NSA, FBI mining data directly from 9 tech giants
This is far more serious than the NSA phone records flap and as a political matter, Capitol Hill is going to explode this morning in outrage.
A program that taps directly into the servers of 9 of the largetst tech companies in order to retrieve data like emails, phone calls, chats, browsing history, pictures, audio - anything you might use the internet for - has been revealed by the Washington Post this morning.
The extent of the intrusion is incredible. For a technical rundown on what the NSA and FBI were up to, this Wired blog post explains it pretty clearly.
The National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track foreign targets, according to a top-secret document obtained by The Washington Post.
The program, code-named PRISM, has not been made public until now. It may be the first of its kind. The NSA prides itself on stealing secrets and breaking codes, and it is accustomed to corporate partnerships that help it divert data traffic or sidestep barriers. But there has never been a Google or Facebook before, and it is unlikely that there are richer troves of valuable intelligence than the ones in Silicon Valley.
Equally unusual is the way the NSA extracts what it wants, according to the document: "Collection directly from the servers of these U.S. Service Providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple."
All the companies deny they gave the government permission to access their servers directly. But it would hardly have mattered because of some creative legal shenanigans pulled by the government:
The court-approved program is focused on foreign communications traffic, which often flows through U.S. servers even when sent from one overseas location to another. Between 2004 and 2007, Bush administration lawyers persuaded federal FISA judges to issue surveillance orders in a fundamentally new form. Until then the government had to show probable cause that a particular "target" and "facility" were both connected to terrorism or espionage.
In four new orders, which remain classified, the court defined massive data sets as "facilities" and agreed to certify periodically that the government had reasonable procedures in place to minimize collection of "U.S. persons" data without a warrant.
I guess this is how things are made legal in the Surveillance State. And no, they don't have "reasonable procedures" to avoid collecting data from Americans.
Analysts who use the system from a Web portal at Fort Meade, Md., key in "selectors," or search terms, that are designed to produce at least 51 percent confidence in a target's "foreignness." That is not a very stringent test. Training materials obtained by The Post instruct new analysts to make quarterly reports of any accidental collection of U.S. content, but add that "it's nothing to worry about."
Even when the system works just as advertised, with no American singled out for targeting, the NSA routinely collects a great deal of American content. That is described as "incidental," and it is inherent in contact chaining, one of the basic tools of the trade. To collect on a suspected spy or foreign terrorist means, at minimum, that everyone in the suspect's inbox or outbox is swept in. Intelligence analysts are typically taught to chain through contacts two "hops" out from their target, which increases "incidental collection" exponentially. The same math explains the aphorism, from the John Guare play, that no one is more than "six degrees of separation" from any other person.
Wow. Just wow.
Microsoft was the first tech company that the feds went after for PRISM, the codename of the program. Google and Yahoo weren't far behind. But the slides indicate that Apple just came on board recently after holding out for years. And the Post article points out that Twitter is not part of the program even though mining the data from that company would probably yield much useful intel. It appears then that there was some resistance from a few companies to playing ball with the feds, even though much useful intelligence was apparently mined.
And that's the bottom line; the reason for all this snooping is that it makes the job of the spooks that much easier:
An internal presentation of 41 briefing slides on PRISM, dated April 2013 and intended for senior analysts in the NSA's Signals Intelligence Directorate, described the new tool as the most prolific contributor to the President's Daily Brief, which cited PRISM data in 1,477 items last year. According to the slides and other supporting materials obtained by The Post, "NSA reporting increasingly relies on PRISM" as its leading source of raw material, accounting for nearly 1 in 7 intelligence reports.
That is a remarkable figure in an agency that measures annual intake in the trillions of communications. It is all the more striking because the NSA, whose lawful mission is foreign intelligence, is reaching deep inside the machinery of American companies that host hundreds of millions of American-held accounts on American soil.
I might point out that whoever leaked this slide presentation to the Post is probably going to jail for the rest of their life. So why did he do it?
Firsthand experience with these systems, and horror at their capabilities, is what drove a career intelligence officer to provide PowerPoint slides about PRISM and supporting materials to The Washington Post in order to expose what he believes to be a gross intrusion on privacy. "They quite literally can watch your ideas form as you type," the officer said.
Even though this program is "legal," I don't think anyone who voted for the Patriot Act, or any of its most enthusastic supporters, would countenance this kind of intrusive monitoring of innocent Americans. It is very much against the spirit of constitutional protections that form the bedrock of our liberty.
The NSA and FBI are carrying out this surveillance because they have the technical ability to do so. And that's a major problem; just because government can do something doesn't mean it has to. The law must be allowed to catch up to the explosion of technological capabilities so that our privacy and liberties are protected.
Kudos to the Washington Post for publishing this story. They are going to get in a lot of trouble with our intelligence community for doing so.