(Updated: August 19, 2016)
In June in conclusion twelvemonth the Snowden-leaks started amongst the disclosure of the PRISM-program. For many people it stands for NSA surveillance inwards full general because they oftentimes have got soundless no thought what PRISM is genuinely about.Therefore, this article presents almost everything nosotros know well-nigh the PRISM program, combining information from my before postings too from other media too authorities sources.
It shows that PRISM is non well-nigh mass or mass surveillance, but for collecting communications of specifically identified unusual targets. NSA also has no "direct access" to the servers of companies similar Microsoft, Facebook too Google - it's genuinely a unit of measurement of the FBI that picks upwardly information related to specific identifiers.
In total, ca. 227 1000000 mesh communications are collected nether the PRISM programme each year, contributing to reports well-nigh counter-intelligence, terrorism too weapons proliferation. Anually, NSA analysts write to a greater extent than than 20.000 PRISM-based reports, which is ca. 15% of all intelligence reports the agency produces.
- General aspects of PRISM - Section 702 FAA Operations -
- Reporting based on PRISM - Conclusions -
- Reporting based on PRISM - Conclusions -
The PRISM presentation
Most of what nosotros know well-nigh PRISM comes from an internal NSA presentation of 41 slides. Edward Snowden initially asked The Washington Post to set out the total slide deck, but the newspaper refused too so exclusively 4 were afterward published past times The Guardian. Other slides were revealed later on.
Until now, a total of nineteen slides have got been published too some other 4 were incidentally or partially shown on television. This agency that a remaining xviii slides are soundless beingness withheld.
All known slides are shown here, inwards an club that likely comes closest to the master copy presentation. The slides (click to enlarge) have got a number which is exclusively for reference. If novel slides of this PRISM presentation acquire available, they volition live on added here.
All slides are marked TOP SECRET//SI//ORCON/NOFORN, which agency they are classified equally Top Secret too protected past times the command scheme for Special Intelligence (SI). The dissemination is strictly controlled past times the originator, piece it's mostly prohibited to free them to unusual nationals.
The SIGINT Activity Designator (SIGAD) of the PRISM programme is US-984XN, which indicates that PRISM is constituent of the BLARNEY-family too used for collecting information nether the say-so of the FISA Amendments Act.
> See also: PRISM equally constituent of the BLARNEY program
The media have got redacted the call of the someone who is the PRISM collection manager, a championship which is followed past times S35333, which is NSA's internal organization designator for a unit of measurement of the Special Source Operations (SSO). The logo of this segmentation is inwards the top left corner of each slide, amongst inwards the contrary corner a logo for the PRISM programme itself.
Immediatly after the initiatory of all slides of the presentation were published, some people thought it could live on imitation or photoshopped because of the non really professional person looking pattern too the copy-paste elements. After more, too particularly far to a greater extent than complex slides became available, nosotros tin straight off assume the presentation to live on genuine.
> See also: Are the NSA's PRISM-slides photoshopped?
This presentation well-nigh PRISM was given inwards Apr 2013, which is just a calendar month before Edward Snowden left his chore at NSA too thence this seems to live on i of the most recent documents he was able to download from the internal NSA network.
General aspects of PRISM
The next slides are well-nigh the workings of the PRISM programme inwards general:
The diagram shows that the bulk of international communications from Latin America, Europe too fifty-fifty from Asia flow through the United States, which makes it slowly for NSA to intercept them on American soil.
Note that most of the communications from Africa (the continent where many jihadist groups from the Middle East went to inwards recent years) are going through Europe, which explains why NSA sometimes needs European partner agencies (like from the Netherlands) to access them.
We reckon that nether PRISM the NSA is able to collect e-mail, chat, video too phonation messages, photo's, stored information too things similar that. But at that spot are also "Notifications of target activity - logins, etc". This was interpreted past times The Washington Post equally a constituent that gives NSA analysts alive notifications "when a target logs on or sends an e-mail".
But equally these notifications are clearly listed equally collected information (see also slide eight downwardly below), it's to a greater extent than probable they refer to the notification messages you lot acquire when someone logs inwards at an mesh chatroom or an instant messenger, or when you lot have an e-mail through an e-mail client.
It is possible though that NSA analysts tin acquire a notification when novel communications from a target they are watching becomes available inwards NSA systems. Whether (near) real-time monitoring of a target's communications is possible, depends on the way these information are made available to NSA (see slide 5 below).
- Microsoft: September 11, 2007
- Yahoo: March 12, 2008
- Google: Jan 14, 2009
- Facebook: June 3, 2009
- PalTalk: Dec 7, 2009
- YouTube: September 24, 2010
- Skype: Feb 2, 2011
- AOL: March 31, 2011
- Apple: Oct 2012
According to the volume 'Der NSA Komplex', which was published past times Der Spiegel inwards March 2014, PRISM also gained access to Microsoft's cloud service SkyDrive (now called OneDrive) equally of March 2013. This was realized after months of cooperation betwixt FBI too Microsoft.*
The Washington Post reported that inwards the speaker's notes accompanying the presentation, it's said that "98 percent of PRISM production is based on Yahoo, Google too Microsoft; nosotros demand to brand certainly nosotros don’t terms these sources". The Post also says that "PalTalk, although much smaller, has hosted traffic of substantial intelligence involvement during the Arab Spring too inwards the ongoing Syrian civil war".
The programme toll of twenty 1000000 dollar per twelvemonth was initially interpreted equally beingness the toll of the programme itself, but later The Guardian revealed that NSA pays for expenses made past times cooperating corporations, so it seems to a greater extent than probable that the twenty 1000000 is the total amount paid past times NSA to the companies involved inwards the PRISM program.
Update:
In September 2014, the US Justice Department too the Director of National Intelligence article inwards the French newspaper Le Monde, at that spot are some 45.000 selectors involved inwards the PRISM collection.
Analysts tin club information from 2 unlike sources:
- Surveillance, which agency communications that volition come about from the instant the target was selected (although the media interpreted this equally the powerfulness to real-time "monitor a voice, text or phonation chat equally it happens")
- Stored Comms, which are communications stored past times the diverse providers dating from before the instant the target was selected
Edward Snowden vehemently accuses NSA for a lack of command too oversight mechanisms, which according to him, makes that analysts have got unrestricted access to the communications of virtually everyone inwards the world. But the diagram inwards the slide clearly shows that at that spot are multiple steps for blessing every collection request:
1. For Surveillance a initiatory of all review is done past times an FAA Adjudicator inwards the analysts Product Line (S2) too for Stored Comms there's a review past times the Special FISA Oversight too Processing unit of measurement (SV4).
2. Influenza A virus subtype H5N1 2d too terminal review is done inwards both cases past times the Targeting too Mission Management (S343) unit. Only after passing both stages, the asking is released through the UTT too the PRINTAURA distribution managing system.
3. For Stored Comms the Electronic Communications Surveillance Unit (ECSU) of the FBI fifty-fifty does a 3rd banking concern check against its ain database to filter out known Americans.
Then it's the Data Intercept Technology Unit (DITU) of the FBI that goes to the diverse mesh companies to pick upwardly the requested information too and so sends them dorsum to NSA.
As indicated past times companies similar The PRISM tasking process
By September 2012, the communications of some 45.000 selectors were beingness monitored. The strongest increase was Skype (up 248%), Facebook (up 131%) too Google (up 61%).
The tabular array lists NSA units which are called Product Lines (click here for an explanation of the internal designations). For each unit of measurement it is shown how many DNI selectors, similar e-mail too IP addresses, they are tasking inwards total too how many of those are directed to the PRISM program. We also reckon the percentages too the modify compared to the previous year.
In absolute numbers, the top-5 units tasking most DNI requests for PRISM are:
- S2I: Counter-Terrorism Product Line (11.461 selectors)
- S2E: Middle East too Africa Product Line (6935 selectors)
- F6: NSA/CIA Special Collection Service (4007 selectors)
- S2D: Counter Foreign Intelligence Product Line (3796 selectors)
- F22: European Cryptologic Center (3523 selectors)
In total, all these NSA-units requested the communications of 175.126 mesh addresses, of which 49.653 (or 28% of the total) were tasked to PRISM. It's non clear whether these numbers include double selectors, similar ones tasked past times multiple units.
[...] your targets encounter FAA criteria, you lot should consider tasking to FAA.
Emergency tasking processes be for [imminent/immediate] threat to life situations too targets tin live on placed on [...] within hours (surveillance too stored comms).
Get to know your Product delineate of piece of work FAA adjudicators too FAA leads.
According to an NSA study (pdf) published inwards Apr 2014, analysts "may essay to query a U.S. someone identifier when at that spot is an imminent threat to life, such equally a hostage situation".
Just similar a number of other slides too fragments thereof shown on television, at that spot seems to live on no practiced argue why a slide similar this is soundless non published inwards a clear too proper way. They incorporate naught that endangers the national safety of the US, but instead would aid to much amend empathise how the PRISM programme is genuinely used.
It shows the flow of information which are collected nether the PRISM program. Again nosotros reckon that it's the FBI's DITU that picks upwardly the information at the diverse providers too sends them to the PRINTAURA scheme at NSA.
From PRINTAURA some of the information are directed to TRAFFICTHIEF, which is a database for metadata well-nigh specifically selected e-mail addresses too is constituent of the TURBULANCE umbrella programme to notice threats inwards cyberspace.
The principal current of information is sent through SCISSORS, which seems to live on used for separating unlike types of information too protocols. Metadata too phonation content too so overstep the ingest processing systems FALLOUT too CONVEYANCE respectively. Finally, the information are stored inwards the next NSA databases:
- MARINA: for mesh metadata
- MAINWAY: for telephone too mesh metadata contact chaining
- NUCLEON: for phonation content
- PINWALE: for mesh content, video content, too "FAA partitions"
> See also: Storage of collected PRISM data
It shows the composition of the Case Notation (CASN) which is assigned to all communications which are intercepted nether the PRISM program.
We reckon that at that spot are positions for identifying the providers, the type of content, the twelvemonth too a series number. Also there's a fixed trigraph which denotes the source. For NSA's PRISM collection this trigraph is SQC. From some other document (pdf) nosotros acquire that the trigraph for FISA information used past times the FBI is SQF.
The abbreviations stand upwardly for: IM = Instant Messaging; RTN-EDC = Real Time Notification-Electronic Data Communication(?); RTN-IM = Real Time Notification-Instant Messaging; OSN = Online Social Networking.
> See for to a greater extent than well-nigh this slide: PRISM instance notations
The content of the slide shows a screenshot of a spider web based application called REPRISMFISA, which is likely accessible through the spider web address which is blacked out past times the Post. Unfortunately there's no farther explanation of what application nosotros reckon here, but it seems to live on for querying information collected nether FISA too FAA authority.
In the middle of the page at that spot are 3 icons, which tin live on clicked: PRISM, FBI FISA too DOJ FISA. This shows that both NSA, FBI too the Department of Justice (DOJ) are using information collected nether the say-so of the Foreign Intelligence Surveillance Act (FISA), too that the NSA's constituent is codenamed PRISM.
Below these icons at that spot is a search field, to query i or to a greater extent than databases resulting inwards a partial listing of records. At the left there's a column presenting a number of options for showing totals of PRISM entries. The screenshot shows that inwards Apr 2013, at that spot were 117.675 "current entries" for PRISM.
> See for to a greater extent than well-nigh this slide: Searching the collected data
The tool shown inwards this slide is non role for analysing the data. For that, analysts tin role other software programs similar DNI Presenter or Analyst's Notebook.
Section 702 FAA Operations
The next slides are well-nigh how PRISM tin live on used to collect diverse types of data. This collection is governed past times department 702 of the FISA Amendments Act (FAA), which inwards NSA-speak is called FAA702 or just but 702.
Section 702 FAA was enacted inwards 2008 inwards club to legalize the interception that was going on since 2001 too that became known equally the "warrentless wiretapping" because it was exclusively authorized past times a surreptitious club of president George W. Bush. The FAA was re-authorized past times Congress inwards Dec 2012 too extended for 5 years.
Under department 702 FAA, NSA is authorized to acquire unusual intelligence information past times intercepting the content of communications of non-US persons who are reasonably believed to live on located exterior the US. This interception takes house within the the States amongst the cooperation of American telecommunication too mesh companies.
Operations nether the master copy Foreign Intelligence Surveillance Act (FISA) from 1978 require an private determination (the target powerfulness good live on a whole organisation though) past times the FISA Court, but nether FAA the Attorney General too the Director of National Intelligence (DNI) annually certify the procedures too safeguards for collecting information well-nigh certainly groups of unusual intelligence targets.
These thought this referred to the companies involved inwards the PRISM program, but it genuinely was well-nigh Upstream Collection, which has filters installed at major mesh switches. This follows from 2 facts: first, that the STELLARWIND programme was terminated inwards Jan 2007 piece PRISM exclusively started later that year; second, that STELLARWIND exclusively involved companies that operate the mesh too telephony backbone cables, similar AT&T too Verizon, non mesh service providers similar Facebook too Google)
Despite this clear evidence that speaks against a "direct access" to fellowship servers, Glenn Greenwald soundless sticks to that claim inwards his volume No Place To Hide, which was published on May 13, 2014. Asked well-nigh this past times a Dutch news website, Greenwald said that the "direct access" doesn't hateful that NSA "has full, unlimited access. But they tin tell the companies what they desire to have got too and so they tin acquire it".
The Section 702 Program Report (pdf) past times the Privacy too Civil Liberties Oversight Board (PCLOB) from July 2, 2014 describes that for PRISM collection, the FBI on behalf of the NSA sends selectors (such equally an e-mail addresses or a chat handle) to a US-based mesh service provider that has been served a Section 702 Directive. Under such a directive, the provider is compelled to mitt over the communications sent to or from such selectors. Such acquisition continues until the authorities detasks a item selector.
According to a document (pdf) declassified inwards September 2014, the authorities provided Yahoo amongst multiple lists of user accounts for which surveillance was wanted, too equally of May 12, 2008, Yahoo started the surveillance of these accounts.
Upstream collection
An of import affair that wasn't good explained past times the media, is that non exclusively PRISM, but also the domestic constituent of Upstream collection is legally based upon department 702 FAA. Note that NSA also conducts Upstream collection nether 3 other legal authorities: FISA too Transit within the US too Executive Order 12333 when the collection takes house abroad.
> See for more: Slides well-nigh NSA's Upstream collection
From a 2011 FISA Court ruling (pdf) that was declassified upon asking of the Electronic Frontier Foundation nosotros acquire that nether department 702 FAA, NSA acquires to a greater extent than than 250 1000000 "internet communications" each year. This number breaks downwardly equally follows:
- Upstream: ca. 9% or to a greater extent than than 22 1000000 communications *The ruling doesn't explicate what just a "internet communication" is. Influenza A virus subtype H5N1 work that troubled both NSA too the FISA courtroom was that nether Upstream it's technically really hard to distinguish betwixt unmarried communications to, from or well-nigh targeted persons too those containing multiple communications, non all of which may live on to, from or well-nigh approved targeted addresses. The latter may incorporate to upwardly to 10,000 domestic communications each year.*
- PRISM: ca. 91% or to a greater extent than than 227 1000000 communications
On June 27, 2014, the Director of National Intelligence (DNI) for the initiatory of all fourth dimension published a Statistical Transparancy Report, which says that inwards 2013, the collection nether Section 702 FAA affected some 89.138 targets. Such a target "could live on an private person, a group, an organisation or a unusual power".
Specifically for 702 FAA collection, the number of 89.138 targets includes an "estimated number of known users of item facilities (sometimes referred to equally selectors)" - which agency users of e-mail too IP addresses too such.
The study gives the next example: "foreign intelligence targets oftentimes communicate using several unlike e-mail accounts. Unless the Intelligence Community has information that multiple e-mail accounts are used past times the same target, each of those accounts would live on counted separately inwards these figures. On the other hand, if the Intelligence Community is aware that the accounts are all used past times the same target, equally defined above, they would live on counted equally i target".
Direct Access?
The in conclusion delineate of piece of work says that for PRISM at that spot is no "Direct Relationship amongst Comms Providers". Data are collected through the FBI. This clearly contradicts the initial floor past times The Guardian too The Washington Post, which claimed that NSA had "direct access" to the servers of the mesh companies. This led to spectacular headlines, but also a lot of confusion, equally it allowed the companies involved to strongly deny whatever direct human relationship amongst the NSA - because it's genuinely the FBI that is picking upwardly their data.
Had this slide been published correct inwards the beginning, too so to a greater extent than adequate questions could have got been asked too likely nosotros could have got got answers that made to a greater extent than sense.
Influenza A virus subtype H5N1 direct human relationship does be withal amongst the companies which are involved inwards the Upstream collection, similar AT&T too Verizon, who most probable have got high volume filtering devices similar the Narus STA 6400 installed at their switching stations. Unlike intercept facilities exterior the US, where the XKeyscore scheme tin store too search 3 days of content, the sites within the US exclusively seem to filter information equally they flow past, too hence there's no access to Stored Communications.
About Collection
The slide also shows that the so-called "Abouts" collection is exclusively conducted nether the Upstream method. As nosotros learned from a hearing of the Presidential Civil Liberties Oversight Board (PCLOB ), this About Collection is non for gathering communications to or from a certainly target, but about a specific selector, similar for instance an e-mail message inwards which an e-mail address or a telephone number of a known suspect is mentioned. This About Collection is non looking for names or keywords, is exclusively used for mesh communications too was authorized past times the FISA Court.
Because nether Upstream NSA is allowed to do About Collection which pulls inwards a broader make of communications, the retentiveness menses (the fourth dimension the information are stored) is exclusively 2 years. Data collected nether PRISM, which are restricted to communications to too from specific addresses, are stored for the criterion menses of 5 years. Both nether PRISM too Upstream there's no collection based upon keywords.
OPI stands for Office of Primary Interest too UTT for Unified Targeting Tool, the NSA application used for instructing the actual collection facilities.UPSTREAMOPI tasks badguy@yahoo.com nether FAA702 too 12333 say-so inwards UTT
Scenario #2
Badguy sends e-mail from [outside?] U.S. too comms flow within U.S.
FAIRVIEW sees selector but can't tell if destination destination is U.S. or foreign
RESULT
Collection allowed
Only the target destination needs to live on foreign
It shows a listing of 35 IP addresses too domain names which are the "Higher Volume Domains Collected from FAA Passive". Data from these domains are collected from fiber oculus cables too other mesh infrastructures - the Upstream or Passive Collection, complementary to the PRISM collection which involves some major US domains similar hotmail.com too yahoo.com.
All IP addresses too domain names are blacked out, except for 2 French domains: wanadoo.fr (a major French mesh service provider) too alcatel-lucent.com (a major French-American telecommunication company). The residuum of the listing volition most probable incorporate many similar domain names, which shows that redactions of the Snowden-documents are non exclusively made to protect legitimate safety interests, but also when the papers, inwards this instance Le Monde, desire to maintain these revelations strictly focussed to their ain audience.
Update:
On May 8, 2014, the French newspaper Le Monde listed some to a greater extent than targets from NSA's Upstream Collection, although it is non clear whether these are derived from this slide or from a unlike NSA document.
Reporting based on PRISM
The next slides demo some of the results from the PRISM program:
It shows a highlight of reporting nether the department 702 FAA authority, which inwards this instance includes both PRISM too the STORMBREW programme of the Upstream collection capability. Information derived from both sources made the NSA/CSS Threat Operations Center (NTOC) figure out that someone had gotten access to the network of a cleared defence contractor (CDC) too was either preparing to, or at to the lowest degree had the powerfulness to acquire 150 gigabytes of of import information out. NTOC too so alerted the FBI, which alerted the contractor too they plugged the hole the same day, manifestly Dec 14, 2012.
Another cyber laid on that was detected past times PRISM occured inwards 2011 too was directed against the Pentagon too major defence contractors. According to the volume 'Der NSA Komplex' this laid on was codenamed LEGION YANKEE, which indicates that it was most probable conducted past times Chinese hackers.*
The tabular array lists NSA units which constituent equally Office of Primary Interest (OPI - click here for an explanation of the internal designations). In this case, the numbers are sorted inwards the club of reports produced. The top-5 most productive units are:
- F6: NSA/CIA Special Collection Service (3723 reports)
- S2I: Counter-Terrorism Product Line (3493 reports)
- S2E: Middle East too Africa Product Line (2574 reports)
- S2G: Counter Proliferation Product Line (2092 reports)
- NSAT: NSA Texas (1690 reports)
The total number of intelligence reports produced past times all these OPI's is 144.779, too 22.500 of them are based upon information from the PRISM program, which is an average of 15%. According to a document published inwards Greenwald's book, at that spot were 18.973 PRISM-based end-product reports inwards the financial twelvemonth 2011 too 24.096 inwards 2012.
The tabular array i time again lists NSA units which constituent equally Office of Primary Interest (OPI - click here for an explanation of the internal designations). In this case, the numbers are sorted past times how many of the total number of reports issued past times the diverse OPI's are PRISM-based, which tin live on seen inwards the 4th column. The top-5 units are:
- ECC: European Cryptologic Center (52%)
- S2I: Counter-Terrorism Product Line (42%)
- S2J: Weapons too Space Product Line (33%)
- S2G: Counter Proliferation Product Line (30%)
- NSAT: NSA Texas (30%)
These lists clearly demo that collection nether the PRISM programme is non restricted to counter-terrorism, but is also non well-nigh monitoring ordinary people all over the world, equally many people soundless think. PRISM is used for gathering information well-nigh a make of targets derived from the topics inwards the NSA's said that "These [54 events] weren't all plots too they weren't all thwarted. The American people are getting left amongst the inaccurate impression of the effectiveness of NSA program".
In Oct 2013, full general Alexander talked well-nigh 54 cases "in which these programs [sections 702 FAA too 215 Patriot Act] contributed to our understanding, too inwards many cases, helped enable the disruption of terrorist plots inwards the U.S. too inwards over twenty countries throughout the world".
According to one-time NSA deputy manager The New York Times on June 4, 2015. Both seem to brand upwardly the in conclusion ones of the presentation well-nigh PRISM. In this slide nosotros reckon some plans for the nigh future, similar expanding the collection too a practical modify to the UTT tasking tool.
More interesting is the aim to extend the PRISM collection to Dropbox, but although it is non clear whether this has been realised, Snowden warned people for using Dropbox (such a service provider doesn't participate voluntarily inwards the PRISM program, but is served amongst a Section 702 Directive).
NSA also wanted to obtain a dissever certification for cyber threats from the FISA Court, so it could also collect information related to certainly strings of malicious code through the PRISM too Upstream programs.
Under the in conclusion bullet dot it is said that PRISM too Upstream collection tin also live on used for searching "cyber signatures too I.P. addresses", which likely refers to the fact that inwards July 2012, the Department of Justice Why Does The NSA Focus So Much On 'TERROR!' When PRISM's Success Story Is About Cybersecurity?
- SealedAbstract.com: The constituent of the FISC NSA determination you lot missed
- GlobalResearch.com: New Documents Shed Light on NSA’s Dragnet Surveillance
- TheGuardian.com: Microsoft handed the NSA access to encrypted messages
Tidak ada komentar:
Posting Komentar