Just a quick post on the NSA/PRISM story that broke last week highlighting two great articles that I happened on over the weekend and which – I think – set the appropriate tone for any robust discussion of the issues involved. You can also possibly identify a hypothetical scenario that might imply the recent NSA leak is a damage limitation move by the US Government. It’s a bit far fetched and based on supposition and limited evidence but worth pointing out anyway.
Firstly, ZDNet has a great analysis of the current situation which highlights the likely reality that Facebook, Google, Paltalk et al are probably telling the truth when they assert that they knew nothing of the PRISM programme. ZDNet’s reasoning for this requires us to go back to a slightly earlier story (also published by the Guardian) that revealed how the US Government’s NSA has been hoovering up social media – and presumably other online – data passing through network provider, Verizon, infrastructure at least since 2001. This original story was published a day before the Guardian broke it’s big NSA ‘whistleblower’ story.
ZDNet’s argument is that the Verizon story is much bigger than the NSA one. As it points out:
One by one, nearly all of the named companies denied knowledge of either knowing about PRISM, or providing any government agency user content, data or information without a court order or a search warrant.
But during that time, almost everyone forgot about Verizon. It’s the cellular and wireline giant that makes the whole thing come together.
According to ZDNet, Verizon – or more specifically, Verizon Business Network Services, is a Tier 1 network provider. Tier 1 providers are, in ZDNet’s terms, “the main arteries of the Internet” and there are only about 12 Tier 1s in the world “including AT&T, Level 3, and Sprint in the U.S.; Deutsche Telekom in Germany; NTT Communications in Japan; and Telefonica in Spain”.
Tier 1 networks function as privately controlled networks that help deliver business or mission critical data around the web. Unlike the publicly owned, distributed infrastructure of the web which will route data the most open way. Tier 1 networks ensure data is sent quickly and efficiently. Their private ownership, in short, guarantees quality network service to their customers – which is why the like of Apple, Facebook, Microsoft, etc use them. Hopefully you can see where this is going…..
With access to such a high-level network, it doesn’t take much for the NSA to legally tap into a US-owned/based Tier 1 network such as Verizon and subsequently harvest all the data as it travels between personal devices and the business (e.g. Facebook). Add to this fact many data-heavy platforms, such as Google and Facebook store cached user information within the cloud on the same network service and it becomes quite easy to see how a simple intercept can give the NSA lots and lots of private data.Not only that, but it can do this without Facebook, Google, etc ever knowing or even (presumably) needing to give their consent.
So far, so good. But where does Edward Snowden come into it?
Well, such a question is picked apart by Lauren Weinstein in this great blog post. He queries a number of claims that supposedly support Edward’s motivations – ones which I had trouble taking at face value too. He rightly points out:
Snowden’s situation brings with it some real head-scratching questions.I’m immediately struck by Snowden’s current choice of Hong Kong as a place of refuge. He says the choice was based on their “spirited commitment to free speech and the right of political dissent.” I’m not entirely sure that he’s talking about the same Hong Kong I know, which is actually part of China, operates only with China’s sufferance, and — we can logically assume — is saturated with Chinese Intelligence. […] We’re also told that Snowden is “lining the door of his hotel room with pillows to prevent eavesdropping,” and “puts a red hood over his head and laptop to avoid cameras capturing his passwords.”
I’ll admit to being puzzled by such actions. Neither of them are likely to negatively impact skilled eavesdroppers in any significant way, given the tradecraft available today.
Aside from this peripheral detail, Lauren then questions as to why Snowden’s revelations are such a big news story. Again, he rightly points out that the material of the leak is nothing that privacy, technology and civil liberty campaigners haven’t been pointing as likely outcomes of various US legislation for a while.
More importantly, he draws attention to the media narrative that the NSA has secret or covert access to big social media platforms. He asserts: “The PRISM documents have been widely touted as “proving” that NSA has “back doors” into the servers of Google, Facebook, and other firms, through which NSA could query and extract personal user data without interaction or control from these firms themselves.”
Such a perspective, he argues, is wrong based on his own insider experience and knowledge of these firms. This position is supported further by the ZDNet analysis.
So, combining the two blog posts we get to ask the question: is the ‘whistle-blower’ / social media handing over your personal details simply a useful PR angle for the NSA to divert attention front he earlier, much more significant story that it is routinely and legally siphoning much more data via its Verizon (and presumably other US Tier 1 providers) wiretaps? Maybe.
I suspect this is little more than a hypothetical reading, but it would be good to get more insight into the background to the story – along with greater information on the following issues: What was the source of the Verizon story? Was it part of Edward Snowden’s material? When did Snowden come forward?