Some Thoughts about PRISM

Bits and Pieces 2013-06-11

Summary:

I have been waiting to comment on the recently disclosed NSA surveillance programs until more facts came out, since what various parties were saying in the first days after the story broke seemed so irreconcilable. And the reports touch on so many issues covered in Blown to Bits it is hard to know where to begin. We know more now, and though some of puzzles remain, at least some of the questions have started to firm up. How Does PRISM Work? We don't really know. What is "collected," where? The PRISM slides (the ones that have been released -- only a few of them) clearly state that the "collection" includes both "surveillance" and "stored comms." But stored where? Facebook and Google, two of the companies listed as part of the program, both are clear in their denials. Both Larry Page (Google) and Mark Zuckerberg (Facebook) deny giving the government "direct access" to their servers. (Some have suggested that this phrase needs definition; what about indirect access? But to be fair, arguably we all have indirect access to their servers.) Both also state that their companies respond only to specific requests, which are scrutinized individually and challenged if overly broad. Alex Stamos suggests that (especially given the low -- $20 million per year -- price tag for the program touted in the slides) PRISM may be just a code name for a view into data gathered through a variety of mechanisms. That is not the way Snowdon, the self-identified leaker, makes it sound. It seems to me that it is more likely that Snowdon is exaggerating, and that the individual who made the cute graphics on the Powerpoint slides did not fully understand the system, than that Page and Zuckerberg would be flat-out lying when the truth might easily come out in another way. Add to this the subtlety that in the DoD, "collecting" data does not mean what you might think. As the EFF explains,
Normally, one would think that a communication that has been intercepted and stored in a government database as “collected.” But the government’s definition of what it means to “collect” intelligence information is quite different than its plain meaning.
Under Department of Defense regulations, information is considered to be “collected” only after it has been “received for use by an employee of a DoD intelligence component,” and “data acquired by electronic means is ‘collected’ only when it has been processed into intelligible form.” 
In other words, the NSA can intercept and store communications in its data base, then have an algorithm search them for key words and analyze the meta data without ever considering the communications “collected.”
Director of National Intelligence James Clapper did not help matters when he point-blank denied any massive data collection in his Congressional testimony:
Sen. Wyden: "Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?" Mr. Clapper: "No, sir." 
And then, when challenged after recent disclosures, offered a restatement:
"What I said was, the NSA does not voyeuristically pore through U.S. citizens' e-mails. I stand by that." 
Well, that is not what he said. Taking all the semantical gymnastics into account, I would conclude that the NSA is sifting automatically through lots of email and other content searching for for specific targets. It is what Phil Zimmermann, way back during the Crypto Wars, called "driftnet fishing": scoop everything up, and throw back what you don't want. Isn't that a violation of the Fourth Amendment rights of the rest of the fish? I think what is going on here is that people think there is a big difference between a computer reading their email and a human being reading it. There isn't. Questionable defenses. Perhaps the inconsistency can be reconciled by dicing the language yet more finely or by understanding better how the system actually works. But for some, there is no problem in any case. The Fourth Amendment, like the other enumerated rights, is not absolute. PRISM's collecting and sieving just represent a necessary compromise. Of course, because the program has been secret, its constitutionality has never been challenged. The courts like to be reassured that when the government infringes a civil right, the infringement is as limited as possible. The ACLU is hard at work preparing a challenge; maybe we will find out. But others don't even care abou

Link:

http://harry-lewis.blogspot.com/2013/06/some-thoughts-about-prism.html

Updated:

06/10/2013, 23:05

From feeds:

Fair Use Tracker » Current Berkman People and Projects
Berkman Center Community - Test » Bits and Pieces

Tags:

Authors:

Harry Lewis

Date tagged:

06/11/2013, 02:50

Date published:

06/11/2013, 02:50