Monday, 24 June 2013 06:11

Technology And The Cloud Helped To Make PRISM Possible

Written by

Reading time is around minutes.
NSA-Prism-logo

Over the last couple of weeks the new has been flooded with articles about the US Government’s surveillance program called PRISM. It is possibly one of the largest invasions of privacy that has been leaked to the general public. What makes this program all the more concerning is that the NSA appears to have cooperation from each of the companies involved. This apparent breach of consumer trust has caused quite a stir and almost all of the companies that were shown in the leaked power point about PRISM have released statements claiming they only cooperate within the limits of the law. This raises an interesting question though; if a broad request is approved by the Foreign Intelligence Surveillance Court wouldn’t a company be within the law to grant access?

That would seem to cover the whole legal end of the argument. However, there are some that feel it does not, at least this does not cover it well enough. This could be why so many companies were eager to push for the Cyber Intelligence Sharing and Protection Act. This single bill would have made everything that is going on with PRISM completely legal. On top of that it would also have made it legal for large companies to share personal (and typically private/protected) information with each other; all in the interests of “national security”. It is something of a frightening thought that these types of conversation and programs are going on all the time without public knowledge.

On the technical side there is a benefit to both the corporations that cooperation and the intelligence communities that want their data. Even the NSA does not have the storage to gather the amount of data that they truly desire and they also do not really have the budget or the man power to collect it. While it is true that the NSA has one of the most far reaching charters for domestic and foreign intelligence gathering (and other things) they still could not staff enough people to gather what they want and still keep everything under wraps. This means they need the cooperation of domestic companies like Microsoft, Google, Apple, Facebook and others. These companies maintain massive amounts of data on their customers. They have everything from email, to personal documents to chats and photographs for an intelligence community it is a veritable gold mine of data and it is all posted willingly by the public.

All of this data is valuable and a few years ago reached a point where keeping and maintaining it became more valuable than the cost of storing it. Companies like Google have known this for a while and have always looked to keep their customer data in their control. They initially used the information to perfect their advertising interests, but now they see that there is more value to it than just that. Microsoft is only now catching on to this and they are rapidly trying to compete with Google in terms of the data they collect and store. They want as much of it as they can get their hands on. This is very evident in their recent operating systems as well as the Xbox One and even Office 2013. They want you in the cloud and once you are, well then any information you store there belongs to them and, if the recent leaks are to be believed, the NSA.

Now, I know what you are thinking; but my data and conversations are encrypted. You would be correct in believing that your data, emails and even text conversations are encrypted. Companies like Microsoft, Google, Yahoo, Apple, Skype etc. do encrypt your information; the problem is that since they are the ones that control the keys they can also hand them over. The NSA, FBI and DoJ have already established the precedent that companies cannot withhold encryption keys, they must hand over the means to decrypt any information (including point to point sessions over SIP) that is covered under warrants, NSL (National Security Letters) or FISC orders. Yes, this means that despite claims of point to point encryption over Skype, Facetime and iMessage your conversations are not secure. Microsoft and Apple own the encryption keys (public and private) and are compelled by law to hand them over if requested. In fact Microsoft no longer tried to claim that Skype is secure from eavesdropping, only Apple still tries to maintain that myth.

As for social networking sites like Facebook you are even more likely to have your data fingered through. On a social networking site you are very likely to engage in conversations expressing political or religious beliefs. Simply clicking on the like button about a picture or topic can be a big indicator of how you view the world. Again, this data is very important and useful to an intelligence community. It is freely given without filter or restriction making it much more valuable than anything that might be gathered under interrogation or even casual questioning. Over the last few years Facebook has often come under fire for the way they collect and use data including inserting facial recognition for auto tagging people in photos. Facebook’s collection and use of this information is infamous as they seem to add more collection capabilities while forgetting to let their users know, they are also a big supporter of CISPA.

If their pattern of user data collection was not enough it is interesting to note that one time Facebook Security Chief Max Kelly went to work for the NSA a year after Facebook is alleged to have signed up for PRISM (2009). This puts the guy who was responsible for protecting Facebook servers in the same agency that is alleged to be collecting it. Now there is no evidence that Kelly has anything to do with PRISM or even any knowledge of the program, but it is an interesting fact. It is sort of like when the lead investigator in the Pirate Bay trial got a new and high paying job with a movie studio shortly after the court found The Pirate Bay’s founders guilty. It could be nothing, but it is really unlikely that it is.

Sadly most of this debate over PRISM is moot. There have been several court rulings that set precedent on this (along with several annoying sections of the Patriot Act). One of the key ones is the reasonable expectation of privacy. According to multiple rulings you have none when it comes to almost anything on the internet. If it travels over digital lines or is stored outside your own control or ownership, it is no longer yours or private. Under the Patriot Act it is legal for the NSA or FBI to request very broad access to information from corporations who must comply and who also cannot reveal any information about these requests. Of course now that the cat is out of the bag we are seeing almost all of them make a big fuss about transparency. Google, Microsoft and others are asking to reveal more information about FISC request knowing that they will not be able to do much more than list the number of them (if that). It is a nice show, but will end up amounting to nothing. Unless some major changes are made in the laws that are supposed to protect US citizens from this type of eves dropping there is little hope that things will change. As we have said before, your personal information has value and will be traded like a commodity in the very near future. This desire for this data is one of the biggest reasons for the push to the cloud and it is very likely that as technology advances we will see this move become almost inevitable which is something we truly hope does not happen.

Tell us your thoughts in our Forum

Read 2724 times Last modified on Monday, 24 June 2013 06:14

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.