Rabu, 23 Oktober 2019

New Insights Into The Prism Program

(Updated: Jan 21, 2016)

Last Saturday, June 29, the Washington Post unexpectedly disclosed four novel slides from the powerpoint presentation nearly the PRISM information collection program.

This disclosure came equally a surprise, because earlier, Guardian-journalist Glenn Greenwald said that no to a greater extent than slides would live published because they comprise really specific technical NSA agency for collection, for which The Guardian would likely live prosecuted.

That The Washington Post at nowadays disclosed them, is fifty-fifty to a greater extent than surprising, non entirely because it's an American paper, but also because it's said that Edward Snowden initially went to The Post asking to position out all 41 slides of the PRISM presentation. But The Washington Post refused to practice so as well as thence Snowden gave the scoop to The Guardian, which published the offset 4 slides.

It's non clear who precisely released the 4 novel slides, whether it was Snowden himself or editors of The Washington Post, as well as what the argue was for doing it. Allthough these novel slides demo some of the same oddities nosotros already saw inwards the first series, these novel ones bring a really specific as well as detailed content. This makes them facial expression far to a greater extent than genuine and, to a greater extent than importantly, demo much amend how PRISM genuinely works.

We at nowadays larn that PRISM is non i unmarried technical scheme or estimator application, but a information collecting projection which combines a number of unlike tools, estimator systems as well as databases, some existing, some mayhap new. This also agency that this PRISM computer program is non the same affair equally the Planning tool for Resource Integration, Synchronization as well as Management (PRISM), a theory which was examined inwards our previous posting.

> The latest information: What is known nearly NSA's PRISM program






The PRISM tasking process

In this offset novel slide (below) nosotros run across details of the PRISM Tasking Process, which is how instructions for gathering the requested information are sent as well as reviewed. This procedure starts amongst an NSA analyst typing i or to a greater extent than search terms, or "selectors" equally NSA calls them, into the Unified Targeting Tool (UTT). Selectors may refer to people (by name, email address, telephone number or some other digital signature), organizations or subjects such equally terrorism or uranium related terms.


Along amongst the selectors, the analyst must create amount out an electronic cast that specifies the foreign-intelligence role of the search as well as the footing for the analyst’s reasonable belief that the search volition non render results for U.S.A. citizens or unusual nationals who are inside the U.S.A. at the fourth dimension of information collection.

The slide shows that it's possible to search existing communications that are already stored ("Stored Comms") as well as also to initiate a search for new, hereafter communications of selected targets. The latter choice is called "Surveillance", which past times a number of media was erroneously interpreted equally the possibility of real-time monitoring of for instance an mesh chat.

Every asking made past times a target analyst must live approved twice. For novel surveillance requests, an FAA Adjudicator (S2) does the offset review as well as validation of the target. The slide says that at that topographic point are such adjudicators inwards every so-called Product Line, which are the NSA departments for specific issues similar counter terrorism as well as couter proliferation. H5N1 2nd as well as terminal review of the analysts' conclusion is done past times NSA unit of measurement S343 for Targeting as well as Mission Management, which as well as then releases the tasking asking through the Unified Targeting Tool. Then it's patently a estimator scheme called PRINTAURA which distributes the requests to the unlike collection sites.

For searching stored communications, the offset cheque is done past times the Special FISA Oversight as well as Processing unit of measurement (SV4). According to The Washington Post this seems to refer to the federal judges of the surreptitious Foreign Intelligence Surveillance Court (FISC), but according to national safety reporter Marc Ambinder, the "FISA Oversight as well as Processing" is an internal NSA unit. The 2nd as well as terminal review is i time once to a greater extent than done past times unit of measurement S343 for Targeting as well as Mission Management. After the asking is released to PRINTAURA, the Electronic Communications Surveillance Unit (ECSU) of the FBI checks against its ain database to filter out known Americans.


Different tasking tools

In some other Planning tool for Resource Integration, Synchronization as well as Management (PRISM), which itself is a tasking tool. Before the novel slides were released, The Guardian as well as The Washington Post failed to explicate whether PRISM was a unmarried application or a project-like program.



Infographic comparison the PRISM information collection computer program as well as the PRISM planning tool
(click for a bigger picture)


Now nosotros know that the PRISM planning tool isn't the application used for tasking the information collection from the mesh companies, it's also clear that the PRISM planning tool is used primarily for requesting information needed for military machine operations as well as thence tasks diverse intelligence sources deployed to those operations. By contrast, the Unified Tasking Tool used nether the PRISM computer program is for requesting information on the national level.


The actual information collection

The actual collecting of the mesh information nether the PRISM computer program is non done past times the NSA, but past times the Data Intercept Technology Unit (DITU) of the FBI. This makes sense, equally the FBI is the agency which is primarily responsible for investigating U.S.A. companies as well as citizens.

From i source it seems that the Data Intercept Technology Unit was laid inwards 2011 or 2012 to monitor novel as well as emerging applied scientific discipline amongst court-authorized intercepts, but this source (pdf) says that it already existed inwards 1997. There's a challenge money of DITU (right) dating from later 9/11, equally it shows pictures of the World Trade Center as well as the Pentagon.

In it's comments on this slide, The Washington Post says this FBI "interception unit of measurement [is] on the premises of somebody companies", which isn't the instance equally DITU is an FBI unit of measurement based at Quantico, Virginia. They tin bring equipment installed at sites of the mesh companies, but for that no evidence is presented, making i author questioning whether at that topographic point is such equipment at all.

Initially the DITU managed the FBI's mesh monitoring programs Omnivore as well as MAINWAY: for telephone as well as mesh metadata contact chaining
- NUCLEON: for phonation content
- PINWALE: opposite to what many other media say, this database is non entirely for video content, but also for "FAA partitions" as well as "DNI content". DNI stands for Digital Network Intelligence, which is intelligence derived from digital networks, or simply: mesh content, similar forum postings as well as email as well as chat messages. The discussion PINWALE is oft combined amongst the abbreviation UIS, which stands for User Interface Services, patently an interface tool for accessing as well as searching databases.


Analysing collected data

There are no slides available maxim what happens amongst these information later beingness stored, but The Washington Post says that "After processing, [collected data] are automatically sent to the analyst who made the master copy tasking. The fourth dimension elapsed from tasking to reply is idea to attain from minutes to hours. H5N1 senior intelligence official would tell only, Much though nosotros powerfulness wishing otherwise, the latency is non zero."

At the 2nd it's non clear which tool or application is used to analyse the information gathered from the U.S.A. mesh companies. National safety reporter Marc Ambinder says that PRISM itself powerfulness live "a kick-ass GUI [graphic user interface] that allows an analyst to facial expression at, collate, monitor, as well as cross-check unlike information types". However, until at nowadays there's no evidence for PRISM beingness such a tool for analysis.

Most tools used past times NSA employees are listed inwards task descriptions as well as the PRISM nosotros run across at that topographic point is e'er the Planning tool for Resource Integration, Synchronization as well as Management, that nosotros talked nearly inwards our previous posting.

Therefore, it's probable that information gathered nether the PRISM computer program are analysed using other mutual NSA analysing tools, similar the XKEYSCORE indexing as well as analysing tool, which The Guardian erroneously presented equally a collection program, or a to a greater extent than specific tool called DNI Presenter, which is used to read the content of stored e-mails as well as chats or somebody messages from Facebook as well as other social networks.

Based upon what such analysis presents, NSA analysts exercise other tools, similar CPE (Content Preparation Environment), to write a report. Such reports are as well as then stored inwards databases for finished NSA intelligence products, similar ANCHORY. Finally, these intelligence reports are available to halt users through the Top Secret subdivision of INTELINK, which is the intranet of the U.S.A. intelligence community.


PRISM instance notations

H5N1 tertiary slide (below) shows how each target gets a unique PRISM instance tone as well as what the components of these notations are.


Abbreviations: IM = Instant Messaging; RTN-EDC = Real Time Notification-Electronic Data Communication(?);
RTN-IM = Real Time Notification-Instant Messaging; OSN = Online Social Networking; CASN = Case Notation


The offset seat is the designation for each of the providers from which mesh information are collected. Some people noticed the numbers jumped from P8 for AOL to PA for Apple, but someone suggests that P9 was mayhap assigned to a society that savage out, as well as that the numbers may live hexadecimal, so the adjacent provider volition live PB, followed past times PC, etc., equally B = 11, C = 12, etc.

The adjacent seat of the instance tone is a unmarried letter, designating the content type, similar email as well as chat messages, social network postings, but also so-called real-time notifications (RTN) for email as well as chat events. The Washington Post as well as other media patently misinterpreted this past times maxim that NSA officials "may have alive notifications when a target logs on or sends an e-mail, or may monitor a voice, text or phonation chat equally it happens".

(Update: compare this to the information analysing tool TAC, which is used past times the Defense Intelligence Agency as well as offers "real-time analysis of data" past times alerting "analysts instantly when fresh intelligence is detected".)

In the slide, the real-time notifications are clearly listed equally beingness "Content Type" as well as most of us volition know them equally the messages y'all acquire when someone logs inwards at an mesh chatroom or an instant messenger, or when y'all have an email through an email client. These notification messages are also available for NSA analysts, but entirely later beingness collected as well as stored, just similar all other types of mesh content.


Searching the collected data

The 4th novel slide (below) is presented past times The Washington Post equally beingness nearly "Searching the PRISM database", but equally nosotros just learned from the dataflow slide, at that topographic point is no unmarried PRISM-database. Data collected from the mesh companies acquire into dissever databases, according to the type of data. Some of these databases already existed before the PRISM computer program was started inwards 2007.


The content of the slide shows a screenshot of a spider web based application called REPRISMFISA, which is likely accessible through the spider web address which is blacked out past times the Post. Unfortunately there's no farther explanation of what application nosotros run across here, but if nosotros facial expression at the discussion REPRISMFISA nosotros tin imagine the application is for going "back to information collected nether the PRISM computer program according to the Foreign Intelligence Surveillance Act (FISA)". Remember also that inwards i of the before slides it's said: "Complete listing as well as details on PRISM spider web page: Go PRISMFAA".

Above the olive dark-green bar, at that topographic point is a business saying: "DYNAMIC PAGE - HIGHEST POSSIBLE CLASSIFICATION IS TOP SECRET // [blacked out] / SI / TK // ORCON // NOFORN" This agency that depending on the generated content of the page, it has to live classified equally TOP SECRET, amongst additionally i or several of the next Sensitive Compartmented Information command systems:
- TALENT KEYHOLE (TK - for information collected past times space-based collection platforms)
- Special Intelligence (SI - for information from communications intercepts)
- an undisclosed command scheme marked past times a classified codeword, which is blacked out past times The Washington Post. Probably this is the codeword used for information which is based upon information derived from the mesh companies. As said earlier, "PRISM" is non a codeword used for content, but rather the (unclassified) nickname of the computer program for collecting sure enough mesh data.

In the oculus of the page at that topographic point are 3 icons, which tin live clicked: PRISM, FBI FISA as well as DOJ FISA. This seems to confirm that this application is used to search information collected nether the Foreign Intelligence Surveillance Act (FISA), specified for exercise past times NSA, FBI as well as the Department of Justice (DOJ).

Below these icons at that topographic point is a search field, to acquire a partial listing of records. The search options appear rather limited, equally entirely 2 keywords tin live entered, amongst an additonal "and/or" option. At the left there's a column presenting a number of options for showing totals of PRISM entries. For checking the tape status, i tin click the next options:
- See Entire List (Current)
- See Entire List (Expired)
- See Entire List (Current as well as Expired)
- See NSA List
- See New Records
- Ownership count

Below this list, the text says: "If the amount count is much less than this, REPRISMFISA is having issues, E-MAIL the REPRISMFISA HELP DESK AT [address blacked out] AND INFORM THEM"

The numbers below that text are hardly readable, but the Washington Post says that on "April 5, according to this slide, at that topographic point were 117,675 active surveillance targets inwards PRISM's counterterrorism database". This sounds similar a huge number, but without whatsoever farther details nearly these targets it's almost impossible to hand some meaningful take in nearly it.

(Updated amongst tyke additions as well as corrections based upon of late disclosed documents)


Links as well as Sources

- ForeignPolicy.com: Newly Leaked NSA Slides On PRISM Add To Confusion, Rather Than Clear It Up
- Technovia.co.uk: Something doesn’t add together upwards inwards the lastest Washington Post PRISM story
- VanityFair.com: PRISM Isn’t Data Mining as well as Other Falsehoods inwards the N.S.A. “Scandal”
- CNet.com: FBI: We demand wiretap-ready Web sites - now (2012)
- CNet.com: How the U.S.A. forces Net firms to cooperate on surveillance

Tidak ada komentar:

Posting Komentar