

PRISM: "Collection directly from the servers" - anon1385
https://twitter.com/ggreenwald/status/343421926057861121

======
greenyoda
Link to the actual Guardian article referenced by the tweet:

[http://www.guardian.co.uk/world/2013/jun/08/nsa-
surveillance...](http://www.guardian.co.uk/world/2013/jun/08/nsa-surveillance-
prism-obama-live)

------
rasterizer
The gulf between these slides and the issued denials and other theories
represented by the likes of the NYT (an automated system to speedup
compliance) is widening.

Could it be that the slides were made by a non-technical person who was over-
selling this? "direct access" could mean "straight from the source".

~~~
cpeterso
Couldn't "the companies" be unaware of direct access to user data, but
individual employees could be NSA moles providing data access? What kind of
privacy protection do companies like Google and Facebook have in place to keep
user data secure from company employees?

~~~
danso
I think that's a really important question in this current debate...several
years ago, Google fired a senior site reliability engineer who had allegedly
stalked teens and read their inboxes...apparently, his role was of one that
required deep access into these databases:

[http://techcrunch.com/2010/09/14/google-engineer-spying-
fire...](http://techcrunch.com/2010/09/14/google-engineer-spying-fired&#x2F);

That was three years ago though...a lot may have changed about Google's
infrastructure...I'm thinking, for example, whatever work has been done to
unify login systems between Google Apps, GMail, Youtube, and of course, Google
Plus. Presumably, as complexity has arisen, so has the need for better access-
control infrastructure, which would (hopefully) prevent someone even at Eric
Schmidt's level to lose his wits and trample around in the system without
many, many flags going off first.

So with that said, that's why I'm skeptical (in the layman sense of, this is
all more complicated than I can dream of) that this surveillance alleged in
the PRISM reports could occur with just a few dedicated employees in the know
(or a few moles).

It's not just the data transfer that has to go unnoticed, but the successful
navigating of the access control infrastructure. And even if Google were to be
completely in cahoots with the NSA and built a backdoor, wouldn't there have
to be a testing suite that would make sure whatever normal changes to Google's
code base also didn't inadvertently restrict (or reveal) the back door logic?
And then wouldn't there also have to be at least one layer of oversight to
make sure that that testing suite itself was maintained but otherwise
unnoticed?

But I'm speaking as a layperson here who thinks that the kind of
infrastructure Google has would require a framework that would make backdoor
access awkward to implement. Just so many things could break across all of
Google's servers, otherwise...like this fun incident that most people probably
still remember, if you happened to be awake early one morning 3 years ago:

[http://googleblog.blogspot.com/2009/01/this-site-may-harm-
yo...](http://googleblog.blogspot.com/2009/01/this-site-may-harm-your-
computer-on.html)

> _If you did a Google search between 6:30 a.m. PST and 7:25 a.m. PST this
> morning, you likely saw that the message "This site may harm your computer"
> accompanied each and every search result. This was clearly an error, and we
> are very sorry for the inconvenience caused to our users._ > > _We
> periodically update that list and released one such update to the site this
> morning. Unfortunately (and here 's the human error), the URL of '/' was
> mistakenly checked in as a value to the file and '/' expands to all URLs.
> Fortunately, our on-call site reliability team found the problem quickly and
> reverted the file._

~~~
anonyfuss
The 'back door' system support isn't as complicated as you make it out to be.
Centralized administrative access to user data _must_ exist for support,
maintenance, and legal purposes, and it will be implemented throughout the
organization without anyone batting an eye.

In addition, internal analytics systems will have reason to tap into data
streams/events, as will content-based advertising systems.

All of these things are often designed to provide general interfaces; locking
them down is done through generic privilege levels and access controls. The
people managing those access controls are few, and may not even know the true
purpose for the controls they've authorized. Indeed, someone could requisition
the insertion of a content analysis system that was fed user data, appeared to
be a legitimate deployment, and yet was actually a core service used to push
data to the government.

