DecryptedTech

Wednesday07 December 2022

PRISM and NSA Phone Surveillance Called A Minor Encroachment on Privacy


Reading time is around minutes.
animal farm-pigs

After the public release of the NSA’s PRISM program we are hearing that they have an open account with at least one cell service provider. The provider that we know about so far is Verizon and the NSA has quite the hold on them. It seems that Verizon must hand over the metadata for all calls made inside the US as well as calls that are to destinations outside the US. This type of wholesale spying is being granted under section 215 of the Patriot Act. These requests have to be processed by the Foreign Intelligence Surveillance Court with DoJ oversight to prevent abuse. At least that is how the system is supposed to work.

Unfortunately it turns out that the requests sent in under section 215 are more vague than an Apple patent. The one in particular that was sent to Verizon’s Business division includes a massive amount of data and encompasses every customer that Verizon Business has in the US. Sadly the NSA and the FBI would report this as only a single request which does not serve to highlight the massive abuse that is going on daily and being approved by the FISC. This is on top of the information we now know about PRISM and how the NSA and other agencies collect information from large internet companies like Facebook, Microsoft, Yahoo, Apple, etc. Sadly these are just the programs that we know about, considering there were approximately 200 section 215 requests it is likely there are many other cases like PRISM and Verizon that have not hit the public yet.

The news of this latest attack on our privacy comes amid other scandals including IRS targeting of “Tea Party” groups, the DoJ seizure of phone records of the Associated Press. All of these push some of our basic laws to the limits and beyond as well as highlighting a serious flaw in the way that companies treat our personal information (and protect it from outside attack). It shows that anything you put in the cloud is not yours and can be accessed by the company that is supposed to protect it. If a company is able to give the NSA, DoJ, FBI or other access to your data it means that they and their employees also have access. One of the reasons that a company like Microsoft can hand over your data is that they have the keys to the encryption used, which means they can decrypt any of the files stored on their servers.

Some have suggested that we should have services that let the client build and own their own encryption keys and protections. Doing this virtually eliminates the possibility of Law Enforcement gaining access to your files and information as stored on a remote server (it is what we do here with our data and email). The reason we say virtually eliminates is because there are still methods for capturing traffic en route to its destination. Here is where ISPs have a heavy burden. This is where people like Nicholas Merrill and his Calyx Institute will come in.

They are proposing a new type of ISP and phone service provider. This is one that is driven by the user and also one that will challenge dubious requests for information. Merrill knows all about the types of request that the NSA and others can send. In 2004 he was served with a National Security Letter and not only fought it but won. Later National Security Letters were found to be unconstitutional, but this has not stopped the NSA, FBI and others from issuing them like nothing has happened. Calyx wants to provide end to end encryption of connections as well as encryption on your files that not even Calyx can access. This effectively locks Law Enforcement out of your data when it is stored in the “cloud” it also makes capturing your transmissions en route much more complicated, although certainly not impossible.

The US government has massively overstepped their bounds and are trying to hide behind the guise of counter-terrorism. This argument is sort of bankrupt as it has failed to produce any tangible results when it comes to preventing terrorist attacks. If it were a successful program we are sure that Congress would waste no time in giving more information on how it has saved the day. Instead the only groups that appear to be targeted are the press, political opponents to the current administration and the average citizens’ privacy. The US Government and the companies that are responsible for our communications, personal information and data all have a lot to answer for and we fully expect more fallout from these revelations including loss of business for any companies involved. We would also not be surprised to find out that there are more and potentially worse programs and surveillance happening hidden behind the scenes and under the blanket of Section 215 of the Patriot Act. All of this going on while the government calls these massive spying campaigns modest encroachments on privacy.

What do you think of all of this? Tell us in our Forum

Last modified on Saturday, 08 June 2013 20:35

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.