Feeds

back to article KEEP CALM and Carry On: PRISM itself is not a big deal

PRISM, the top secret US National Security Agency web communications and user data collection program revealed by whistleblower Edward Snowden last Friday, and targeted on nine top US web service providers, would seem unlikely to be the total, tyrannical surveillance behemoth reporters first assumed. That’s because its numbers, …

COMMENTS

This topic is closed for new posts.

Page:

Public awareness

The best thing about the revelation is growing public awareness.

It seems there will be a large and increasing market for a public key based messaging solution. The first to offer a usable setup will pose a substantial economic threat to the existing messaging clients. Providers need to store messages, but they do not need to store the contents in any user-accessible fashion.

I'd imaging there will be many businesses who would pay for an enterprise solution too.

Once that's taken care of, hopefully we'll see a rise in encrypted VOIP.

9
0
Silver badge
FAIL

Re: Public awareness

You are kind of missing the point. Most of the furore is about knowing the location and direction of a targets calls/mails - not content. PK will do very little to obscure that unless partnered with a TOR-like network - and even then the sort of relationships being fostered by the Government agencies give rise to plently of options for man-in-the-middle attacks.

3
1
Bronze badge
Facepalm

Re: Public awareness

>Implying that, that will make a Feted pair of Dingos Kidneys of a difference. To where the likes of the CIA, NSA, CGHQ and or the BND (Insert your favorite Counties Spy Agency HERE), are concerned... Its hardly like some spotty Teen is listening into your VOIP Phonesex conversations in Hongkong.

2
1
Alien

Re: Public awareness

If they're not collecting the content, then what is the Utah data center for?

2
1
Silver badge

Re: Public awareness

Actually it probably is some spotty teen monitoring your sexytimes.

That's part of Snowden's point - even if you make a giant leap of faith and accept this stuff provides a security benefit, there are still too many random people with easy access to the collected data.

And we don't know what else is going on. Prism may only be $20m, but we know from the Verizon story there's big budget wholesale data mining happening elsewhere - we just don't know what those programs are called, how they work in detail, or who has access to them.

4
1
Silver badge

The scary thing...

is not PRISM in itself, but the weasel words of the politicians, that so carefully deny some very specific points ("PRISM was never unlawful", "we don't routinely collect the content of communications within the US", ...), but avoid saying anything about what the security establishment is actually doing. If I can drive a train through the holes in their statements, imagine what a well-trained lawyer could do. (I.e. "GRATINGn not PRISM combined all unlawful activities", "we store all communications data within the US, but we don't collect as in 'look at' them.", "We routinely collect all communication data involving a foreigner or stemming from abroad.", ...).

I agree with Obama, there should be a democratic debate on such programs -- and I don't understand why poor Mr. Snowden had to risk his neck to start it.

18
3
Anonymous Coward

Re: The scary thing...

The public needs to be able to spy on the government too, many ministers are corrupt, lying and are taking backhanders not to mention falsifying expense claims.

18
0

Re: The scary thing...

Is anyone really surprised? There was a reason why there's an ex-CIA and an ex-DARPA on the board of Facebook.

2
0
WTF?

@Agree with Obama

It's clear from his record that the *last* thing Obama wants is a public, democratic debate on surveillance programs. I voted for him and supported his campaign in the first term, but there's no denying that he has authorised a sharp increase in government surveillance while in office.

As former NSA and CIA director Michael Hayden notes, "Obama expanded the surveillance programs in volume...NSA is actually empowered to do more things than I was empowered to do under President Bush's special authorisation".

9
0
Silver badge

Re: The scary thing...

Similarly with the companies involved =ie. The NSA doesn't have direct access to Google's server

No, It only has access to the switches feeding Google's servers.

But the servers are owned by Google data center inc - a wholly owned subsidiary, which the has NSA access

So we have a department of deniability that handles NSA requests and they are careful that the CEO doesn't know about it.

3
0
Silver badge
Pirate

Re: The scary thing...

List of Weasel words

"Direct connection" - not needed just a messaging framework.

"not targeted at americans" - how do you tell whether they are americans in the first place.

"legal" - as demonstrated by rulings of a secret court with no accountability to the public.

"not the content" - in the age of the internet thought crimes who and where you make contact is just as informative as what you said.

"National security" - as if any real terrorists arent already aware of the general possibilities of these systems.

10
1
Big Brother

Re: @Agree with Obama

The fact alone that he says he wants a debate makes me certain he doesn't. The man did the opposite of what he preached everytime he made a speach within days after it.

4
1
Silver badge

Re: The scary thing...

The scariest weasel words are the ones you don't think of as weasel words. Last night on Fox one of the panelists noted he's had conversations with spooks and in their parlance "collect information" is different than "gather information." One implies that somewhere in their database the information exists but no human being has examined it. The other means someone is actively examining the information.

1
0
Silver badge
Big Brother

Re: The scary thing...

"...many ministers are corrupt, lying and are taking backhanders not to mention falsifying expense claims..."

You mean you believe there are some who AIN'T???

Do you still believe in the Tooth Fairy, too?

0
0
Flame

Lies, Damned Lies and Guesswork

I'll counter-guess: Those 20 millions are solely for requesting crypto keys from Skype. Google and Facebook. When they have that, the already-in-place Collection System will do the rest.

There is only a single secure approrach: Get Out Of The Cloud Now !

+ TOR always, early and often erasing of cache

+ Raspberrry PI hosting your files

+ GNUpg encrypting messages

+ TrueCrypt encrypting your files

+ Cola bottles in the woods storing your encrypted backup memory sticks

+ encrypted chat over your own chat server running on the RaspPI

+ Raspberry PI server runs your email server

Essentially, boycott the business of Brin, Zuckerberg and Ballmer. Those are 100% subverted by an security services running amok.

23
4
Silver badge
Facepalm

Re: Alternative Fried Newt Re: Lies, Damned Lies and Guesswork

And don't forget your triple-layer foil hat!

7
16
Flame

Re: Alternative Fried Newt Lies, Damned Lies and Guesswork

Yeah Matty, not supplying everything to the US and its little warmonger-terrorist appendix-brain is un-patriotic. Patriotic Americans carry a smart phone at all time. Including those Americans who live in the 51st state.

Surely you can explain this to us along with the fact that only HP hardware is kosher.

7
2
Bronze badge

Re: Surely you can explain this to us along with the fact that only HP hardware is kosher..

An Orthodox Jew Walks into a Bar…

and buys a printer.

(the wacky dude)

2
0
Silver badge
Happy

Re: Aborted Fried Newt Re: Alternative Fried Newt Lies, Damned Lies and Guesswork

ROFLMAO! Please don't shriek so loudly, you'll wake the rest of your kindergarten class from their naptime!

"Yeah Matty, not supplying everything to the US and its little warmonger-terrorist appendix-brain is un-patriotic. Patriotic Americans carry a smart phone at all time. Including those Americans who live in the 51st state.

Surely you can explain this to us along with the fact that only HP hardware is kosher." So, as well as be rabidly paranoid and anti-Yank you're also anti-Semitic? Wow, what a charming chap you are - not. But please do continue posting, the humour value you provide, whilst unintentional, is certainly the only quality item you have ever provided.

1
15
Anonymous Coward

Re: Lies, Damned Lies and Guesswork

That seems like a lot of bother. I think I'll just rely on the assumption that the government finds both me and my activities boring, and not worth a second glance. Sadly, they are correct.

1
0
Anonymous Coward

Re: Lies, Damned Lies and Guesswork

"Cola bottles in the woods storing your encrypted backup memory sticks"

I would not trust my data to a bottle made by a US owned corporation.

2
0
Silver badge

Re: Including those Americans who live in the 51st state.

Guess you missed it: The Big 0 announced during his first campaign that there are 56 states.

1
0

Re: Lies, Damned Lies and Guesswork

Hi, I was just wondering if you could provide some more info on your ideas to help protect privacy that I've detailed below.

When talking about RPI for hosting files, are you talking about setting it up as a web server for whenever you want to upload a file?

Can you explain GNUpg in more detail? I had a look at the wiki page but still didn't understand it much; should GNUpg be used for whenever you send a message over the net?

Instead of having an encrypted chat server running on RPI, what about Cryptocat for chat? (similiar idea to TOR)

Why do I need to use Raspberry PI to run my email server? For example, iF I was using claws mail, couldn't I just use that on Windows rather than on RPI?

Will Tor make my internet privacy completely safe? I mean other than emails, I use duck duck go as my search engine, but should I be using RPI as a router/switch to help with my privacy or has TOR got it covered?

Apologies if this seems a bit long winded.

Many thanks,

0
0
Go

Technical Questions And Answers

"When talking about RPI for hosting files, are you talking about setting it up as a web server for whenever you want to upload a file?"

I suggest you use the RPI server to be essentially a cloud-based file server. You can do that via SAMBA or (better) ssh/scp. Securing SAMBA is certainly a bit more complicated, as it is one of these strange commercial contraptions.

"Can you explain GNUpg in more detail? I had a look at the wiki page but still didn't understand it much; should GNUpg be used for whenever you send a message over the net?"

GNUpg or gpg is the free-open-source variant of PGP. Maybe you should first do some reading on Public-Key Cryptography. Essentially, it eliminates the need for securely transmitting a secret key from message destination to source. The destination will generate a private/public key pair and publish the public key. The sender will encrypt with the public key and only the destination can decrypt because only they have the secret key. That's highly counter-intuitive, but it actually works nicely ! Go to your local Linux user group and ask for help. Plus, there are FOSS GUIs for gpg, which might ease things a little.

"Instead of having an encrypted chat server running on RPI, what about Cryptocat for chat? (similiar idea to TOR)"

I don't know Cryptocat, but if you need to trust a third-party server, they can do Traffic Analysis more easily, as they only have to listen to the server to ferret out all relationships. And, how do they generate good session keys in Cryptocat ? Weak session keys are a major threat to any crypto system.

"Why do I need to use Raspberry PI to run my email server? For example, iF I was using claws mail, couldn't I just use that on Windows rather than on RPI?"

Yeah, you can use Windows as your server, but that will eat much more energy 24/7, which translates into a potentially unsustainable energy bill. Plus you get all the exploits of commercialware, which you can only inspect with a disassembler, not just a plain text editor.

"Will Tor make my internet privacy completely safe? I mean other than emails, I use duck duck go as my search engine, but should I be using RPI as a router/switch to help with my privacy or has TOR got it covered?"

Whenever you surf the internet, your IP gets logged in government collection systems and in private-sector collection systems (which are of course called "customer click analysis system" or something). Plus, they will lob dozens of cookies onto your computer. Even if you delete all cookies, sophisticated operators such as Google and Facebook can nail you down, especially when you log into facebook, google or hotmail. The government certainly has access to telecom records and can attach your real name to your IP address. TOR plus regular deletion of cookies will thwart all of that or at least make it massively more complicated. Of course they will float allegations that "we have already broken TOR, GNUpg and all that" to convince the faint-hearted to not take the effort. Even if there is some modest truth to that claim (I suspect they perform some sort of traffic analysis and correlation on TOR traffic - research papers are out there for everybody to see from government agencies), you will still protect yourself from those thousands of half-criminal non-government snooping agencies out there.

1
0
Silver badge

Prism Logo

Far from being meaningless, I'd say it's quite apt, since it shows input information (white light) being processed to reveal its component parts.

3
0
Silver badge
Coat

Re: Prism Logo

They should be careful, lest they get sued by Pink Floyd for copyright infringement....

2
1
Silver badge

Re: Prism Logo

"get sued by Pink Floyd"

Don't you know? PF were govt agents! All the psychedelics where just cover so they could infiltrate the pop scene!

1
0
Bronze badge
Coat

Re: Prism Logo

Newton has prior art... and the laws.

Yep, the one with the apple in the pocket.

0
0
Silver badge

Re: Prism Logo

Guess you missed this article:

http://www.theregister.co.uk/2013/06/12/nsa_logo_scandal/

0
0
Meh

You're not as special as you think you are.

Given the numbers involved, PRISM is clearly targeted at specific individuals. When you're doing something on that type of budget, in that kind of business, you want to know specifics. You don't trawl through reams of information looking for snippets that MIGHT be interesting. That would be a complete and utter waste of time and budget.

The fact that mechanisms are in place to allow law enforcement agencies to get comms data from providers is neither appalling, nor surprising. The comparison with RIPA here is appropriate. I would be more concerned if law enforcement agencies DIDN'T have access to this type of data.

It's my own personal view that this whole episode is just a mountain-out-of-a-molehill type of event. It maybe unpopular with those who like to make a song and dance about it, but whatever.

5
13
Anonymous Coward

Re: You're not as special as you think you are.

I see InfoOps is out there to throw oil on the water.

4
4
Happy

Re: You're not as special as you think you are.

Surely "Inf Oops" would be a better label, given the circumstances?

1
0
Thumb Down

Re: You're not as special as you think you are.

Maybe I'm not "special" right now, but who's to say that I won't be in perhaps 3 months / 3 years when something I said online then becomes a thought crime? Will I suddenly be deemed to be sympathetic to a particular cause?

12
2
Silver badge

Re: You're not as special as you think you are.

You are special now - you pay tax.

And you file to pay the extra sales tax on anything bought out of state, and you declare any souvenirs you bring back from a foreign trip, and pay income tax and social security on anything you sell on ebay?

I hope so because the IRS now have a copy of all your internet traffic and all your credit card slips

3
1
Silver badge

Re: You're not as special as you think you are.

The only thing clear here is that the NSA is gathering data on just about everybody. After that everything is guesswork and surmise, starting with whether or not you believe Snowden is telling any truths followed immediately by whether or not the document he released is true. Even if we assume both of those are true that still doesn't get you to highly targeted on the raw data collection. It's possible PRISM is just the analysis of specific data that was gathered under another program name. That leaves you with a factual number for PRISM that hides a much larger program elsewhere. It gets you off the hook for lying to your own people (in this case own people = NSA agents). It also fits with the sort of compartmentalization I'd expect in a spy agency.

I know I'm not that special. Yes there are things I don't want you to know about me, even if you are a close friend. I think all of them are legal. I don't believe I've broken any laws in the sense of a law that is on the books and 75%+ of the people think ought to be on the books. For practical purposes, I'm sure the program has stopped some terrorist attacks. Likewise shutting it down will likely cost some lives. I'm also quite certain the program has a huge potential for abuse. And at this point that potential for abuse has me at the point where I think it should be shutdown.

My major point of difference with the people who are insisting it be shut without asking any further questions is that I'm willing to listen to arguments to allow it to continue; albeit with a better understanding of what 4th amendment protections are in place and how it is that I know I can trust those protections to be obeyed. For as fuzzy as how the protections might be implemented are, the even bigger issue is that in light of the IRS scandal and the funny business with tapping James Rosen's and AP's phones the trust issue is even fuzzier.

0
1
Silver badge
Meh

Cost Analysis

The $20M in project costs are likely the warrant fulfillment remuneration paid to the service providers. PRISM is part of a larger system and in all my years I've yet to see training and awareness documents that describe upstream costs of associated programs/systems. This is doubly the case in a compartmentalized organization.

The same Constitution that's being lawyered into ineffectiveness guarantees that companies and individuals who provide goods or services, even under orders, to the government are to be paid back for goods/services provided. It has to with when The Evil British Empire was confiscating private property from Colonists in the name of the Crown. The stated figure of $20M is perfectly reasonable for what is a one or two person job at each of the companies involved.

3
3
Silver badge

Re: Cost Analysis

The $20M in project costs are worth an investigation on their own.

It will be the first government IT project to only cost $20M since Babbage got a contract to put some brass gears together to print navigation tables

3
0
Bronze badge
Pint

Re: Cost Analysis

$20m in ink maybe, but no paper to print on or - what were you thinking - hardware made of expensive brass.

But yes, good point.

0
0
Thumb Up

Pretty Rich Infernal System Making

First time I've seen this presentation of that PRISM as an acronym, pray tell us the words for which it stands, or does it fall into `if you know that, they'll have to kill you' territory?

Why should it be too costly if they have deals for spoon-feeding from US `national champion' .coms, and doubtless plenty of black budget?

My heading is lame, I know (tired), but other commentards can doubtless do better.

0
0
Anonymous Coward

Re: Pretty Rich Infernal System Making

Whatabout Pork Rulez Intelligence Massively ?

1
0
Anonymous Coward

Re: Pretty Rich Infernal System Making

Errata: Pork Rulez Intelligence Swinery Massively

0
0
Paris Hilton

P.R.I.S.M

Paris Really Is a Sexy Momma!

3
0
Big Brother

Re: Pretty Rich Infernal System Making

Prescribed Requests from Internet Service Maintainers

It'll be something like that anyway. The first four words will be corporate jargonese, and the last word is bound to be very clunky as they will have picked it just to complete the Acronym

0
0
Silver badge
Big Brother

"U.S. government also acquired a back way in"

It's worth remembering that this very organ reported about possible backdoors in Skype some five years ago.

2
0

Stature

> "PRISM complies with applicable law, and may be stature or warrant based"

So no warrant required for tall people?

-A.

6
0
Unhappy

No big deal then , eh?

I forwarded this article to some tinfoil wearing acquaintances who might not "get it". I've been informed that is well known (by certain people) that Vulture Central is a hot bed of Illuminati and Reptilian activity. This piece was obviously written by the Jewish Media Conspiracy in a feeble attempt to calm the overactive minds of us IT drones. /sarcasm

In short, I was having fun freaking everyone out since this story broke. Now while at lunch, I'll just have to go back to talking about how shitty the Blue Jays are doing this year. Thanks Reg.

3
2
Anonymous Coward

Open Dollars as compared to acres of Utah Data Center

If they're simply requesting a wee bit of metadata here and there, then it would easily fit into a single 1TB portable hard drive. In fact, it would fit into a single USB stick per month.

If they will have a Utah Data Center "designed to store data on the scale of yottabytes" (millions of TB), then OBVIOUSLY they're planning to capture and store CONTENT, not just limited volumes of metadata by individual requests.

They should offer "private" file retrieval service as a form of Paid-For automatic backup service for consumers, companies, foreign governments, enemies of the state... UDC might turn into a profit center for the government.

I for one welcome our new overlords. I feel safer already. They've been doing this since 2007, and not a single Boston Bombing incident has happened since. Oh... FAIL.

12
1
Anonymous Coward

Re: Open Dollars as compared to acres of Utah Data Center

If they have a list of close friends on each human being, that would be in the Terabyte range. So the entire "Yottabyte" thing might be bullshit. The MfS probably had an archive measured in the tens of Gigabytes and that was effective to keep 17 million people from saying the truth in their own bedrooms.

0
0
Thumb Up

Re: Open Dollars as compared to acres of Utah Data Center

NSA Cloud Services: Stock float coming soooon

Possible slogan: Why settle for second best, we slurp 'em all so we outslurp the rest!

Speaking of which, this all casts a bright new light on some of Eric Schmidt's odd statements about info privacy, don'it indeed?

0
0
LPF

I notice RIM isn't on there....

I know that they are a candian company, but with their end to end encrytion, if Iwas them I would be making a big noise, that unlike all the others , no one can tap your comms while using them!

0
0

Page:

This topic is closed for new posts.