The beginning of the digital espionage age began with electronic surveillance programs such as Carnivore and Total Information Awareness at the start of the millennium – but it wasn’t until post 9/11 though that FBI agents began frequently showing up at Microsoft’s doors, often holding court orders demanding information on the Redmond companies customers.
At the time, Microsoft was the worlds largest email provider and government spies and eavesdroppers from across the world were constantly following trails of suspected terrorists that led to the world’s largest software company.
Those agents wanted everything, they wanted emails, contacts, account information and they wanted it quickly. Microsoft complied and their engineers put together all the data the government needed. At one point there was so much data going through the hands of Microsoft and to the government that the engineers were starting to doubt whether they should cooperate with the requests.
Wiretapping has been happening for years. The internet and phones work by data flowing through hundreds of cables running deep in the ocean, and since the 1970s the NSA has been tapping and spying on foreign cables. It doesn’t need permission to do these kinds of things, in fact, that’s its job.
The NSA is prohibited from spying on American’s or anyone in the United States, however. So when Pakistani and Afghan terrorists are using Hotmail, with its servers based in the United States, the NSA has no power – only the FBI does, and only if they have a warrant.
After 9/11, national security concerns in the USA were at an all-time high and President Bush secretly authorised the NSA to tap into the fiber optic cables that entered and left the United States, giving the agency and government warrantless access to Americans emails, phone calls, video chats, bank transactions and websites visited. This information was then decrypted by super computers, stored before being analysed and filtered for any potential information on threats to the country.
When the New York Times unveiled this in 2005 significant debate in the USA started over domestic surveillance with the Bush administration trying to cover it up labelling it as the “Terrorist Surveillance Program” and said it was keeping America safe.
Vice President at the time, Dick Cheney said that “This program has produced intelligence for us that has been very valuable in the global war on terror, both in terms of saving lives and breaking up plots directed at the United States,”
The government said that its data on Americans were labelled as belonging to an American and stored in a restricted part of their systems with access only being granted to the data when it becomes relevant to a national security investigation. Its unclear though how long they keep the data, as government officials confirmed that data wasn’t automatically deleted after a certain time.
In 2007, the Bush administration shut down its warrantless tapping program but endorsed a new replacement law named the Protect America Act which allowed the wiretapping to continue, but the NSA would have to explain its techniques and targets to a secret court. It was approved by congress, but a significant senator voted against it.. Barack Obama.
There is still a lot about Prism that is unknown, but basically it works like this:
Each year the director of national intelligence and attorney general puts together a document that outlines how the government plans on gathering intelligence on foreigners outside of the country. The act doesn’t require them to be specific either, and they aren’t required to identify specific people or places. A federal judge then approves the plan.
From then, the government can issue “directives” to companies like Microsoft, Facebook and Yahoo to hand over the information they request.
The companies aren’t all comfortable with this, with Yahoo going to court to limit what the government can take off them, and losing.
One of the big issues of concern that people have expressed with Prism is how the information is delivered, with the fear that the government has direct access into the private companies servers. All companies have denied this, however and have outlined how they give their information to the government authorities.
More on how they do this later.
Before agencies contact these companies they have to get the information they want to enquire about in the first place, and they do this just how the name Prism suggests, by narrowing and focusing on suspicious data coming into the USA. They then take this information to the internet companies to give them more direct information or pinpoint them to the ‘owner’ or user.
It then can use this one bit of information to then target and get information with anyone who interacted with it. For example, once the NSA has someone’s email inbox they can search its archives from the beginning of its opening for the content it contains and the people who person has communicated with. All those people are then able to be investigated, too.
As I mentioned above, Obama was one of the few in congress to be against it when the act was introduced. However, after being elected president his attitude towards wiretapping soon changed.
“I came in with a healthy skepticism about these programs,” Obama explained recently. “My team evaluated them. We scrubbed them thoroughly. We actually expanded some of the oversight, increased some of the safeguards.”
“You can’t have 100 percent security and also then have 100 percent privacy and zero inconvenience,” the president said.
Jason Weinstein, who recently left the Justice Department told Alternative Press that it’s no surprise Obama continued with the eavesdropping.
“You can’t expect a president to not use a legal tool that Congress has given him to protect the country,” he said.
What the companies have said and done
As mentioned above, one of the big fears is that the government has direct access into the companies servers, but all have denied this.
Mark Zuckerberg has even personally made a statement (over Facebook, of course) saying that “Facebook is not and has never been part of any program to give the US or any other government direct access to our servers. We have never received a blanket request or court order from any government agency asking for information or metadata in bulk, like the one Verizon reportedly received. And if we did, we would fight it aggressively. We hadn’t even heard of PRISM before yesterday.”
Google has said that it makes secure file transfers, Facebook has said that it reviews the requested data and transfers the same way and Microsoft also provides data per request and not in “aggregate volumes”.
Facebook and Microsoft on Friday disclosed the total number of legal orders they have received for user data, including ones from the NSA as well as different branches of the police force.
The total for Facebook was about 18,000 accounts over a six month period, or one-thousandth of one percent of user accounts.
Microsoft’s total was about 31,000 accounts over the same six month period that ended on the 31st of December, 2012.
Google has not yet released any exact numbers but has promised to do so with even more transparency than Facebook and Microsoft has.
Google already releases many statistics about government surveillance as part of its transparency report, including, information on secret national security letters sent by the FBI.
Being Australian, this doesn’t affect me (or us if you’re an Aussie reader) directly, but if you’re American there are some things you just don’t want other people to know that the government has access to. It leaves the people in power with the ability to punish anyone they’d like, whenever they choose with minor laws broken, or secrets found to make people co-operate with them. I am not saying that this is what they will do, just that the ability is there.
PRISM has a role in the security of America, the idea of what it is meant to do is actually a forward step in combating terrorism and threats to the country by monitoring what information passes to prevent things from happening. But the loop-holes and ways that it is done and the monitoring of every citizen in a country that takes pride in its freedom is done to such an extent to make people worry about their privacy.
These recent events are only the beginning of the future of surveillance programs, and I would expect to see more debate and protest.
While there are no known programs like PRISM in Australia, the pressure needs to be on to our government to be as transparent as possible about surveillance to keep people in ease about privacy.
This post was originally written for the authors blog.