Through the Prism

Surveillance: America's PastimeThe US government has being spying on our online activities. That comes as no surprise, we’ve all seen the Patriot Act and the Foreign Intelligence Surveillance Act Amendments Act (FISA), but what is surprising is that it now appears some companies including Facebook and Google have been allowing the National Security Authority (NSA) of the US government direct access to their data via something called Prism.

Facebook, Google, and now Yahoo have issued public statements stating that they are not working with NSA, but complying with legal requests. In an Orwellian twist the FISA prevents any discussion of any requests made under the act, including whether such requests exist.

Facebook and Google both use the phrase “no direct access to our servers”, which is not the same as “NSA doesn’t get our data”, which they can’t say because (a) they can’t discuss anything around an FISA request and (b) they are obliged to pass on data within legal constraints.

The New York Times article talks about some of the technical changes that have been discussed;

one of the plans discussed was to build separate, secure portals, like a digital version of the secure physical rooms that have long existed for classified information, in some instances on company servers. Through these online rooms, the government would request data, companies would deposit it and the government would retrieve it, people briefed on the discussions said.

Which makes it sound like a technical solution developed to comply with a legal requirement, and certainly far less scary than the “direct access to servers” statement that raised concerns.

Mashable takes a similar view, calling Prism a “data integration API” which the NSA would need to analyse and use the data released. Mashable also suggests that the term “direct access” is used incorrectly in the original slide deck, for the simple reason that it’s difficult – which means expensive – to do.

In many articles these technical solutions, and the fact that the servers to host them belong to the companies are cited as evidence that the companies are somehow collaborating with the NSA making it easy for them to get the data. I suspect it’s the other way around; The companies are building these solutions to make it easy for themselves to comply with the law.

So possibly, probably Facebook et al have been acting legally; but perhaps that’s the scary part.

Robin Gross via twitter; the scandal is that what the govt is doing doesn't violate the law

The underlying laws, the Patriot Act and the FISA, raised concerns when they were passed, with cities opting out of the Patriot act, but now that the connection, and the scale of data requested/shared the concern level has gone up a notch. With commentators raising real concerns about the collection, use and safeguarding of personal data in an increasingly monitored nation. As the Guardian revealed the source of the leaked information as Edward Snowdon yesterday they also published his motives; safeguarding internet freedom.

Cyber security is a real issue, and it needs addressing. The global nature of the internet, and the huge potential unleashed by analysis of big data, make the online world a source of genuine crime-stopping information. But the right to privacy is upheld in the laws and constitutions of many countries and it is being eroded.

It would be easy to dismiss that as an “American problem” but it specifically targets foreigners, and our own governments show worrying tendencies to trample over privacy rights online including the Dutch proposal to give police the right to hack as a cybercrime prevention measure. Despite playing up their “Digital Agenda” in recent months the EU has been strangely silent.

.
Image;
Surveillance: America’s Pastime /Jared Rodriguez / t r u t h o u t/ CC BY-NC-SA 2.0

Advertisements

2 thoughts on “Through the Prism

  1. Keep going. This is Hope & Change. This is the most “open and transparent” administration ever. This is Obama in action. This is the IRS harassing Obama’s political opponents; this is the IRS demanding 60 million health care records without authorisation; this is the AP phone records; this is unprecedented use of drone strikes; this is gun-running to Mexican drug cartels; etc. etc. etc.

    What has made Prism more dangerous is the application of techniques developed by the likes of Google for processing data on that scale. The techniques are constantly being refined for commercial use, and the NSA can pick them up as open source. I wonder if they retain the copyright information?

  2. Hi Peter – there’s much MUCH more to come on PRISM etc. It’s a fascinating mashup of technical and legal issues. Oh and for fun there are all the extraterritoriality implications.

What do you think?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s