SMILE! YOU ARE BEING SCANNED!
We now know that the National Security Agency (NSA) is able to access personal data stored by Microsoft, Yahoo, Google, Facebook, Paltalk, YouTube, Skype, AOL and Apple. Though these companies have done their best to downplay the significance of the story, the revelations should force us to think much more carefully about the use of this information in the sense to protect the rights of the internet users and the role of states and private companies in creating each country’s shared agenda.
Of course we all know that the United States Government – after SOPA, ACTA and CISPA – would not give up to spy the online life of American citizens or citizens of other countries. You think you’re safe behind a computer screen? To learn how to surf anonymously, you need to know the Tor projetc by clicking here: https://www.torproject.org/.
WHO IS EDWARD SNOWDEN
Edward Joseph Snowden was born on 21 June, 1983 and is an American former technical contractor and Central Intelligence Agency (CIA) employee who worked as a contractor for the National Security Agency (NSA), before leaking details of classified NSA mass surveillance programs to the press. Snowden shared classified material on a variety of top-secret NSA programs, including the interception of U.S. telephone metadata and the PRISM surveillance program, primarily with The Guardian, which published a series of exposés based on Snowden’s disclosures in June 2013. Snowden said his disclosure of PRISM and FISA orders related to NSA data capture efforts was an effort “to inform the public as to that which is done in their name and that which is done against them. The Washington Post reported that the motive behind the disclosure was to expose the “surveillance state” that he felt the United States was becoming.
On May 20, Snowden flew to the Chinese territory of Hong Kong and stayed in a hotel in Tsim Sha Tsui. Later he explained his choice of Hong Kong thus: “NSA employees must declare their foreign travel 30 days in advance and are monitored. There was a distinct possibility I would be interdicted en route, so I had to travel with no advance booking to a country with the cultural and legal framework to allow me to work without being immediately detained. Hong Kong provided that. Iceland could be pushed harder, quicker, before the public could have a chance to make their feelings known, and I would not put that past the current US administration”. On June 19, 2013, the United Nations High Commissioner for Refugees stated that if Snowden was to apply for refugee status in Hong Kong he would receive no special treatment. Hong Kong is not a signatory to the 1951 Convention relating to the Status of Refugees and does not allow refugees to settle in the city.
Ron Paul, a former member of Congress and prominent libertarian, said, “We should be thankful for individuals like Edward Snowden who sees injustice being carried out by their own government and speak out, despite the risk…. They have done a great service to the American people by exposing the truth about what our government is doing in secret.” Paul denounced the government’s secret surveillance program: “The government does not need to know more about what we are doing…. We need to know more about what the government is doing.”
PRISM is a clandestine national security electronic surveillance program operated by the United States National Security Agency (NSA) since 2007. PRISM is a government codename for a data collection effort known officially as US-984XN. It is operated under the supervision of the United States Foreign Intelligence Surveillance Court pursuant to the Foreign Intelligence Surveillance Act (FISA). The existence of the program was leaked by NSA contractor Edward Snowden and published by The Guardian and The Washington Post on June 6, 2013. PRISM was first publicly revealed on June 6, 2013, after classified documents about the program were leaked to The Washington Post and The Guardian by American Edward Snowden. The leaked documents included 41 PowerPoint slides, four of which were published in news articles.
The documents identified several technology companies as participants in the PRISM program, including (date of joining PRISM in parentheses) Microsoft (2007), Yahoo! (2008), Google (2009), Facebook (2009), Paltalk (2009), YouTube (2010), AOL (2011), Skype (2011), and Apple (2012). The slide presentation stated that much of the world’s electronic communications pass through the United States, because electronic communications data tend to follow the least expensive route rather than the most physically direct route, and the bulk of the world’s internet infrastructure is based in the United States. The presentation noted that these facts provide United States intelligence analysts with opportunities for intercepting the communications of foreign targets as their electronic data pass into or through the United States.
YES WE SCAN!
In response to the technology companies’ denials of the NSA being able to directly access the companies’ servers, The New York Times reported that sources had stated the NSA was gathering the surveillance data from the companies using other technical means in response to court orders for specific sets of data. But is more likely to mean that the NSA is receiving data sent to them deliberately by the tech companies, as opposed to intercepting communications as they’re transmitted to some other destination. “If these companies received an order under the FISA amendments act, they are forbidden by law from disclosing having received the order and disclosing any information about the order at all,” Mark Rumold, staff attorney at the Electronic Frontier Foundation, told ABC News.
On May 28, 2013, Google was ordered by United States District Court Judge Susan Illston to comply with a National Security Letter issued by the FBI to provide user data without a warrant. Twitter declined to make easier the sending of your users data for the government. But other companies were more compliant, according to people briefed on the negotiations. The other companies held discussions with national security personnel on how to make data available more efficiently and securely. In some cases, these companies made modifications to their systems in support of the intelligence collection effort.
While providing data in response to a legitimate FISA request approved by FISC is a legal requirement, modifying systems to make it easier for the government to collect the data is not. This is why Twitter could legally decline to provide an enhanced mechanism for data transmission. Other than Twitter, the companies were effectively asked to construct a locked mailbox and provide the key to the government, people briefed on the negotiations said. Facebook, for instance, built such a system for requesting and sharing the information. Google does not provide a lockbox system, but instead transmits required data by hand delivery or secure FTP.
Shortly after publication of the reports by The Guardian and The Washington Post, the United States Director of National Intelligence, James Clapper, on June 7 released a statement confirming that for nearly six years the government of the United States had been using large internet services companies such as Google and Facebook to collect information on foreigners outside the United States as a defense against national security threats.
On June 7, U.S. President Barack Obama said, “What you’ve got is two programs that were originally authorized by Congress, have been repeatedly authorized by Congress. Bipartisan majorities have approved them. Congress is continually briefed on how these are conducted. There are a whole range of safeguards involved. And federal judges are overseeing the entire program throughout”. Do you believe in these words? Neither I.
ALL YOUR DATA ARE BELONG TO U.S.
There is nothing new about states seeking to coordinate communication systems to further their interests. Although the director of the American Civil Liberties Union’s Center for Democracy described PRISM as “unprecedented militarisation of domestic communications infrastructure”, PRISM is entirely consistent with longstanding security doctrine in the US. For instance, National Security Decision Directive Number 97 issued in 1983 states that: “The nation’s domestic and international telecommunications resources, including commercial, private and government-owned services and facilities, are essential elements in support of US national security policy and strategy”. TV and radio were part of how the US got what it wanted from the rest of the world.
There is little doubt that the technology companies will operate within parameters set by “US national security policy and strategy”, as their predecessors in broadcast did. Every country’s communications infrastructure is essential to the functioning of its state, and always has been. But PRISM is nevertheless highly significant but dangerous. It shows us that the new digital technologies are not weakening states relative to global corporations. Because when the NSA comes calling, they do what they are told. Companies such as Facebook and Google create “free” services that permitted anyone to invade our own privacy. The NSA just benefit itself from the results.
The first amendment of the US constitution forbids Congress from passing laws “abridging the freedom of speech, or of the press”. But debates about the media should take into account the relevant facts. PRISM reminds us that all functional states ensure that information systems serve their interests. Journalism, in the US as in Britain, is embedded in a telecommunications infrastructure over which the state maintains paramount control, in the name of national security. At the moment, the Obama administration is trying this through ever-closer coordination with the digital companies and through a campaign of intimidation against potential whistleblowers and troublesome reporters. It is surely obvious that Bradley Manning, Edward Snowden and Wikileaks Julian Assange are being targeted to discourage others discontented voices.
The spectre of terrorism is being used to construct this unaccountable power in the new landscape of network communications. And this is about much more than right to privacy and state surveillance. PRISM and similar programmes are seeking to shape the information technologies on which we will increasingly rely. Google and the other technology companies want to assure us that they don’t operate as instruments of state policy. But they do, just as the broadcast networks do. They really have no choice but to cooperate, and to deny that they cooperate.
INITIAL PUBLIC STATEMENTS
The original Washington Post and Guardian articles reporting on PRISM noted that one of the leaked briefing documents said PRISM involves collection of data “directly from the servers” of several major internet services providers. All the companies denied. On the heels of media reports that the NSA has gained access to the servers of nine leading tech companies – enabling the spy agency to examine emails, video, photographs, and other digital communications, Google, Apple, Microsoft and others have issued a strongly worded statement denying that the companies granted the government “direct access” to its servers.
Microsoft: “We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it.”
Yahoo!: “Yahoo! takes users’ privacy very seriously. We do not provide the government with direct access to our servers, systems, or network. Of the hundreds of millions of users we serve, an infinitesimal percentage will ever be the subject of a government data collection directive.”
Facebook: “We do not provide any government organization with direct access to Facebook servers. When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.”
Apple: “We have never heard of PRISM. We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.”
Dropbox: “We’ve seen reports that Dropbox might be asked to participate in a government program called PRISM. We are not part of any such program and remain committed to protecting our users’ privacy.”
Google: “Google cares deeply about the security of our users’ data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a backdoor for the government to access private user data. Any suggestion that Google is disclosing information about our users’ Internet activity on such a scale is completely false.”
At first glance, all the statements are difficult to believe. Senior intelligence officials have confirmed the program’s existence, and Google, Yahoo, Facebook and Skype logos are prominently listed on internal NSA documents describing participating companies. But Google may be engaging in a far more subtle public relations strategy than outright denial. Google’s statement hinges on three key points: that it did not provide the government with “direct access” to its servers, that it did not set up a “back door” for the NSA, and that it provides “user data to governments only in accordance with the law.”
According to Chris Soghoian, a tech expert and privacy researcher at the American Civil Liberties Union, the phrase “direct access” connotes a very specific form of access in the IT-world: unrestricted, unfettered access to information stored on Google servers. Typically, the only people having “direct access” to the servers of a company like Google or Micorsoft would be its engineers. A similar logic applies to Google’s denial that it set up a “back door”. According to Soghoian, the phrase “back door” is a term that describes a way to access a system that is neither known by the system’s owner nor documented.
According to Soghoian, the NSA could have gained access to tech company servers by working with the companies to set up something similar to an API – a tool these firms use to give developers limited access to company data. Google has denied that an API was used, but that denial doesn’t exclude the possibility that a similar tool was used. To protect itself against allegations that it inappropriately compromised user data, Google further notes in its statement that the company provides “user data to governments only in accordance with the law.”