server data leaves them subject to a government lawsuit, which can be expensive and incredibly harmful in less quantifiable ways. Besides, they receive compensation for their services; they're not doing this out of charity. There is incentive to play ball.
What's most horrifying about PRISM might be that there's nothing technically illegal about it. The government has had this authority for years, and there's no sign that it's going to be revoked any time soon.
A little bit of history might be helpful for context. Back in 2007, mounting public pressure forced the Bush administration to abandon the warrantless surveillance program it had initiated in 2001. Well, abandon might be too strong a word. What the administration actually did was to find it a new home.
The Protect America Act of 2007 made it possible for targets to be electronically surveilled without a warrant if they were "reasonably believed" to be foreign. That's where that 51% comes in. It was followed by the 2008 FISA Amendments Act, which immunized companies from legal harm for handing information over to the government. And that's the one-two punch that gives PRISM full legal standing.
All of which is to say that PRISM is an awful violation of rights, but it's one that's not going to disappear any time soon. The government, including President Obama, is so far completely unapologetic. And why wouldn't they be? It's easy enough to follow the letter of the law when you're the one writing it.