Over the weekend, the Washington Post published four new slides detailing how the National Security Agency collects its data under the PRISM system, while the Guardian released new documents leaked by whistleblower Edward Snowden. Here, in no particular order, are three things we learned:
1. The U.S. is allegedly spying on its allies
Perhaps the most damning new revelation is that the U.S. government may have been spying on friends as well as foes. Thirty-eight embassies and missions are outlined as "targets" on one document, reports the Guardian. The document details the range of spying techniques employed, "from bugs implanted in electronic communications gear to taps into cables to the collection of transmissions with specialized antennae." Along with "traditional ideological adversaries" and "sensitive Middle Eastern countries," the unofficial roster of spy targets includes French, Italian, and Greek embassies, as well as Japan, Mexico, South Korea, India, and Turkey.
One method, codenamed Dropmire, involves a surveillance tap planted in a "commercially available encrypted fax machine" used at the EU embassy in Washington, D.C. If the allegations are indeed legitimate, German justice Minister Sabine Leutheusser-Schnarrenberger says the United States' behavior is "reminiscent of the actions of enemies during the cold war." Similarly, French Foreign Minister Laurent Fabius tells CNN that "these acts, if they are confirmed, would be absolutely unacceptable."
2. The PRISM system's target-selection process is murky
New slides released by the Washington Post highlight what is termed the PRISM system's "tasking process," or how new foreign targets are selected to spy upon. To add new targets to the list, an NSA analyst must show "reasonable belief" that the "specified target is a foreign national who is overseas at the time of the collection," notes the Post. According to the slides, "reasonable belief" is defined as "51 percent confidence" that the analyst believes the target to be culpable. What factors go into formulating that percentage are, at the moment, unclear.
3. PRISM allegedly collects data from companies in real time
The Post suggests the FBI uses "government equipment on private company property" to retrieve information on a specified target, before it is then passed on to "customers" in either the NSA, CIA, or FBI. If true, this ostensibly allows the government's data collection to proceed in real time. To refresh your memory: Google, Yahoo, Microsoft, Apple, Facebook, PayTalk, AOL, Skype, and YouTube were all reported to be taking part in the PRISM program.
And yet, all the companies have "strenuously denied" involvement, says Mike Masnick at TechDirt, which doesn't jibe with the Post's own annotations. Based on the slides, "it's not at all clear" that Data Intercept Technology Units (DITU) are physically located on private the premises of private companies:
Google has said in the past that when it receives a valid FISA court order under the associated program it uses secure FTP to ship the info to the government. From that, it seems like the "DITU" could just be a government computer somewhere, not on the premises of these companies, and info is uploaded to those servers following valid FISC orders. [TechDirt]