Big brother or guardian angel? NSA and US state data surveillance explained

18 June 2013 (Last Updated June 18th, 2013 18:30)

Earlier this month, CIA technical contractor turned whistleblower Edward Snowden revealed that the US National Security Agency (NSA) was gathering data from the world's biggest web firms via PRISM activity. Just what is PRISM and are the benefits it claims to offer national and international security worth what some consider a breach of the right to privacy?

Big brother or guardian angel? NSA and US state data surveillance explained

Personal data privacy was suddenly thrust into the international spotlight when it first emerged that the NSA collected phones records

Whether you are reading this on a desktop, laptop, tablet or smartphone, chances are you have at some point tacitly or explicitly agreed to share some data.

Although it is possible to maintain a healthy internet life without signing away a degree of privacy to the likes of Microsoft, Google, Facebook, Skype, YouTube, Apple et al, it's downright inconvenient.

Personal data privacy was suddenly thrust into the international spotlight when it first emerged that the NSA collected phones records, and then The Guardian and The Washington Post reported that the agency also collected data from major internet companies.

What is the background to the leak?

Former CIA technical assistant Edward Snowden revealed he was behind the revelations from the safety of a Hong Kong hotel. Dismayed at the media's unwillingness to address the NSA's snooping, he asked a documentary filmmaker to record his findings anonymously via a secure link before revealing his identity to the newspapers.

His whistleblowing has been compared to Bradley Manning's disclosures via Wikileaks, but may be considered more serious by the authorities - the documents Manning distributed were only classified, whereas Snowden's were Top Secret.

Like Manning he used commercial technology to steal the data, in this case a thumb drive, proving it doesn't take advanced hacking skills to smuggle restricted information.

What is PRISM?

"Former CIA technical assistant Edward Snowden revealed he was behind the revelations from the safety of a Hong Kong hotel."

Although commonly referred to as a programme, PRISM is in fact a SIGAD, or Signals Intelligence Activity Designator. A SIGAD is the site of a data collection activity, which may be virtual or physical, with one physical example being RAF Menwith Hill, the North Yorkshire site from which the air forces of the UK and US carry out electronic monitoring, including on behalf of the NSA.

According to the slides Snowden leaked to The Washington Post, PRISM, given the designation US-984XN, is the NSA's most used SIGAD. Supporting claims that PRISM only applies to individuals outside the US, it relies on the fact that an overseas target's phone call, email or online chat may be routed via the US to save money, even if it originates and terminates elsewhere.

Starting with Microsoft in 2007, over time it added Google, Yahoo!, Facebook, PalTalk, YouTube, Skype and AOL to its list of sources, with Apple being its most recent inclusion in October 2012. Standing for "Planning Tool for Resource Integration, Synchronization, and Management", PRISM costs US$20m a year, small change in civil defence terms.

What data is accessed through the programme?

PRISM encompasses e-mail, chat, videos, photos, stored data, VoIP, file transfers, video conferencing, social networking details and notifications of target activity, such as log-ins.

"Although commonly referred to as a programme, PRISM is in fact a SIGAD, or Signals Intelligence Activity Designator."

Initially it was understood that PRISM's data mining analyses only metadata surrounding a communication, such as numbers called, time and duration, via a graphic user interface (GUI). With that, data evidence can then be provided in support of a court order to actually view confidential information, as is the case with regular intelligence or police agencies.

A comment by Democrat Representative Jerrold Nadler that the NSA acknowledged that the contents of a phone call can be accessed based solely on an analyst's decision has since been shown to have been taken out of context.

Initially it was reported that PRISM had access to harvest data directly from the servers of the internet companies, an accusation they have all denied.

A Google spokesperson explained: "When required to comply with these requests, we deliver that information to the US Government -- generally through secure FTP transfers and in person. The US Government does not have the ability to pull that data directly from our servers or network."

What is the response of the companies accused of sharing data?

"It was reported that PRISM had access to harvest data directly from the servers of the internet companies, an accusation they have all denied."

Facebook and Google both publicly published a letter to the US Justice Department requesting that they reveal more information about how they supply data to the NSA.

Ted Ullyot, Facebook's general counsel, issued a statement saying it had received up to 9,000 requests in the second half of 2012 related to 19,000 individual user accounts.

"These requests run the gamut - from things like a local sheriff trying to find a missing child, to a federal marshal tracking a fugitive, to a police department investigating an assault, to a national security official investigating a terrorist threat," said Ullyot.

Microsoft revealed it received up to 7,000 requests concerning 32,000 accounts from the government in the same time frame.

Google, whose motto is "Don't be evil", said in a statement: "We have always believed that it's important to differentiate between different types of government requests. We already publish criminal requests separately from National Security Letters. Lumping the two categories together would be a step back for our users. Our request to the government is clear: to be able to publish aggregate numbers of national security requests, including FISA disclosures, separately."

What is the government reaction?

US President Barack Obama defended the NSA's data collection activity, saying: "They may identify potential leads with respect to folks who might engage in terrorism."

Defending claims that GCHQ provides data to PRISM, British Prime Minster David Cameron said British intelligence agencies operate "within a legal framework".

"I think it is right that we have well-organised, well-funded intelligence services to help keep us safe," he said. "They are intelligence services that operate within the law, within a law that we have laid down, and they are also subject to proper scrutiny by the intelligence and security committee in the House of Commons."

What will the outcome be?

The Obama administration has a track record of bringing the sources of leaks to book, and Snowden's is one of the most serious breaches to date. But that depends on the authorities tracking him down to a country with which the US has an extradition treaty.

The internet companies involved need to boost their public image regarding sharing data, and one way of doing that would be to agree with the government what they can disclose about any future agreements.

Or they could just refuse - the fact Twitter is not among the internet giants feeding data to PRISM is considered to be down to the fact they put their foot down.

Finally, a public outraged about what it considers to be a breach of its right to privacy needs to be reassured that their individual data is safe and the metadata analysed by intelligence agents is under scrutiny for one reason - protection from terrorism.

Defence link

Related content


NSA leaks: what's behind the US Govt's 'Boundless Informant' technology

US security agencies have gathered millions of phone records and monitored internet data in what could represent a worldwide invasion of privacy in the name of counter-terrorist operations.

The hole in the fence - Israel's Waterfall Security talks cyber security

With digital systems increasingly controlling real-world assets, protecting critical infrastructure is no longer simply about denying physical access.


Follow Berenice Baker on Google+