James R. Clapper, the nation’s Director of National Intelligence, claimed that recent reports about the NSA monitoring Americans’ Internet and phone communications are inaccurate.
“The Guardian and The Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act,” he wrote in a June 6 statement. “They contain numerous inaccuracies.”
While the statement didn’t detail the supposed inaccuracies, it explained why the monitoring described in those articles would, at least in theory, violate the law. “Section 702 is a provision of FISA that is designed to facilitate the acquisition of foreign intelligence information concerning non-U.S. persons located outside the United States,” it read. “It cannot be used to intentionally target any U.S. citizen, any other U.S. person, or anyone located within the United States.”
The Foreign Intelligence Surveillance Court, the Executive Branch, and Congress oversee Section 702; Congress recently reauthorized the measure after what Clapper described as “extensive hearings and debate.”
The Guardian and The Washington Post articles describe an NSA project codenamed Prism, which allegedly taps into the internal databases of nine major technology companies: Microsoft, Google, Yahoo, Facebook, PalTalk, YouTube, Skype, AOL, and Apple. Both publications drew their information from an internal PowerPoint presentation used to train intelligence operatives. “Firsthand experience with these systems, and horror at their capabilities, is what drove a career intelligence officer to provide PowerPoint slides about PRISM and supporting materials,” the Post wrote at the conclusion of its article.
While the presentation hints that those tech companies gave their assent to the NSA tapping their databases, many denied awareness of Prism—much less involvement with the NSA—when contacted by Slashdot.
“Google cares deeply about the security of our users’ data,” a company spokesperson wrote in an emailed statement. “We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a ‘back door’ for the government to access private user data.”
The Google spokesperson suggested he didn’t “have any insight” into why Google would have appeared in the NSA’s alleged PowerPoint presentation.
Microsoft offered something similar: “We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it.”
As did Facebook: “Protecting the privacy of our users and their data is a top priority for Facebook. We do not provide any government organization with direct access to Facebook servers. When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.”
Meanwhile, Apple spokespeople told The Washington Post: “We have never heard of Prism.”
Another Prism slide claims the program costs roughly $20 million per year. “Overall, $20M seems like a relatively modest sum for a project that has been described as resulting in ‘the world’s largest database,’” Charles King, an analyst with Pund-IT, wrote in an email. “In fact, the individual telcos and web companies whose data Prism is reportedly collecting have IT budgets that are orders of magnitude larger.”
If Prism really exists—and if it’s really siphoning off tons of personal data from the nation’s largest tech companies—it would require the NSA’s engineers to implement some sort of specialized framework for storing and analyzing all that information, similar to what Facebook needed to do in order to keep up with the tidal wave of postings and photos uploaded to the social network every day.
In Facebook’s case, the result was a project dubbed “Corona,” a scheduling framework that allowed the company’s backend infrastructure to effectively schedule and utilize data clusters. One imagines that, if the NSA has its own proprietary data-crunching framework in place, it’s a much larger and more sophisticated beast: after all, the agency has massive data centers under construction in Utah and Maryland, doubtlessly filled with unimaginable amounts of data in need of crunching.
Even before the Prism news broke, reports leaked that Verizon was handing over metadata from its customers’ phone calls to the NSA. It clearly hasn’t been a very good week for government agencies keeping secrets.
Image: The Guardian/The Washington Post