Feeds

back to article Yahoo! joins! rivals! in! PRISM! data! request! admission!

Yahoo! has become the latest big-hitting American tech firm to reveal exactly how much information it has handed to US spooks. Marissa Mayer's outfit joined Apple, Facebook and Microsoft in releasing the number of sensitive data requests made by spies and law enforcement agencies. The tech giants want to reassure customers and …

COMMENTS

This topic is closed for new posts.

How do they know why they're being requested?

So they're able to say if its for a fraud, murder, missing person investigation.

1) How do they (Yahoo!, Google, Apple etc) 'know' that it's really for the stated reason?

2) How are they able to say No, (as Facebook claimed) if they dont think it's a justified reason? If its got a court order.. Its got a court order.

3) What are the numbers for other national security agencies? How many times have GCHQ asked for data?

4) What about data for non-nationals? If the person isn't a US national, do the US laws apply? (equally to other countries).

So many unanswered, and likely weasle words still to come.

3
1
Big Brother

Re: How do they know why they're being requested?

More to the point, these are the ones they KNOW about. I bet there are lot of things the NSA do that the companies are blissfully unaware of to their data.

0
0
Silver badge

Re: How do they know why they're being requested?

Apparently a D notice has been issued in regards to the PRISM program now in the UK.

http://www.andmagazine.com/content/phoenix/13003.html

0
0
Silver badge
Unhappy

@ Ian62

"4) What about data for non-nationals? If the person isn't a US national, do the US laws apply? (equally to other countries)."

The short answers to this question are "You're screwed" and that the NSA is hoovering up somewhere between "a little and a lot" of your data. The Foreign Intelligence & Surveillance Act (the "FISA" you are now hearing so much about) only protects residents of the US of A. Outside of the U.S., even expat U.S. citizens are fair game, because they live under the laws of the various countries they reside in. Really the only procedural limit for foreign residents is "How much can we surveil until country X gets so pissed off at us that the cost outweighs the benefit." There are obviously practical and infrastructure limits as well.

Also, it is hardly uncommon for country X to outsource it's local dirty work to the NSA or other country's spooks. The NSA can get around local laws and social mores about snooping, and the local government gets the data while still ostensibly keeping its hands clean.

1
0
Silver badge
Unhappy

Re: @ Ian62

P.S.--because internet traffic/social media is harder to map to a person geographically, the NSA has instituted a test where they can scoop up data as long as their test indicates at least a 51% chance that the data/content was not made by a U.S. resident. Hardly confidence-inspiring, but at least us Americans get SOME protection from our own government.

0
0
Bronze badge

Re: How do they know why they're being requested?

"Apparently a D notice has been issued in regards to the PRISM program now in the UK.

http://www.andmagazine.com/content/phoenix/13003.html"

How's the weather at Airstrip One today? :/

0
0
Anonymous Coward

Really

All the US has done for years is lie to forward their global dominance. You think that they would not lie if they knew it would lose them the business/intel. Nothing is going to change and we know that as well.

Time for some homegrown solutions world-wide to replace those currently dominated by US firms.

7
0
Anonymous Coward

Re: Really

We've always played lapdog to the US while our cousins in Europe have watched with bemused grins, all the while getting their own houses in order using their own local methods.

0
0
Anonymous Coward

Re: Really

Right because the cute and cuddly UK government would never do something like spy on foreign diplomats or, gasp, their own citizens,

Oh and ignore that CCTV behind your shower curtain. Nothing to see here, move along please.

0
0
Bronze badge

Re: Really

Strong encryption, VPN or even better, HAIPE encryptors end to end on one's distant communications channels.

0
0
Bronze badge

Re: Really

"Oh and ignore that CCTV behind your shower curtain. Nothing to see here, move along please."

That's nothing that a violet wand couldn't fix. To cover audio transmitters, the same wand with an antenna does nicely.

There are tricks to amplify the noise as well.

Raises merry hell with television reception, but then, I recall hearing of ways to bug a room using a television speaker or even monitor screen.

0
0
Black Helicopters

And probably only 2 were FISA requests...

2013Q1 - The FBI says give the NSA all your data

2013Q2 - The FBI says give the NSA all your data

All done and renewed every 3 months leaving between 11,998 and 12,998 requests to be about fraud, kidnapping etc.

2
1
Bronze badge

Re: And probably only 2 were FISA requests...

And the FISA requests are classified at TS/SCI/NOFORN/ORCON, etc.

Hence, never see the light of day.

Though, Congress can see them in their house SCIF, if they know that they exist.

There is a right way to report something one finds improper, there is a wrong way. Snowden started out using the wrong way, which should have been a final backup and not his first action.

0
0
Bronze badge

Don't they realise that the cat ...

is well and truly out of the bag?

I wonder how many new private email servers have been set up over the past fortnight, how many new PGP key pairs generated, how many new VPN tunnels configured?

If I was a US cloud provider I would be contacting Steve Bong about alternative business models around about now.

The cloud is convenient in many ways, but when it comes to privacy and security it's all rather too nebulous.

1
1

Re: Don't they realise that the cat ...

PGP keys...

Interesting... I wonder how many of the various snooping programs coming out of the USA, China, Russia are designed to dig out your private pgp key so they can decrypt your communications with less effort.

1
0
Bronze badge

Re: Don't they realise that the cat ...

Quite a lot I reckon. Which is why if you're really serious about encryption you do it on a second computer that is not connected to a network.

Even so, matching up PGP keys to everyone's inboxes and then cracking keys across multiple platforms and applying them to the right email streams is going to be a rather greater hurdle for the NSA to clear than simply splicing some fibre at the Googleplex or at Hotmail HQ and reading it all in plaintext.

There's no such thing as perfect security, but you can at least take reasonable precautions.

0
0
Bronze badge

Re: Don't they realise that the cat ...

If the VPN isn't at both endpoints, it's useless, as one simply plugs into a switch port and monitors away.

PGP/GPG is as secure as the keyserver and the endpoints. Compromise any one, own the system.

An example is, a FISA letter generates a warrant that is presented to a keyserver owner. Software is placed in the middle to provide false key information to the requesting client, information designed to permit a MiM attack.

Compromise the private and public keys on one endpoint, have a wedge to gain further access.

The US DoD thought using smartcards for logon, digital signing and encryption was the be all and end all of security for computer access. In spite of warnings that it is only one component by the vendor and IA personnel.

It was later found that a foreign actor had acquired access to a workstation, used the middleware for the smartcard in dos mode to authenticate in and begin exfiltrating data.

Proving what was first said, no single component does a system make. One uses a layered approach in protecting one's computer, one's data and one's traffic.

1
0
Bronze badge

Re: Don't they realise that the cat ...

"Even so, matching up PGP keys to everyone's inboxes and then cracking keys across multiple platforms and applying them to the right email streams is going to be a rather greater hurdle for the NSA to clear than simply splicing some fibre at the Googleplex or at Hotmail HQ and reading it all in plaintext."

You forget a few things. First, the mail at Googleplex and Hotmail would be stored in encrypted form, not unencrypted. You don't decrypt your mail when you send it, you encrypt it and send it encrypted. It gets decrypted when read. Hence, the tap would get encrypted data.

However, consider some well known facts about the NSA.

They hire the largest number of mathematicians in the world. They hire the top of the class from various educational institutions as programmers. They also have multiple supercomputers.

0
0
Anonymous Coward

"We’ve worked hard over the years to earn our users’ trust and we fight hard to preserve it"

this is a bizarre statement, given the circumstances, no?

2
0
Anonymous Coward

Even more ironic:

MS is currently running a TV advertising campaign in the UK focussing on how much they care for and respect your privacy. Talk about timing being the secret of good comedy...

3
0
Happy

Not! Bloody! Good! Enough!

0
0
ql
Bronze badge
FAIL

"Keep calm and carry on using American tech firms, folks"

Er, no.

2
0
Bronze badge

Re: "Keep calm and carry on using American tech firms, folks"

you don't use american tech firms? So what are your alternatives? Email, maps, cloud storage? Of course you could roll your own email/cloud, but what that's beyond your personal abilities? Any non-US alternative ideas anyone?

0
1
WTF?

"unwitting participants"?

Erm, right. And just how would that work?

One can say that the PR departments were unaware of PRISM, but of course that was by design.

1
0
Anonymous Coward

Aren't they all still denying Prism exists and simply giving people the number of court ordered requests?

3
0

This post has been deleted by a moderator

Silver badge
Coffee/keyboard

"We’ve worked hard over the years to earn our users’ trust and we fight hard to preserve it,"

Oh, that was a good one.

3
0
Anonymous Coward

Hang on.

I thought the whole point about prism was that the NSA are taking a copy of all traffic (FO Beam splitters) as it passes through the ISP. Therefore they are storing everything for processing/analysis as they see fit. They don't need to go cap in hand to the companies.

Obviously getting the data handed to them by companies in a nice ready to go format is advantageous, but strictly speaking, PRISM as I understand it, means the NSA already has the information that they are requesting.

0
0
Anonymous Coward

Re: Hang on.

The phrase to remember here is "defence in depth". If you were inventing a strategy to spy on the internet at large for a long period of time and everyone knew that was your job then you would need a multi layer plan.

You'd have the "legal" (note not "ethical") approach which involves judges granting warrants or whatever. And then, in case that got exposed and the worm turned politically then you'd have another method tucked up your sleeve, eg fibre splicing. In fact the second option might have been you major source of intelligence all along and the "legal" method just a smoke screen, who knows.

And you can bet that they have other layers too. Try Googling "USS Jimmy Carter" and see what you find.

1
0
Anonymous Coward

And yet more proof that Linux is an NSA enabler.

0
3
Anonymous Coward

NSA PRISM Enumeration

Theres a short posting over at the 360 Security blog on how PRISM works, although it looks like the NSA slide deck has pretty much made that clear now!

http://360is.blogspot.co.uk/2013/06/a-quick-enumeration-of-prism-program.html

0
0

Barely Legal - NSFW

No sexy pics, just tainted technology. A government comprised mainly of lawyers can get away with just about anything.

0
0
Anonymous Coward

"All I can say right now is the US government is not going to be able to cover this up by jailing or murdering me. Truth is coming, and it cannot be stopped."

Meh, despite appearances the NSA isn't incompetent or impotent, if they wanted him dead, he'd be dead and none of this would have been made public. The question is why was it leaked? Snowden himself is most likely just an idiot manipulated into releasing the data.

0
2
Silver badge

Exactly?

"to reveal exactly how much information it has handed to US spooks."

How is that Exact? Even without all the stuff I assume they are not talking about because they are not allowed to.

processed between 12,000 and 13,000... not including FISA requests.

More like a random number they pulled out of their ass I think...

0
0
Anonymous Coward

Hitchhikers Guide to The Other Side..........Spying on 100% just to catch <1%

In another thread someone asked why the US Government thinks its ok to spy on 100% of the world to catch 5%? This gnawed at me overnight. So what makes it ok for my Government to unapologetically spy on absolutely everybody just to protect its own? After all its charter isn't to protect the planet, its to protect American citizens. I for one am getting tired of their laughable justifications...

China and Russia may taper some of the US' Curb Your Enthusiasm. For my money US intelligence is so dysfunctional it must be run by Larry David. The Coen Brothers captured it perfectly with Burn After Reading. I think most Americans working in intelligence lack worldly knowledge i.e. extensive travel, understanding of world history, ability to speak languages other than English or Bad English. We are too pollyannic or naive to comprehend foreign situations and ignore warnings by journalists such as Robert Fisk on the Taliban. Instead, we snoop big-data, build computing Monoliths and trawl for signs of trouble.

Our naivety is reminiscent of how we arrived at the financial collapse. Our so-smart mathematicians hailed infallible models that were actually full of assumptions. Traders then placed leveraged bets with 5-10 years of historical data. But economic cycles have been with us forever and there are always cyclical ups and downs. Yet no one thought to look back or question the assumptions including Alan Greenspan.

So, do I have any confidence in the US using this raw data to bring about a perfect 'Person of Interest' like prediction computer? Don't make me laugh, save it for a TV series! When we trawl big-data in an underground computer the size off Utah, we'll end up with the answer 42! Then we'll have to build another monster the size of America just to analyse this, and the Military-industrial spending complex will go on...

3
0
Bronze badge
Facepalm

"The tech giants want to reassure customers and prospective clients that they are not being spied upon in the wake of the PRISM surveillance scandal."

Too bloody late for that! ( Has been for a long time before all this stuff came to light. )

1
0
Silver badge
Pirate

Just say No!

To putting any of your data on a sever owned or operated by a US Company.

Forget the Cloud, be it Amazon, MS or pretty well anyone else for that matter.

Say Yes to

Encrypting anything sensitive on your emails

use HTTPS instead of HTTP for as many web pages as possible.

Use Google or Bing searches via a TOR proxy.

etc

etc

And with the latest webcam exploits, just stick an image of giving someone the finger with 'That means you USA' beneath over the lens.

Then pull the plug on your internet connection, put your phone in a lead lined box and relax with a smile, they can't track you (for a few minutes that is)

1
1
Hoe
Stop

Re: Just say No!

No DONT use Google using Tor, Google defeats Tor, if you are worried about security use DuckDuckGo with Tor or some other similar service which won't be exposed..

Even then though, you are never truely secure, even with local encryption.

2
0
Silver badge

News Just In.....

MySpace more than a bit pissed off not to be invited to the prism party :-D

Is it really worse that out collective privates are getting flashed to the US Govt. (a small part of which is nominally trying to make their world a better place) than our collective privates being flashed to the highest bidder AKA the intarwebs business model? - not a spy or terist, so find it hard to be shocked, upset, or even that interested.

0
1
WTF?

So let me get this straight

"What I've asked the intelligence community to do is see how much of this we can declassify without further compromising the program... And they are in that process of doing so now," he added.

You're asking the community that designed this program, that has a vested interest in continuing this program, that claims it will suffer immeasurably if this program is halted, to see how much they can reduce it without compromising it?

And you seriously expect them to come up with an answer other than "We can't declassify any of it without nuking democracy and asking the Taliban to take up residence in the White House"?

The words turkey, christmas and voting come to mind. Not to mention the words 'fucking' and 'insane'.

2
0
Black Helicopters

It's the metadata, stupid!

All these corporates are being disingenuous - they are trumpeting the numbers for "sensitive data requests" which takes the focus away from what are the true feeds and speeds - the metadata. The spooks are making all manner of assumptions based on analysis of what is effectively the data envelopes. It's like being tried and convicted on the basis of /who sent you/who you sent/ mail to, or who *they* sent mail to, ad infinitum. Ever wondered how they had well over half a million "potential terrorists" on their books when they went looking for the perps of the Boston Marathon bombings? You may well be on their list, if your friends have "dodgy" friends...

3
0
This topic is closed for new posts.