back to article KEEP CALM and Carry On: PRISM itself is not a big deal

PRISM, the top secret US National Security Agency web communications and user data collection program revealed by whistleblower Edward Snowden last Friday, and targeted on nine top US web service providers, would seem unlikely to be the total, tyrannical surveillance behemoth reporters first assumed. That’s because its numbers …

COMMENTS

This topic is closed for new posts.
  1. R 11

    Public awareness

    The best thing about the revelation is growing public awareness.

    It seems there will be a large and increasing market for a public key based messaging solution. The first to offer a usable setup will pose a substantial economic threat to the existing messaging clients. Providers need to store messages, but they do not need to store the contents in any user-accessible fashion.

    I'd imaging there will be many businesses who would pay for an enterprise solution too.

    Once that's taken care of, hopefully we'll see a rise in encrypted VOIP.

    1. Gordon 10
      FAIL

      Re: Public awareness

      You are kind of missing the point. Most of the furore is about knowing the location and direction of a targets calls/mails - not content. PK will do very little to obscure that unless partnered with a TOR-like network - and even then the sort of relationships being fostered by the Government agencies give rise to plently of options for man-in-the-middle attacks.

      1. Herb LeBurger
        Alien

        Re: Public awareness

        If they're not collecting the content, then what is the Utah data center for?

    2. Michael Habel
      Facepalm

      Re: Public awareness

      >Implying that, that will make a Feted pair of Dingos Kidneys of a difference. To where the likes of the CIA, NSA, CGHQ and or the BND (Insert your favorite Counties Spy Agency HERE), are concerned... Its hardly like some spotty Teen is listening into your VOIP Phonesex conversations in Hongkong.

      1. TheOtherHobbes

        Re: Public awareness

        Actually it probably is some spotty teen monitoring your sexytimes.

        That's part of Snowden's point - even if you make a giant leap of faith and accept this stuff provides a security benefit, there are still too many random people with easy access to the collected data.

        And we don't know what else is going on. Prism may only be $20m, but we know from the Verizon story there's big budget wholesale data mining happening elsewhere - we just don't know what those programs are called, how they work in detail, or who has access to them.

  2. Schultz

    The scary thing...

    is not PRISM in itself, but the weasel words of the politicians, that so carefully deny some very specific points ("PRISM was never unlawful", "we don't routinely collect the content of communications within the US", ...), but avoid saying anything about what the security establishment is actually doing. If I can drive a train through the holes in their statements, imagine what a well-trained lawyer could do. (I.e. "GRATINGn not PRISM combined all unlawful activities", "we store all communications data within the US, but we don't collect as in 'look at' them.", "We routinely collect all communication data involving a foreigner or stemming from abroad.", ...).

    I agree with Obama, there should be a democratic debate on such programs -- and I don't understand why poor Mr. Snowden had to risk his neck to start it.

    1. Anonymous Coward
      Anonymous Coward

      Re: The scary thing...

      The public needs to be able to spy on the government too, many ministers are corrupt, lying and are taking backhanders not to mention falsifying expense claims.

      1. Ted Treen
        Big Brother

        Re: The scary thing...

        "...many ministers are corrupt, lying and are taking backhanders not to mention falsifying expense claims..."

        You mean you believe there are some who AIN'T???

        Do you still believe in the Tooth Fairy, too?

    2. Andrew Moore

      Re: The scary thing...

      Is anyone really surprised? There was a reason why there's an ex-CIA and an ex-DARPA on the board of Facebook.

    3. Quxy
      WTF?

      @Agree with Obama

      It's clear from his record that the *last* thing Obama wants is a public, democratic debate on surveillance programs. I voted for him and supported his campaign in the first term, but there's no denying that he has authorised a sharp increase in government surveillance while in office.

      As former NSA and CIA director Michael Hayden notes, "Obama expanded the surveillance programs in volume...NSA is actually empowered to do more things than I was empowered to do under President Bush's special authorisation".

      1. majorursa
        Big Brother

        Re: @Agree with Obama

        The fact alone that he says he wants a debate makes me certain he doesn't. The man did the opposite of what he preached everytime he made a speach within days after it.

    4. Yet Another Anonymous coward Silver badge

      Re: The scary thing...

      Similarly with the companies involved =ie. The NSA doesn't have direct access to Google's server

      No, It only has access to the switches feeding Google's servers.

      But the servers are owned by Google data center inc - a wholly owned subsidiary, which the has NSA access

      So we have a department of deniability that handles NSA requests and they are careful that the CEO doesn't know about it.

    5. Gordon 10
      Pirate

      Re: The scary thing...

      List of Weasel words

      "Direct connection" - not needed just a messaging framework.

      "not targeted at americans" - how do you tell whether they are americans in the first place.

      "legal" - as demonstrated by rulings of a secret court with no accountability to the public.

      "not the content" - in the age of the internet thought crimes who and where you make contact is just as informative as what you said.

      "National security" - as if any real terrorists arent already aware of the general possibilities of these systems.

      1. Tom 13

        Re: The scary thing...

        The scariest weasel words are the ones you don't think of as weasel words. Last night on Fox one of the panelists noted he's had conversations with spooks and in their parlance "collect information" is different than "gather information." One implies that somewhere in their database the information exists but no human being has examined it. The other means someone is actively examining the information.

  3. Anonymous Coward
    Flame

    Lies, Damned Lies and Guesswork

    I'll counter-guess: Those 20 millions are solely for requesting crypto keys from Skype. Google and Facebook. When they have that, the already-in-place Collection System will do the rest.

    There is only a single secure approrach: Get Out Of The Cloud Now !

    + TOR always, early and often erasing of cache

    + Raspberrry PI hosting your files

    + GNUpg encrypting messages

    + TrueCrypt encrypting your files

    + Cola bottles in the woods storing your encrypted backup memory sticks

    + encrypted chat over your own chat server running on the RaspPI

    + Raspberry PI server runs your email server

    Essentially, boycott the business of Brin, Zuckerberg and Ballmer. Those are 100% subverted by an security services running amok.

    1. Matt Bryant Silver badge
      Facepalm

      Re: Alternative Fried Newt Re: Lies, Damned Lies and Guesswork

      And don't forget your triple-layer foil hat!

      1. Anonymous Coward
        Flame

        Re: Alternative Fried Newt Lies, Damned Lies and Guesswork

        Yeah Matty, not supplying everything to the US and its little warmonger-terrorist appendix-brain is un-patriotic. Patriotic Americans carry a smart phone at all time. Including those Americans who live in the 51st state.

        Surely you can explain this to us along with the fact that only HP hardware is kosher.

        1. Spoonsinger

          Re: Surely you can explain this to us along with the fact that only HP hardware is kosher..

          An Orthodox Jew Walks into a Bar…

          and buys a printer.

          (the wacky dude)

        2. Matt Bryant Silver badge
          Happy

          Re: Aborted Fried Newt Re: Alternative Fried Newt Lies, Damned Lies and Guesswork

          ROFLMAO! Please don't shriek so loudly, you'll wake the rest of your kindergarten class from their naptime!

          "Yeah Matty, not supplying everything to the US and its little warmonger-terrorist appendix-brain is un-patriotic. Patriotic Americans carry a smart phone at all time. Including those Americans who live in the 51st state.

          Surely you can explain this to us along with the fact that only HP hardware is kosher." So, as well as be rabidly paranoid and anti-Yank you're also anti-Semitic? Wow, what a charming chap you are - not. But please do continue posting, the humour value you provide, whilst unintentional, is certainly the only quality item you have ever provided.

        3. Tom 13

          Re: Including those Americans who live in the 51st state.

          Guess you missed it: The Big 0 announced during his first campaign that there are 56 states.

    2. Anonymous Coward
      Anonymous Coward

      Re: Lies, Damned Lies and Guesswork

      That seems like a lot of bother. I think I'll just rely on the assumption that the government finds both me and my activities boring, and not worth a second glance. Sadly, they are correct.

    3. Anonymous Coward
      Anonymous Coward

      Re: Lies, Damned Lies and Guesswork

      "Cola bottles in the woods storing your encrypted backup memory sticks"

      I would not trust my data to a bottle made by a US owned corporation.

    4. Questions765

      Re: Lies, Damned Lies and Guesswork

      Hi, I was just wondering if you could provide some more info on your ideas to help protect privacy that I've detailed below.

      When talking about RPI for hosting files, are you talking about setting it up as a web server for whenever you want to upload a file?

      Can you explain GNUpg in more detail? I had a look at the wiki page but still didn't understand it much; should GNUpg be used for whenever you send a message over the net?

      Instead of having an encrypted chat server running on RPI, what about Cryptocat for chat? (similiar idea to TOR)

      Why do I need to use Raspberry PI to run my email server? For example, iF I was using claws mail, couldn't I just use that on Windows rather than on RPI?

      Will Tor make my internet privacy completely safe? I mean other than emails, I use duck duck go as my search engine, but should I be using RPI as a router/switch to help with my privacy or has TOR got it covered?

      Apologies if this seems a bit long winded.

      Many thanks,

      1. Anonymous Coward
        Go

        Technical Questions And Answers

        "When talking about RPI for hosting files, are you talking about setting it up as a web server for whenever you want to upload a file?"

        I suggest you use the RPI server to be essentially a cloud-based file server. You can do that via SAMBA or (better) ssh/scp. Securing SAMBA is certainly a bit more complicated, as it is one of these strange commercial contraptions.

        "Can you explain GNUpg in more detail? I had a look at the wiki page but still didn't understand it much; should GNUpg be used for whenever you send a message over the net?"

        GNUpg or gpg is the free-open-source variant of PGP. Maybe you should first do some reading on Public-Key Cryptography. Essentially, it eliminates the need for securely transmitting a secret key from message destination to source. The destination will generate a private/public key pair and publish the public key. The sender will encrypt with the public key and only the destination can decrypt because only they have the secret key. That's highly counter-intuitive, but it actually works nicely ! Go to your local Linux user group and ask for help. Plus, there are FOSS GUIs for gpg, which might ease things a little.

        "Instead of having an encrypted chat server running on RPI, what about Cryptocat for chat? (similiar idea to TOR)"

        I don't know Cryptocat, but if you need to trust a third-party server, they can do Traffic Analysis more easily, as they only have to listen to the server to ferret out all relationships. And, how do they generate good session keys in Cryptocat ? Weak session keys are a major threat to any crypto system.

        "Why do I need to use Raspberry PI to run my email server? For example, iF I was using claws mail, couldn't I just use that on Windows rather than on RPI?"

        Yeah, you can use Windows as your server, but that will eat much more energy 24/7, which translates into a potentially unsustainable energy bill. Plus you get all the exploits of commercialware, which you can only inspect with a disassembler, not just a plain text editor.

        "Will Tor make my internet privacy completely safe? I mean other than emails, I use duck duck go as my search engine, but should I be using RPI as a router/switch to help with my privacy or has TOR got it covered?"

        Whenever you surf the internet, your IP gets logged in government collection systems and in private-sector collection systems (which are of course called "customer click analysis system" or something). Plus, they will lob dozens of cookies onto your computer. Even if you delete all cookies, sophisticated operators such as Google and Facebook can nail you down, especially when you log into facebook, google or hotmail. The government certainly has access to telecom records and can attach your real name to your IP address. TOR plus regular deletion of cookies will thwart all of that or at least make it massively more complicated. Of course they will float allegations that "we have already broken TOR, GNUpg and all that" to convince the faint-hearted to not take the effort. Even if there is some modest truth to that claim (I suspect they perform some sort of traffic analysis and correlation on TOR traffic - research papers are out there for everybody to see from government agencies), you will still protect yourself from those thousands of half-criminal non-government snooping agencies out there.

  4. Anonymous Coward
    Anonymous Coward

    Prism Logo

    Far from being meaningless, I'd say it's quite apt, since it shows input information (white light) being processed to reveal its component parts.

    1. Someone Else Silver badge
      Coat

      Re: Prism Logo

      They should be careful, lest they get sued by Pink Floyd for copyright infringement....

      1. Charles Manning

        Re: Prism Logo

        "get sued by Pink Floyd"

        Don't you know? PF were govt agents! All the psychedelics where just cover so they could infiltrate the pop scene!

        1. Tom 13

          Re: Prism Logo

          Guess you missed this article:

          http://www.theregister.co.uk/2013/06/12/nsa_logo_scandal/

      2. Allan George Dyer
        Coat

        Re: Prism Logo

        Newton has prior art... and the laws.

        Yep, the one with the apple in the pocket.

  5. Ben Holmes
    Meh

    You're not as special as you think you are.

    Given the numbers involved, PRISM is clearly targeted at specific individuals. When you're doing something on that type of budget, in that kind of business, you want to know specifics. You don't trawl through reams of information looking for snippets that MIGHT be interesting. That would be a complete and utter waste of time and budget.

    The fact that mechanisms are in place to allow law enforcement agencies to get comms data from providers is neither appalling, nor surprising. The comparison with RIPA here is appropriate. I would be more concerned if law enforcement agencies DIDN'T have access to this type of data.

    It's my own personal view that this whole episode is just a mountain-out-of-a-molehill type of event. It maybe unpopular with those who like to make a song and dance about it, but whatever.

    1. Anonymous Coward
      Anonymous Coward

      Re: You're not as special as you think you are.

      I see InfoOps is out there to throw oil on the water.

      1. Ben Holmes
        Happy

        Re: You're not as special as you think you are.

        Surely "Inf Oops" would be a better label, given the circumstances?

    2. Flywheel
      Thumb Down

      Re: You're not as special as you think you are.

      Maybe I'm not "special" right now, but who's to say that I won't be in perhaps 3 months / 3 years when something I said online then becomes a thought crime? Will I suddenly be deemed to be sympathetic to a particular cause?

      1. Yet Another Anonymous coward Silver badge

        Re: You're not as special as you think you are.

        You are special now - you pay tax.

        And you file to pay the extra sales tax on anything bought out of state, and you declare any souvenirs you bring back from a foreign trip, and pay income tax and social security on anything you sell on ebay?

        I hope so because the IRS now have a copy of all your internet traffic and all your credit card slips

    3. Tom 13

      Re: You're not as special as you think you are.

      The only thing clear here is that the NSA is gathering data on just about everybody. After that everything is guesswork and surmise, starting with whether or not you believe Snowden is telling any truths followed immediately by whether or not the document he released is true. Even if we assume both of those are true that still doesn't get you to highly targeted on the raw data collection. It's possible PRISM is just the analysis of specific data that was gathered under another program name. That leaves you with a factual number for PRISM that hides a much larger program elsewhere. It gets you off the hook for lying to your own people (in this case own people = NSA agents). It also fits with the sort of compartmentalization I'd expect in a spy agency.

      I know I'm not that special. Yes there are things I don't want you to know about me, even if you are a close friend. I think all of them are legal. I don't believe I've broken any laws in the sense of a law that is on the books and 75%+ of the people think ought to be on the books. For practical purposes, I'm sure the program has stopped some terrorist attacks. Likewise shutting it down will likely cost some lives. I'm also quite certain the program has a huge potential for abuse. And at this point that potential for abuse has me at the point where I think it should be shutdown.

      My major point of difference with the people who are insisting it be shut without asking any further questions is that I'm willing to listen to arguments to allow it to continue; albeit with a better understanding of what 4th amendment protections are in place and how it is that I know I can trust those protections to be obeyed. For as fuzzy as how the protections might be implemented are, the even bigger issue is that in light of the IRS scandal and the funny business with tapping James Rosen's and AP's phones the trust issue is even fuzzier.

  6. Don Jefe
    Meh

    Cost Analysis

    The $20M in project costs are likely the warrant fulfillment remuneration paid to the service providers. PRISM is part of a larger system and in all my years I've yet to see training and awareness documents that describe upstream costs of associated programs/systems. This is doubly the case in a compartmentalized organization.

    The same Constitution that's being lawyered into ineffectiveness guarantees that companies and individuals who provide goods or services, even under orders, to the government are to be paid back for goods/services provided. It has to with when The Evil British Empire was confiscating private property from Colonists in the name of the Crown. The stated figure of $20M is perfectly reasonable for what is a one or two person job at each of the companies involved.

    1. Yet Another Anonymous coward Silver badge

      Re: Cost Analysis

      The $20M in project costs are worth an investigation on their own.

      It will be the first government IT project to only cost $20M since Babbage got a contract to put some brass gears together to print navigation tables

      1. Gannon (J.) Dick
        Pint

        Re: Cost Analysis

        $20m in ink maybe, but no paper to print on or - what were you thinking - hardware made of expensive brass.

        But yes, good point.

  7. Bleu
    Thumb Up

    Pretty Rich Infernal System Making

    First time I've seen this presentation of that PRISM as an acronym, pray tell us the words for which it stands, or does it fall into `if you know that, they'll have to kill you' territory?

    Why should it be too costly if they have deals for spoon-feeding from US `national champion' .coms, and doubtless plenty of black budget?

    My heading is lame, I know (tired), but other commentards can doubtless do better.

    1. Anonymous Coward
      Anonymous Coward

      Re: Pretty Rich Infernal System Making

      Whatabout Pork Rulez Intelligence Massively ?

      1. Anonymous Coward
        Anonymous Coward

        Re: Pretty Rich Infernal System Making

        Errata: Pork Rulez Intelligence Swinery Massively

        1. rupertjames
          Big Brother

          Re: Pretty Rich Infernal System Making

          Prescribed Requests from Internet Service Maintainers

          It'll be something like that anyway. The first four words will be corporate jargonese, and the last word is bound to be very clunky as they will have picked it just to complete the Acronym

    2. LinkOfHyrule
      Paris Hilton

      P.R.I.S.M

      Paris Really Is a Sexy Momma!

  8. Anonymous Coward
    Big Brother

    "U.S. government also acquired a back way in"

    It's worth remembering that this very organ reported about possible backdoors in Skype some five years ago.

  9. captain veg Silver badge

    Stature

    > "PRISM complies with applicable law, and may be stature or warrant based"

    So no warrant required for tall people?

    -A.

  10. Katie Saucey
    Unhappy

    No big deal then , eh?

    I forwarded this article to some tinfoil wearing acquaintances who might not "get it". I've been informed that is well known (by certain people) that Vulture Central is a hot bed of Illuminati and Reptilian activity. This piece was obviously written by the Jewish Media Conspiracy in a feeble attempt to calm the overactive minds of us IT drones. /sarcasm

    In short, I was having fun freaking everyone out since this story broke. Now while at lunch, I'll just have to go back to talking about how shitty the Blue Jays are doing this year. Thanks Reg.

  11. Anonymous Coward
    Anonymous Coward

    Open Dollars as compared to acres of Utah Data Center

    If they're simply requesting a wee bit of metadata here and there, then it would easily fit into a single 1TB portable hard drive. In fact, it would fit into a single USB stick per month.

    If they will have a Utah Data Center "designed to store data on the scale of yottabytes" (millions of TB), then OBVIOUSLY they're planning to capture and store CONTENT, not just limited volumes of metadata by individual requests.

    They should offer "private" file retrieval service as a form of Paid-For automatic backup service for consumers, companies, foreign governments, enemies of the state... UDC might turn into a profit center for the government.

    I for one welcome our new overlords. I feel safer already. They've been doing this since 2007, and not a single Boston Bombing incident has happened since. Oh... FAIL.

    1. Anonymous Coward
      Anonymous Coward

      Re: Open Dollars as compared to acres of Utah Data Center

      If they have a list of close friends on each human being, that would be in the Terabyte range. So the entire "Yottabyte" thing might be bullshit. The MfS probably had an archive measured in the tens of Gigabytes and that was effective to keep 17 million people from saying the truth in their own bedrooms.

    2. Bleu
      Thumb Up

      Re: Open Dollars as compared to acres of Utah Data Center

      NSA Cloud Services: Stock float coming soooon

      Possible slogan: Why settle for second best, we slurp 'em all so we outslurp the rest!

      Speaking of which, this all casts a bright new light on some of Eric Schmidt's odd statements about info privacy, don'it indeed?

  12. LPF

    I notice RIM isn't on there....

    I know that they are a candian company, but with their end to end encrytion, if Iwas them I would be making a big noise, that unlike all the others , no one can tap your comms while using them!

    1. Anonymous Coward
      Anonymous Coward

      Re: I notice RIM isn't on there....

      It's called UKUSA and RIM will have to bend over if merika says so. That's the point of being a Vasall.

  13. Anonymous Coward
    Anonymous Coward

    "But this makes little sense, as immense cryptologic and analytic resources would have to be deployed at interception centres to decrypt and analyse SSL"

    Why would they bother doing that? They're the government. Surely leaning on the SSL certificate issuers would be easier and more productive.

    1. Anonymous Coward
      Pint

      now that's devious.

      I like it.

      1. Puzzeled European
        Black Helicopters

        Re: now that's devious.

        Not devious, just the easiest, most efficient and most valuable way to achieve this ends.

        why use huge amounts of computer power if they can just break https during handhake before any really hard computation really happens? Just go for the certificate!

  14. I ain't Spartacus Gold badge
    FAIL

    Huge Failure

    What idiot at the Pentagon named that submarine? You're picking the name for a sub to tap into undersea cables. It's going to be named for an ex-President. How could it not be called the Richard M Nixon?

    Boooooo!

    1. Sporkinum

      Re: Huge Failure

      I get the point, but Jimmy Carter was a submariner before he was a politician.

      From Wikipedia "Carter served on surface ships and on diesel-electric submarines in the Atlantic and Pacific fleets. As a junior officer, he completed qualification for command of a diesel-electric submarine. He applied for the US Navy's fledgling nuclear submarine program run by then Captain Hyman G. Rickover. Rickover's demands on his men and machines were legendary, and Carter later said that, next to his parents, Rickover had the greatest influence on him. Carter has said that he loved the Navy, and had planned to make it his career. His ultimate goal was to become Chief of Naval Operations. Carter felt the best route for promotion was with submarine duty since he felt that nuclear power would be increasingly used in submarines. Carter was based in Schenectady, New York, and worked on developing training materials for the nuclear propulsion system for the prototype of a new submarine."

      1. I ain't Spartacus Gold badge

        Re: Huge Failure

        Sporkinum,

        Interesting. I hadn't realised that. I guess that's why he got a sub, and not an aircraft carrier, like all the other presidents.

  15. Anonymous Coward
    Anonymous Coward

    + 2

    + 2

    x

  16. Martin 47

    Except its not just 9 companies, it is looking increasingly likely its 40 plus companies

  17. Tim Parker

    "Ironically, the PRISM disclosure may, when more carefully considered, buttress the continuing British campaign against the re-introduction of the CDB – not because PRISM surveillance was unlawful, but because, being lawful, it shows that GCHQ and the Home Office were having Parliament on when they demanded new powers and systems for Internet intrusion."

    ..perhaps, but to be fair to them

    (a) they're secret squirrels and so are allowed to bend the truth somewhat (especially when talking down to the level of a Member of Parliament i'd have thought)

    (b) more seriously, no intelligence service is going to like be beholden to another in the same country for information, let alone one in another country.

  18. Anonymous Coward
    Anonymous Coward

    "Forgot"???

    "Significantly, when GCHQ recently gave evidence to the Intelligence and Security Committee in support of the Communications Data Bill, they may have ***forgotten*** to mention that they already had access to Hotmail and Gmail and many of the other services which they said were “black holes” requiring new systems and powers."

    T May / Home office: ok Mr Spook, you're going to the parliamentary committee to explain why we need the brand new ability to spy on hotmail, gmail, facebook etc., because that's what the terrorists and paedos use and we have "black holes" in our intel and think of the children... ok?

    Mr Spook: err., but we can already access all that from our special friends using PRISM.

    T May: well, you'll have to conveniently forget that then, ok?

    Mr Spook: but that's the only reason why you asked me to go to the committee...

    T May: I said, conveniently forget it!

    Mr Spook: ok.

  19. btrower

    It's magic!

    Re: "PRISM’s reported costs are so small, it has to be mighty simple."

    By this reasoning, PRISM did not even exist since its 'reported' existences was not reported at all. It is awe inspiring how these guys manage to keep this magic act in play.

    Maybe the reports are false or misleading just like half the other stuff coming out of them. We all know that this nonsense has been going on forever. However, modern technology makes their invasive snooping significantly more dangerous than it ever was before.

  20. Anonymous Coward
    Anonymous Coward

    Pen registers and wiretaps

    Anyone who is upset over the harvesting of of call data, or Microsoft providing for monitoring skype calls needs to look up two items:

    1) CALEA 1994

    2) Smith v Maryland

    Then you can comment on what may or may not be legal.

  21. JeremyP99

    VPN.

    1. Trigun
      Pint

      But not PPTP ;)

  22. John Smith 19 Gold badge
    Big Brother

    "It's all legal."

    So was the Enabling Act.

    What it enabled, less so.

  23. jubtastic1
    Big Brother

    It's a big deal

    Realtime collection of all communication metadata, while the comms content itself is mandated by law to be stored by the companies involved for ever increasing periods of time.

    STEP 1) Government knows everything about everyone. [x]

    STEP 2) Elect the wrong people [inevitable]

    STEP 3) Horrific Dystopia. [ ]

    1. Someone Else Silver badge
      Coat

      Re: It's a big deal

      STEP 4) Profit!

  24. nexsphil

    Bullshit Damage Limitation

    I see the fuckwitted damage limitation stories have started to run in the usual propaganda outlets, ably surrounded by the usual infantile shills crying "tinfoil hat!!" as an attempt to dismiss fact.

    1. Yet Another Anonymous coward Silver badge

      Re: Bullshit Damage Limitation

      Indeed - the suggestion that a sysadmin earned $200K and had a pole dancer girlfriend suggests that the whole thing is a fantasy

    2. Matt Bryant Silver badge
      FAIL

      Re: nexsphil Re: Bullshit Damage Limitation

      I see that, as per usual, the tinfoil-attired are having a hard time coping with reality.

      1. I ain't Spartacus Gold badge
        Happy

        Re: nexsphil Bullshit Damage Limitation

        Matt,

        I've got no problems at all with reality. Although my tinfoil underpants do chafe somewhat...

  25. Someone Else Silver badge
    WTF?

    Well, let's see here...

    If Mr. Campbell is correct (and, right now, that is BIG 'if)', then all the wailing, pissing and moaning by the NSA's Komrade Clapper is still more bluster and bullshit, and Ed Snowden is not the traitorous Quisling that Clapper and his band of merry bloviators (e.g. John Boehner, et al) would like us to believe.

    On the other hand, Mr. Campbell's article doesn't quite pass the smell test; it has too many of his "cogent points" waved on without sufficient analysis. For example, the $20M/year "budget" in the PowerPoint is quite frankly, unbelieveable. Were Campbell to get a look at the secret budget for US government black ops, he would quite likely find a much larger number. That this $20M shows up in a PowerPoint indicates that it is a talking point number; the real number is rather different.

    The truth probably lies somewhere in between Campbell's apology and Clapper's rants. Or, as I believe, both men are spewing bullshit.

  26. Shannon Jacobs
    Holmes

    Making the problem better or worse?

    There are three main things that are really bothering me about these disclosures:

    (1) Knowledge is power. Knowledge about you is power over you. It isn't just the negative stuff like embarrassing mistakes, exploitable weaknesses, or even legal transgressions that might make you subject to blackmail. It's also the positive things like your tastes, interests, and even your strengths that can be used to manipulate you. If the power is there, sooner or later someone is going to abuse it--and probably sooner. I still remember the big dick Cheney.

    (2) Terrorists are insane, and mental pressure drives people insane. How much pressure does it create to know that everything you've ever said and done is on the record? How much pressure does it create to know I can't talk to anyone about anything that is critical of the government? I think we may be headed for an epidemic of lone wolf attacks--if that isn't what we are already seeing. Has it seemed to you that there have been a lot of crazy shootings lately? Were they just crazy paranoids? Not it turns out they probably were right to think the government was after them, eh? So they go nuts and shoot people. There is no perfect safety, eh?

    (3) If I was a BAD actor trying to organize a large-scale plot, I would assume that all of my electronic communications might be tapped and I would act accordingly. What the government is doing here reminds me of the joke about trying to help some guy who is looking for some money. "Were you standing right there when you lost the money?" "No, I lost the money in Afghanistan, but I'm looking here because the light is better." It's hard to look for information about actual terrorists, but it's really easy to look for information about us.

  27. 4ecks
    Black Helicopters

    colour me suspicious but..

    "A specially equipped nuclear submarine, the USS Jimmy Carter, carries cutting, tapping and interception systems to lie on the sea bed. The submarine has been in active service since 2005" - and how many undersea cables have suffered "anchor" damage at the times she has been in the area?

    1. Puzzeled European
      Black Helicopters

      Re: colour me suspicious but..

      Just go to wikipeda like the rest of us!

      http://en.wikipedia.org/wiki/2008_submarine_cable_disruption

      were's me tin hat?

  28. Will 28

    Meanwhile in a deep underground bunker...

    #Smudge1 - Sir, communication monitoring is in place, we're hearing everything... it's really quite disturbing, please turn it off.

    #Smudge2 - No, we must monitor ALL communication!

    #Smudge1 - Well we do have this bank of emails and phone calls between one of our people and a newspaper exposing our entire operation, after all we do hear EVERYTHING!!! Shall we stop it?

    #Smudge2 - That's exactly what they're expecting, let's confuse them. We'll let the story leak out, and demonstrate ourselves to be unable to control our people, and totally unaware of what who our own people are talking to, despite having complete access to their communications, and those of the journalists. No-one will believe that we can hear everything then!

    #Smudge1 - Brilliant Sir, lets just hope this conversation doesn't leak out onto a discussion board.

  29. Gannon (J.) Dick
    Happy

    Google and Facebook respond ...

    "OFFS, don't worry about the NSA. We dreamed up this meta data superpowers thing so rich idiots would pay us BEELIONS for crap 'advertising'. It doesn't work. We're making most of it up anyway. Stop giggling, ok ? Not that they read the Register, but some of them can read - WE THINK. Ok enough, be quiet they're milling about looking confused, no they always look that way when their money is being harvested ..."

  30. Kernel32

    History is the future

    How nice to see Duncan Campbell still setting things straight.

    This has been going on for decades and illustrates nicely that the point of newspapers is to sell paper not to provide news.

    The main things that have changed over Duncan’s time are the move from circuit to packet switching (affecting call/session records), the huge growth in storage and processing power for analysis and the huge growth in messaging systems. The latter leave imprints all around the world – so it is a general data protection issue. Your hotels and their host governments probably know much more about you than the “friendly” spooks do (or even want to).

    I was surprised you did not link to related Reg articles such as some 2001 ones on Echelon, including the EU report. Going further back James Bamford’s “Puzzle Palace” (pub 1982) goes through much of what currently excites people. Duncan’s own “The Unsinkable Aircraft Carrier” (pub 1984) covered surveillance and the electronic frontier. Some of the sites he “revealed” are now tourist attractions. As, of course, is Station X at Bletchley Park if we go even further back. Go visit them all and get yourselves up to date.

  31. Anonymous Coward
    Big Brother

    Peer-to-peer nature of Skype?

    the peer-to-peer nature of Skype’s Internet conversations means the company does not store and has no access to past conversations

    If an external agency can tap the calls without accessing Skype servers, then that point is rendered moot.

    Legal Intercept filed 2009

    'Aspects of the subject matter described herein relate to silently recording communications. In aspects, data associated with a request to establish a communication is modified to cause the communication to be established via a path that includes a recording agent. Modification may include, for example, adding, changing, and/or deleting data within the data`

    'As mentioned previously, traditional techniques for silently recording telephone communication may not work correctly with VoIP .. the term VoIP is used to refer to standard VoIP as well as any other form of packet-based communication that may be used to transmit audio over a wireless and/or wired network. For example, VoIP may include .. Skype and Skype-like applications`

  32. Anonymous Coward
    Anonymous Coward

    "immense cryptologic and analytic resources"

    They don't need to decrypt everything in realtime, or at all. PRISM isn't about searching everyone's email and phone calls in realtime (though I'm sure that is on the whiteboard as a future goal) It is about seeing the graphs of connectedness between everyone on the planet. They want everyone's phone/text/email "Bacon number" versus known or suspected terrorists. They don't care about the 3s, 4s or 5s today, but today's 5 can be tomorrow's 1 if a guy he knows from college turns up on the terrorist watchlist (whether with or without justification)

    They don't need to decrypt data to do this, the data they want is IP addresses and those aren't encrypted (except for those using Tor & friends, which is a miniscule fraction of a percent of all internet traffic) Ideally they want to store as much of the content as possible, at least in the short term, so if they find a person of interest and work backwards on his graph of connectedness a few levels they can see what was being exchanged. This was made pretty obvious if you paid attention to the investigation of the Boston bombers.

    If the traffic is well encrypted they probably can't look at it, but given how little email (for instance) is encrypted these days, the mere fact you send emails that are heavily encrypted would probably up their suspicion of you several levels if you also turned out to be only two degrees away from the Boston bomber.

  33. ben_myers
    Devil

    Skype, Microsoft, US Govt - An interesting marriage perhaps?

    Will conspiracy theorists speculate that the Bush administration put pressure on Microsoft to buy Skype, so that Skype traffic could be monitored? Previous to its acquisition by Microsoft, Skype was operated from outside the US, hence away from the influence of the US Govt? Next step is to also wonder what the govt traded to Microsoft to get the Skype deal to happen.

  34. cupperty
    Alert

    Another scoop

    That Google wifi-slurping episode - a lone rogue Google operator??

  35. Pan.

    (US) National Security can be also industrial espionage, economic insider info, etc.

    We seem to forget the Elephant in the Room.

    While a lot of noise have being made with regard if PRISM has access to US citizens data we seem to blissfully forget that its in the core role of NSA and to the interest of the US National Security to have extensive personal/cloud data access if you are not a US citizen, equivalent to simple old school espionage:

    - UK/German/Chinese/Japanese industrial competitor of a critical technology which gives US an edge over the rest industrial world (name it! could be Airbus, Eurofighter, Semiconductor industry, whatever)

    - UK/German/Chinese/Japanese financial competitor of a critical sector (commodities, oil supply, stock info, companies insider info)

    - UK/German/Chinese/Japanese foreign policy and deference planning + or 'personal' politicians/military/decision makers data.

    All the above are not against the US Law, and of course are in the core of NSA activities and scope, not recently but since its beginning. The only difference is that they did not had immediate access to data before the Internet and especially the Cloud.

    So we seem to be wrongly focusing to the US citizens liberties being taken away, while all the rest of us, non US citizens, can be data mined legally at any moment.

    It could be a huge blow to the Cloud, your data is actually NSA data and we dont seem to talk about that.

  36. Pan.
    Flame

    and lets not forrget

    and lets not forget NSA is a classic spying agency not an anterrotist organisation. Terrorism did not existent in the 60s but NSA surely existed.

    NSA is not about the "bad guys" is about anyone who has something to offer to the US National Security interests. It this is quite vague

  37. strum

    Furore

    In the midst of this furore, I think we need to separate two basic things; the capacity to snoop and the usage of snoopage.

    When push comes to shove, the spooks could probably snoop anything, anywhere. What we're talking about here is making it easy for them.

    If we make it too hard for them they'll resort to harsher methods. If we make it too easy, they'll exploit it.

    At the same time, we're also attempting to establish a legal framework for it - something which previous generations of spooks would have wondered at.

    If the legal framework is too lax, it will be exploited. If the framework becomes too restrictive, it will be ignored.

    Meanwhile - what are they using it for? Well, I'm prepared to accept that, most of the time, the spooks at NSA & GCHQ are bent on seeking out bad guys (or, at least, people they perceive as bad guys). But that doesn't help me sleep better, when I don't entirely trust their perception of badness. Nor can I be confident that the next gummint won't think that someone is a bad guy, simply because they ask awkward questions (there have been many time in the past, when Duncan Campbell would have been the target of spookage). Nor can I be confident that some schmuck with access might decide to do me over, just because he can.

    None of us should pretend that there are easy answers to this. But it seems to me that the fundamental question is, who guards the guards (that guard the guards)? Multi-level scrutiny seems to be required.

    Final point, the spook world needs to realise that the easy digital slurping they wish to exploit has a double edge. Just as they can gobble up large volumes of stuff, so can Bradley Manning and Edward Snowden, or the next guy.

  38. Harry Stottle

    NSA Skype Backdoor predates Microsoft Acquisition

    Duncan appears to have made the same mistake I did.

    I high fived anyone within range when I saw the slide confirming PRISM's skype access date as 2/6/11 because I'd blogged, when the news of Microsoft's acquisition went public, that I suspected that at least one of the reasons for their interest was in providing a back door for their US Government clients.

    The slide appeared to confirm that sequence of events. My self congratulations were cut short, however, when my (American) wife pointed out that the date on the slide would be in American date format and thus meant 6 Feb, not 2 June. Microsoft's acquisition date was 11 May.

    I'd also take issue with Duncan's assessment that because the PRISM numbers are "too small" they can't be connected with the "peering points" (which, incidentally, although owned by the likes of AT&T, are shared with all the other major US Telecom providers). I suspect the PRISM numbers reflect only the "interesting" fruit harvested from the petabytes of data which the Narus STA 640s are more than capable of "reassembling".

    I recommend James Bamford's "Shadow Factory" (2008) for anyone nerdy enough to want the gritty detail but Wired were the first to publish Klein's exposure and they cover this detail here:

    http://www.wired.com/science/discoveries/news/2006/05/70914

  39. Graham Cobb Silver badge

    Follow the money

    One of the most worrying aspects here is the apparently tiny amount of cost involved. Of course the NSA can turn their hand to snooping anything -- the protection that society needs is to make sure it is expensive!

    The difference between a democratic society and a police state is not so much about the legal powers of the police as the resources they have to use those powers. As long as it is expensive to track people, to record their conversations, to read their email, to monitor their cars, we have reasonable protection from a police state. But the point of the Communications Data Bill and, apparently, of PRISM, is to make it easier for the police and the spooks. That is why it needs to be resisted.

    Those capabilities need to be very expensive to use. That way they cannot be used routinely or widely but will be kept in reserve for limited use.

  40. Anonymous Coward
    Anonymous Coward

    Looks like what everyone's been saying is actually true.

    Skype isn't safe. Well, that's what happens when it's bought by MS.

    Joking aside, my mother will be disappointed, she was planning on world domination from her care home.

  41. austerusz

    1. The fact that there are planned system that may be more intrusive than PRISM doesn't make PRISM less of an intrustion

    2. "his appears to refer to links from NSA central systems to special company servers" - based on what?

    3. "They would cost much but deliver little actionable intelligence" - the quantity of "actionable" intelligence is little in any case with respect to the quantity acquired. In fact, there's no guarantees related to quantity regardless.

    4. "The average cost of each PRISM derived report in 2012 would be $830" - yeah, pretty cheap. There are many ways to explain reduced costs, but the auther isn't interest in explanation, only in supporting his message. According to all the military intelligence bigshots, the reason they like PRISM is the low cost due to using the infrastructure belonging to private companies that were targeted.

    5. "From material published to date, there is no reason to disbelieve this" - indeed, between the outmost honesty of companies like Facebook as well as the transparency of the process, belief should swing the PRISM way.

    The bottom line on PRISM is that NSA did gather data indiscriminately even on non-americans without the approval of their respective governments and with the complicity of the companies which those people used.

    I'm still curious how the whole violation of US constitution goes.

This topic is closed for new posts.

Other stories you might like